Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infection indicated in REGISTRY-hijack? please help [RESOLVED]

Started by BarryB , Apr 25 2008 06:40 PM

This topic is locked

#1
BarryB

Posted 25 April 2008 - 06:40 PM

Member

Member
47 posts

Hello,

My computer has the program spyware doctor, which indicated a spyware infection in my registry called adware.podcastbar mini.

The positive is that spyware doctor indicates that the files have been "cleaned". But I want to be safe. These are the registry files in which infection was indicated:

-HKEY_CLASSES_ROOT/pcast, (default)
-HKEY_CLASSES_ROOT/pcast, url protocol
-HKEY_CLASSES_ROOT/pcast/shell, (default)
-HKEY_CLASSES_ROOT/pcast/shell/open, (default)
-HKEY_CLASSES_ROOT/pcast/shell/open
-HKEY_CLASSES_ROOT/pcast/shell
-HKEY_CLASSES_ROOT/pcast/

I am posting an HJT log. Any help is appreciated.

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\IFACE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVJOBS.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe
C:\Documents and Settings\Barry\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.divx.com/d...ebplayerdemo/en
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

#2
harrythook

Posted 26 April 2008 - 11:06 AM

Trusted Helper

Retired Staff
2,618 posts

Log looks good Barryb,
Lets do a couple of checks:
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose Select All from the list.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.
Under Additional Scans click the checkboxes in front of the following items to select them:
- Reg - BotCheck
  File - Additional Folder Scans
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Harry

#3
BarryB

Posted 26 April 2008 - 11:11 AM

Member

Topic Starter
Member
47 posts

Thanks Harry. I will apply the above steps and have a response tonight. Thanks for your help.

#4
BarryB

Posted 27 April 2008 - 09:29 AM

Member

Topic Starter
Member
47 posts

Hey Harry,

Here is the Malwarebytes logfile:

Malwarebytes' Anti-Malware 1.11
Database version: 689

Scan type: Quick Scan
Objects scanned: 35033
Time elapsed: 13 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\toolbar.tb (Adware.AdMedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.tb.1 (Adware.AdMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\packet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpcap.dll (Spyware.Agent) -> Quarantined and deleted successfully.

All 5 items were successfully removed.

I will also perform the other steps you mentioned and post results as soon as they are completed. Thanks!

#5
BarryB

Posted 27 April 2008 - 09:38 AM

Member

Topic Starter
Member
47 posts

Hey Harry,

Here is the OTScanIt report:

[code=auto:0]OTScanIt logfile created on: 4/27/2008 11:35:56 AM
OTScanIt by OldTimer - Version 1.0.11.5 Folder = C:\Documents and Settings\Barry\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 157.19 Mb Available Physical Memory | 31.23% Memory free
1.20 Gb Paging File | 0.39 Gb Available in Paging File | 32.89% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 22.21 Gb Free Space | 59.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-5E653B9CD9
Current User Name: Barry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
tpsrv.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\TPSrv.exe -> Panda Software International [Ver = 8, 0, 1, 0 | Size = 404784 bytes | Modified Date = 7/2/2007 1:14:38 PM | Attr = ]
lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/20/2007 1:40:48 AM | Attr = ]
runservice.exe -> %SystemRoot%\Runservice.exe -> [Ver = | Size = 2560 bytes | Modified Date = 3/18/2007 11:31:50 AM | Attr = ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 1:38:54 AM | Attr = ]
psctrls.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PsCtrlS.exe -> Panda Software International [Ver = 3.06.02.00 | Size = 169264 bytes | Modified Date = 7/12/2007 12:47:30 PM | Attr = ]
pavfnsvr.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE -> Panda Software International [Ver = 8.14.02.00 | Size = 173360 bytes | Modified Date = 7/12/2007 12:47:26 PM | Attr = ]
pavprsrv.exe -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.3.0 | Size = 63024 bytes | Modified Date = 6/14/2007 11:38:02 AM | Attr = ]
pavsrv51.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE -> Panda Software International [Ver = 2, 1, 26, 0 | Size = 148272 bytes | Modified Date = 7/16/2007 4:14:22 PM | Attr = ]
avengine.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\AVENGINE.EXE -> Panda Software International [Ver = 2, 1, 29, 0 | Size = 96560 bytes | Modified Date = 7/6/2007 3:14:10 PM | Attr = ]
pskmssvc.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 4, 3, 1 | Size = 67120 bytes | Modified Date = 1/15/2007 3:42:16 PM | Attr = ]
pshost.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\FIREWALL\PSHOST.EXE -> Panda Software International [Ver = 1, 0, 0, 20 | Size = 226864 bytes | Modified Date = 4/4/2007 12:45:08 PM | Attr = ]
psimsvc.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PsImSvc.exe -> Panda Software International [Ver = 2, 8, 8, 0 | Size = 108592 bytes | Modified Date = 5/24/2007 11:31:26 AM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.3 | Size = 311112 bytes | Modified Date = 11/2/2007 6:24:58 PM | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.33 | Size = 1065800 bytes | Modified Date = 11/2/2007 6:24:56 PM | Attr = ]
apvxdwin.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\apvxdwin.exe -> Panda Software International [Ver = 8.07.07.12 | Size = 406832 bytes | Modified Date = 7/23/2007 7:30:42 PM | Attr = ]
communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 7/25/2007 5:02:54 PM | Attr = ]
quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2027792 bytes | Modified Date = 7/25/2007 5:06:30 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.24 | Size = 1418056 bytes | Modified Date = 11/2/2007 6:25:04 PM | Attr = ]
cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.1.0.2030 | Size = 403728 bytes | Modified Date = 7/25/2007 5:02:32 PM | Attr = ]
srvload.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\SrvLoad.exe -> Panda Software International [Ver = 8,07.06.01 | Size = 91440 bytes | Modified Date = 6/20/2007 1:32:28 PM | Attr = ]
webproxy.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\WebProxy.exe -> Panda Software International [Ver = 7, 6, 29, 502 | Size = 83504 bytes | Modified Date = 6/7/2007 5:29:22 PM | Attr = ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 1:38:54 AM | Attr = ]
pavbckpt.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PavBckPT.exe -> Panda Software International, S.L. [Ver = 2, 0, 0, 7 | Size = 111920 bytes | Modified Date = 7/26/2007 8:47:30 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 4/17/2008 4:42:15 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.11.5 | Size = 370688 bytes | Modified Date = 4/24/2008 4:30:38 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> File not found
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 11/19/2007 9:00:27 PM | Attr = ]
(dlbt_device) dlbt_device [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dlbtcoms.exe -> Dell [Ver = 1.27.33.0 | Size = 421888 bytes | Modified Date = 10/25/2004 5:01:52 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 5/13/2007 9:04:29 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 2:41:56 PM | Attr = ]
(LicCtrlService) LicCtrl Service [Win32_Own | Auto | Running] -> %SystemRoot%\Runservice.exe -> [Ver = | Size = 2560 bytes | Modified Date = 3/18/2007 11:31:50 AM | Attr = ]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 1:38:54 AM | Attr = ]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/20/2007 1:40:48 AM | Attr = ]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 141848 bytes | Modified Date = 7/20/2007 1:42:30 AM | Attr = ]
(Panda Software Controller) Panda Software Controller [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PsCtrlS.exe -> Panda Software International [Ver = 3.06.02.00 | Size = 169264 bytes | Modified Date = 7/12/2007 12:47:30 PM | Attr = ]
(PAVFNSVR) Panda Function Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE -> Panda Software International [Ver = 8.14.02.00 | Size = 173360 bytes | Modified Date = 7/12/2007 12:47:26 PM | Attr = ]
(PavPrSrv) Panda Process Protection Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.3.0 | Size = 63024 bytes | Modified Date = 6/14/2007 11:38:02 AM | Attr = ]
(PAVSRV) Panda anti-virus service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE -> Panda Software International [Ver = 2, 1, 26, 0 | Size = 148272 bytes | Modified Date = 7/16/2007 4:14:22 PM | Attr = ]
(pmshellsrv) Panda Antispam Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 4, 3, 1 | Size = 67120 bytes | Modified Date = 1/15/2007 3:42:16 PM | Attr = ]
(PSHost) Panda Host Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\FIREWALL\PSHOST.EXE -> Panda Software International [Ver = 1, 0, 0, 20 | Size = 226864 bytes | Modified Date = 4/4/2007 12:45:08 PM | Attr = ]
(PSIMSVC) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PsImSvc.exe -> Panda Software International [Ver = 2, 8, 8, 0 | Size = 108592 bytes | Modified Date = 5/24/2007 11:31:26 AM | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.3 | Size = 311112 bytes | Modified Date = 11/2/2007 6:24:58 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.24 | Size = 1418056 bytes | Modified Date = 11/2/2007 6:25:04 PM | Attr = ]
(TPSrv) Panda TPSrv [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\TPSrv.exe -> Panda Software International [Ver = 8, 0, 1, 0 | Size = 404784 bytes | Modified Date = 7/2/2007 1:14:38 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(APPFLT) App Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPFLT.SYS -> Panda Software [Ver = 2.2.0.44 | Size = 71736 bytes | Modified Date = 5/11/2007 10:33:04 AM | Attr = ]
(AvFlt) Antivirus Filter Driver [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\av5flt.sys -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 11/19/2007 9:01:33 PM | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 11/19/2007 9:01:43 PM | Attr = ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 11/19/2007 9:01:46 PM | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 11/19/2007 9:01:52 PM | Attr = ]
(cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\cercsr6.sys -> Adaptec, Inc. [Ver = 4.1.0.7405 | Size = 39904 bytes | Modified Date = 3/22/2005 4:49:09 PM | Attr = ]
(ComFiltr) Panda Anti-Dialer [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\COMFiltr.sys -> [Ver = 5, 1, 0, 5 | Size = 13880 bytes | Modified Date = 4/27/2008 4:30:07 AM | Attr = ]
(cpoint) Panda CPoint Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\cpoint.sys -> Panda Software [Ver = 1, 2, 0, 50 | Size = 24760 bytes | Modified Date = 6/8/2007 9:44:06 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(DSAFLT) DSA Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\dsaflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 51256 bytes | Modified Date = 5/11/2007 10:33:06 AM | Attr = ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 7.1.12.0 built by: WinDDK | Size = 154112 bytes | Modified Date = 2/10/2004 10:49:14 PM | Attr = R ]
(FNETMON) NetMon Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fnetmon.sys -> Panda Software [Ver = 2.2.0.27 | Size = 22072 bytes | Modified Date = 5/11/2007 10:33:18 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr = ]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 200064 bytes | Modified Date = 6/17/2004 10:57:02 PM | Attr = R ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 6/17/2004 10:55:04 PM | Attr = R ]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3943 | Size = 773565 bytes | Modified Date = 11/3/2004 1:27:20 AM | Attr = R ]
(IDSFLT) Ids Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\idsflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 191672 bytes | Modified Date = 7/11/2007 12:39:48 PM | Attr = ]
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Modified Date = 10/18/2007 1:14:00 AM | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 56832 bytes | Modified Date = 12/13/2007 6:15:18 PM | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 74240 bytes | Modified Date = 12/13/2007 6:15:17 PM | Attr = ]
(LVcKap) Logitech AEC Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Lvckap.sys -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 2109592 bytes | Modified Date = 7/20/2007 1:37:56 AM | Attr = ]
(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVMVdrv.sys -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 2142488 bytes | Modified Date = 7/20/2007 1:39:50 AM | Attr = ]
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVPr2Mon.sys -> [Ver = | Size = 25624 bytes | Modified Date = 7/18/2007 6:42:42 PM | Attr = ]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 41752 bytes | Modified Date = 7/18/2007 8:44:00 PM | Attr = R ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 8:04:14 PM | Attr = R ]
(NETFLTDI) Panda Net Driver [TDI Layer] [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NETFLTDI.SYS -> Panda Software [Ver = 2.2.0.26 | Size = 132920 bytes | Modified Date = 5/11/2007 10:33:24 AM | Attr = ]
(NETIMFLT) PANDA NDIS IM Filter Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\netimflt.sys -> Panda Software [Ver = 1, 5, 0, 0 | Size = 142128 bytes | Modified Date = 4/24/2007 4:43:56 PM | Attr = ]
(PAVDRV) PAVDRV [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\pavdrv51.sys -> Panda Software International [Ver = 7.1.1.0 (av07_rtm.070323-1018) | Size = 83640 bytes | Modified Date = 6/6/2007 5:43:32 AM | Attr = ]
(PavProc) Panda Process Protection Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PavProc.sys -> Panda Software International [Ver = 1.1.7.0 | Size = 178872 bytes | Modified Date = 7/12/2007 8:49:38 AM | Attr = ]
(PavSRK.sys) PavSRK.sys [Kernel | On_Demand | Running] -> %SystemRoot%\system32\PavSRK.sys -> File not found
(PavTPK.sys) PavTPK.sys [Kernel | On_Demand | Running] -> %SystemRoot%\system32\PavTPK.sys -> File not found
(pepifilter) Volume Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lv302af.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 13848 bytes | Modified Date = 7/18/2007 8:39:15 PM | Attr = R ]
(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LV302V32.SYS -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 1278104 bytes | Modified Date = 7/18/2007 8:39:15 PM | Attr = R ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.41a | Size = 36560 bytes | Modified Date = 9/27/2006 5:53:22 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ]
(ShldDrv) Panda File Shield Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ShlDrv51.sys -> Panda Software [Ver = 1.3.12.0 | Size = 38968 bytes | Modified Date = 5/23/2007 10:40:30 AM | Attr = ]
(SMSFLT) SMS Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\smsflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 37304 bytes | Modified Date = 5/11/2007 10:33:32 AM | Attr = ]
(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.4249 | Size = 272568 bytes | Modified Date = 11/1/2004 9:52:46 PM | Attr = R ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 12/31/2006 1:52:36 AM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 5:13:04 PM | Attr = R ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 6/17/2004 10:55:38 PM | Attr = R ]
(WNMFLT) Wifi Monitor Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wnmflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 30648 bytes | Modified Date = 5/11/2007 10:33:34 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr = ]
APVXDWIN -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\apvxdwin.exe ["C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s] -> Panda Software International [Ver = 8.07.07.12 | Size = 406832 bytes | Modified Date = 7/23/2007 7:30:42 PM | Attr = ]
LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> [Ver = | Size = 563984 bytes | Modified Date = 7/25/2007 5:02:54 PM | Attr = ]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ["C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide] -> [Ver = | Size = 2027792 bytes | Modified Date = 7/25/2007 5:06:30 PM | Attr = ]
SCANINICIO -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\Inicio.exe ["C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"] -> Panda Software International [Ver = 8.7.7.1 | Size = 27952 bytes | Modified Date = 7/11/2007 4:17:26 PM | Attr = ]
SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe ["C:\Program Files\Spyware Doctor\SDTrayApp.exe"] -> PC Tools [Ver = 5.0.5.33 | Size = 1065800 bytes | Modified Date = 11/2/2007 6:24:56 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Barry Startup Folder > -> C:\Documents and Settings\Barry\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
avldr -> %SystemRoot%\system32\avldr.dll -> Panda Software International [Ver = 2, 1, 0, 2 | Size = 50736 bytes | Modified Date = 2/15/2007 9:02:20 PM | Attr = ]
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3943 | Size = 348160 bytes | Modified Date = 11/3/2004 12:59:20 AM | Attr = R ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.optonline.net/ ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3125 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
27 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 5/30/2007 7:00:06 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 5/30/2007 7:00:12 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 5/30/2007 7:00:06 PM | Attr = R ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 5/30/2007 7:00:06 PM | Attr = R ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
{725E77D3-B919-4eef-8EEE-D09DE618B6C1}:Exec -> %SystemDrive%\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe [Doyles Room Poker] -> Microgaming [Ver = 2, 38, 0, 0 | Size = 13312 bytes | Modified Date = 7/23/2007 1:54:04 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Yahoo! Search -> -> File not found
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr -> Google Inc. [Ver = 2.0.0.1073 | Size = 2783048 bytes | Modified Date = 4/12/2007 5:50:16 PM | Attr = ]
Yahoo! &Dictionary -> -> File not found
Yahoo! &Maps -> -> File not found
Yahoo! &SMS -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0AD9C6B2-5B71-440A-B37F-4993FF03BB73} -> () ->
{5707CEE8-0AAC-4CF2-B646-3EC1791E887F} -> (Intel(R) PRO/100 VE Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 11:22:20 AM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[Reg Error: Key does not exist or could not be opened.] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] ->
{512FC5A1-7DE1-43F1-BC0C-371622FCB409}[HKEY_LOCAL_MACHINE] -> http://www.nanoscan.com/as/cabs/ascstubie.cab[TotalScan Installer Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ascstubie.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ascstubie.dll\\.Owner -> {512FC5A1-7DE1-43F1-BC0C-371622FCB409} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ascstubie.dll\\{512FC5A1-7DE1-43F1-BC0C-371622FCB409} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {512FC5A1-7DE1-43F1-BC0C-371622FCB409} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{512FC5A1-7DE1-43F1-BC0C-371622FCB409} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\.Owner -> {6A344D34-5231-452A-8A57-D064AC9B7862} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} -> ->

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\DisableMonitoring -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\\DisableMonitoring -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1080 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureB

#6
BarryB

Posted 27 April 2008 - 09:43 AM

Member

Topic Starter
Member
47 posts

Here is the rest of the report:

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\DisableMonitoring -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\\DisableMonitoring -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1080 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 3E 5A 6D FB 2D D4 26 F0 88 52 10 F0 C7 F3 AD 8E 33 32 39 36 62 37 66 31 00 FD 07 00 F7 3C 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 A5 03 21 AA 62 A7 96 BD E6 79 7B 32 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 08 B0 FB E0 F3 3E 49 CF BA [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> DA C1 14 19 C5 96 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 90 29 AD 48 DD 6A 2B FD 55 A1 74 5E F3 47 56 14 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 00 4B EA AC ED 2A C7 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 5061 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1167429418\ee\AOLSoftware.exe -> C:\Program Files\Common Files\AOL\1167429418\ee\AOLSoftware.exe [C:\Program Files\Common Files\AOL\1167429418\ee\AOLSoftware.exe:*:Enabled:AOL Services] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->

[Files/Folders - Created Within 30 days]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 4/18/2008 6:48:33 AM | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 4/18/2008 6:48:33 AM | Attr = ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 4/18/2008 6:48:33 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 4/27/2008 10:59:16 AM | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 4/27/2008 10:59:28 AM | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 4/27/2008 10:59:17 AM | Attr = ]
1201667_PM_EN.pdf -> %UserProfile%\Desktop\1201667_PM_EN.pdf -> [Ver = | Size = 431096 bytes | Created Date = 4/15/2008 10:14:02 PM | Attr = ]
596714319_m.jpg -> %UserProfile%\Desktop\596714319_m.jpg -> [Ver = | Size = 4200 bytes | Created Date = 4/24/2008 9:31:32 PM | Attr = ]
Coaching_Terminology.doc -> %UserProfile%\Desktop\Coaching_Terminology.doc -> [Ver = | Size = 56832 bytes | Created Date = 4/26/2008 6:22:14 PM | Attr = ]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1546928 bytes | Created Date = 4/27/2008 10:58:24 AM | Attr = ]
mom cell.doc -> %UserProfile%\Desktop\mom cell.doc -> [Ver = | Size = 24064 bytes | Created Date = 4/12/2008 4:27:13 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 4/27/2008 11:34:33 AM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541685 bytes | Created Date = 4/27/2008 11:34:01 AM | Attr = ]
Sol gale.doc -> %UserProfile%\Desktop\Sol gale.doc -> [Ver = | Size = 24064 bytes | Created Date = 4/7/2008 7:42:05 PM | Attr = ]
spy.html -> %UserProfile%\Desktop\spy.html -> [Ver = | Size = 337023 bytes | Created Date = 4/25/2008 8:14:29 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/27/2008 10:59:15 AM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/25/2008 8:53:50 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/9/2008 3:13:17 AM | Attr = ]
APPFCONT.DAT -> %SystemRoot%\System32\drivers\APPFCONT.DAT -> [Ver = | Size = 299264 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
APPFCONT.DAT.bck -> %SystemRoot%\System32\drivers\APPFCONT.DAT.bck -> [Ver = | Size = 299264 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
APPFLTR.CFG -> %SystemRoot%\System32\drivers\APPFLTR.CFG -> [Ver = | Size = 1204 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
APPFLTR.CFG.bck -> %SystemRoot%\System32\drivers\APPFLTR.CFG.bck -> [Ver = | Size = 1204 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
COMFiltr.sys -> %SystemRoot%\System32\drivers\COMFiltr.sys -> [Ver = 5, 1, 0, 5 | Size = 13880 bytes | Modified Date = 4/27/2008 4:30:07 AM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 4/27/2008 11:14:40 AM | Attr = ]
DsaFlt.cfg -> %SystemRoot%\System32\drivers\etc\DsaFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:40 AM | Attr = ]
DsaFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\DsaFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:40 AM | Attr = ]
DsaFlt.rls -> %SystemRoot%\System32\drivers\etc\DsaFlt.rls -> [Ver = | Size = 272836 bytes | Modified Date = 4/27/2008 11:14:40 AM | Attr = ]
DsaFlt.rls.bck -> %SystemRoot%\System32\drivers\etc\DsaFlt.rls.bck -> [Ver = | Size = 272836 bytes | Modified Date = 4/27/2008 11:14:40 AM | Attr = ]
IdsFlt.cfg -> %SystemRoot%\System32\drivers\etc\IdsFlt.cfg -> [Ver = | Size = 252 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
IdsFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\IdsFlt.cfg.bck -> [Ver = | Size = 252 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
NetAR.wlt -> %SystemRoot%\System32\drivers\etc\NetAR.wlt -> [Ver = | Size = 72 bytes | Modified Date = 4/27/2008 4:29:30 AM | Attr = ]
NetAR.wlt.bck -> %SystemRoot%\System32\drivers\etc\NetAR.wlt.bck -> [Ver = | Size = 72 bytes | Modified Date = 4/27/2008 4:29:30 AM | Attr = ]
NetAV.alt -> %SystemRoot%\System32\drivers\etc\NetAV.alt -> [Ver = | Size = 656 bytes | Modified Date = 4/27/2008 4:29:25 AM | Attr = ]
NetAV.alt.bck -> %SystemRoot%\System32\drivers\etc\NetAV.alt.bck -> [Ver = | Size = 656 bytes | Modified Date = 4/27/2008 4:29:25 AM | Attr = ]
NetFlt.cfg -> %SystemRoot%\System32\drivers\etc\NetFlt.cfg -> [Ver = | Size = 64 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
NetFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\NetFlt.cfg.bck -> [Ver = | Size = 64 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
SmsFlt.cfg -> %SystemRoot%\System32\drivers\etc\SmsFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
SmsFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\SmsFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
WnmFlt.cfg -> %SystemRoot%\System32\drivers\etc\WnmFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
WnmFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\WnmFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 4/9/2008 3:03:59 AM | Attr = ]
11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/27/2008 8:14:23 AM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 4/9/2008 3:03:57 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 4/27/2008 11:14:39 AM | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 248696 bytes | Modified Date = 4/9/2008 3:10:31 AM | Attr = ]
mmf.sys -> %SystemRoot%\System32\mmf.sys -> [Ver = | Size = 2601 bytes | Modified Date = 4/27/2008 4:26:54 AM | Attr = HS]
mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 4/11/2008 12:06:18 AM | Attr = ]
PAV_FOG.OPC -> %SystemRoot%\System32\PAV_FOG.OPC -> [Ver = | Size = 8627 bytes | Modified Date = 4/27/2008 11:05:16 AM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 61026 bytes | Modified Date = 4/11/2008 12:08:32 AM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 401032 bytes | Modified Date = 4/11/2008 12:08:32 AM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 448780 bytes | Modified Date = 4/11/2008 12:08:32 AM | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 4/25/2008 8:53:50 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 4/27/2008 4:29:51 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/9/2008 3:04:02 AM | Attr = H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/11/2008 6:38:33 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/27/2008 4:26:40 AM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/25/2008 6:19:01 PM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 4/9/2008 3:03:59 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/9/2008 3:04:08 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/18/2008 6:48:57 AM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/11/2008 6:38:40 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/27/2008 11:34:25 AM | Attr = ]
SOMH.INI -> %SystemRoot%\SOMH.INI -> [Ver = | Size = 993 bytes | Modified Date = 4/26/2008 10:44:40 PM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/27/2008 11:27:14 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 4/27/2008 11:31:43 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/11/2008 12:08:08 AM | Attr = ]
Basic clean-up.job -> %SystemRoot%\tasks\Basic clean-up.job -> [Ver = | Size = 496 bytes | Modified Date = 4/21/2008 | Attr = ]
Basic clean-up1.job -> %SystemRoot%\tasks\Basic clean-up1.job -> [Ver = | Size = 496 bytes | Modified Date = 4/20/2008 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/27/2008 4:26:44 AM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 12/28/2006 7:49:32 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 4/18/2008 6:45:42 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5346 bytes | Modified Date = 4/18/2008 6:45:41 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 12/29/2006 11:20:28 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 12/29/2006 11:20:28 AM | Attr = ]
C:\Documents and Settings\Barry\Local Settings\Temp\ -> C:\Documents and Settings\Barry\Local Settings\Temp -> [Folder | Modified Date = 4/27/2008 11:34:01 AM | Attr = ]
SymLCSVC.EXE -> C:\Documents and Settings\Barry\Local Settings\Temp\SymLCSVC.EXE -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 11/23/2007 9:16:17 AM | Attr = ]
vmpremov.exe -> C:\Documents and Settings\Barry\Local Settings\Temp\vmpremov.exe -> Viewpoint Corporation [Ver = 3, 5, 0, 37 | Size = 114688 bytes | Modified Date = 8/10/2007 3:10:02 PM | Attr = ]
xpinstall.exe -> C:\Documents and Settings\Barry\Local Settings\Temp\xpinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 376832 bytes | Modified Date = 9/25/2007 2:24:00 AM | Attr = ]
334 C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\Barry\Local Settings\Temp\ICD1.tmp\ -> C:\Documents and Settings\Barry\Local Settings\Temp\ICD1.tmp\ -> [Folder | Modified Date = 3/23/2008 9:29:26 PM | Attr = ]
jinstall.exe -> C:\Documents and Settings\Barry\Local Settings\Temp\ICD1.tmp\jinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 376832 bytes | Modified Date = 2/22/2008 4:50:34 AM | Attr = ]
C:\Documents and Settings\Barry\Local Settings\Temp\ -> C:\Documents and Settings\Barry\Local Settings\Temp -> [Folder | Modified Date = 4/27/2008 11:34:01 AM | Attr = ]
progupd.dll -> C:\Documents and Settings\Barry\Local Settings\Temp\progupd.dll -> AOL LLC. [Ver = 1, 0, 1, 0 | Size = 83504 bytes | Modified Date = 10/4/2007 11:51:45 AM | Attr = ]
uninst.dll -> C:\Documents and Settings\Barry\Local Settings\Temp\uninst.dll -> [Ver = | Size = 118784 bytes | Modified Date = 4/18/2007 3:23:36 AM | Attr = ]
UninstallRC-8876480.dll -> C:\Documents and Settings\Barry\Local Settings\Temp\UninstallRC-8876480.dll -> BackWeb Technologies Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 65536 bytes | Modified Date = 12/6/2007 8:22:07 PM | Attr = ]
334 C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\Barry\Local Settings\Temp\ -> C:\Documents and Settings\Barry\Local Settings\Temp -> [Folder | Modified Date = 4/27/2008 11:34:01 AM | Attr = ]
Perflib_Perfdata_1ad4.dat -> C:\Documents and Settings\Barry\Local Settings\Temp\Perflib_Perfdata_1ad4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/8/2008 4:37:25 PM | Attr = ]
Perflib_Perfdata_53b4.dat -> C:\Documents and Settings\Barry\Local Settings\Temp\Perflib_Perfdata_53b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/14/2008 11:43:31 PM | Attr = ]
srtspse.dat -> C:\Documents and Settings\Barry\Local Settings\Temp\srtspse.dat -> [Ver = | Size = 284 bytes | Modified Date = 11/21/2007 7:17:37 PM | Attr = ]
srtspso.dat -> C:\Documents and Settings\Barry\Local Settings\Temp\srtspso.dat -> [Ver = | Size = 2204 bytes | Modified Date = 11/21/2007 7:17:37 PM | Attr = ]
srtspsp.dat -> C:\Documents and Settings\Barry\Local Settings\Temp\srtspsp.dat -> [Ver = | Size = 524 bytes | Modified Date = 11/21/2007 7:17:37 PM | Attr = ]
334 C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\Barry\Local Settings\Temp\ -> C:\Documents and Settings\Barry\Local Settings\Temp -> [Folder | Modified Date = 4/27/2008 11:34:01 AM | Attr = ]
setup.ini -> C:\Documents and Settings\Barry\Local Settings\Temp\setup.ini -> [Ver = | Size = 4188 bytes | Modified Date = 12/9/2007 12:18:00 AM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> C:\Documents and Settings\Barry\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> [Ver = | Size = 802 bytes | Modified Date = 11/27/2007 8:33:34 PM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> C:\Documents and Settings\Barry\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> [Ver = | Size = 769 bytes | Modified Date = 2/9/2008 5:27:16 PM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\Barry\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size = 578 bytes | Modified Date = 2/9/2008 5:28:00 PM | Attr = ]
334 C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Barry\Local Settings\Temp\*.tmp ->
C:\WINDOWS\Temp\ -> C:\WINDOWS\TEMP -> [Folder | Modified Date = 4/27/2008 11:31:53 AM | Attr = ]
Perflib_Perfdata_34e0.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_34e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/11/2008 12:09:43 AM | Attr = ]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 4/27/2008 10:59:16 AM | Attr = ]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 4/27/2008 5:03:05 AM | Attr = ]
@Alternate Data Stream - 157 bytes -> %AllUsersProfile%\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 139 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 4/27/2008 10:59:28 AM | Attr = ]
HJT -> %UserProfile%\My Documents\HJT -> [Folder | Modified Date = 4/25/2008 8:37:44 PM | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 4/27/2008 10:59:17 AM | Attr = ]
1201667_PM_EN.pdf -> %UserProfile%\Desktop\1201667_PM_EN.pdf -> [Ver = | Size = 431096 bytes | Modified Date = 4/15/2008 10:14:04 PM | Attr = ]
596714319_m.jpg -> %UserProfile%\Desktop\596714319_m.jpg -> [Ver = | Size = 4200 bytes | Modified Date = 4/24/2008 9:31:32 PM | Attr = ]
Coaching_Terminology.doc -> %UserProfile%\Desktop\Coaching_Terminology.doc -> [Ver = | Size = 56832 bytes | Modified Date = 4/26/2008 6:22:10 PM | Attr = ]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1546928 bytes | Modified Date = 4/27/2008 10:58:13 AM | Attr = ]
mom cell.doc -> %UserProfile%\Desktop\mom cell.doc -> [Ver = | Size = 24064 bytes | Modified Date = 4/12/2008 4:27:14 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 4/27/2008 11:34:33 AM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541685 bytes | Modified Date = 4/27/2008 11:33:55 AM | Attr = ]
Sol gale.doc -> %UserProfile%\Desktop\Sol gale.doc -> [Ver = | Size = 24064 bytes | Modified Date = 4/7/2008 7:42:05 PM | Attr = ]
spy.html -> %UserProfile%\Desktop\spy.html -> [Ver = | Size = 337023 bytes | Modified Date = 4/25/2008 8:14:32 PM | Attr = ]

< End of report >
[/code]

#7
harrythook

Posted 27 April 2008 - 10:40 AM

Trusted Helper

Retired Staff
2,618 posts

Hey BarryB,
That log looks OK, couple of dead entries that you do not need to worry about.

Things look good there, and unless there are other issues I believe you are good to go.

Written by one of the best, check out the recommended prevention methods HERE

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Any other questions or problems feel free to ask,
and thanks for using Geeks to Go.

Harry

#8
BarryB

Posted 27 April 2008 - 10:44 AM

Member

Topic Starter
Member
47 posts

Sounds good Harry, no other questions. Thanks for your help!

#9
harrythook

Posted 27 April 2008 - 12:00 PM

Trusted Helper

Retired Staff
2,618 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.