Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pc antispyware causing problems [CLOSED]


  • This topic is locked This topic is locked

#1
denz106

denz106

    Member

  • Member
  • PipPip
  • 12 posts
Pc antispyware causing pop ups. I deleted a file from hijack that got rid of pc antispyware pop up but I am still getting poker and dating service pop ups
I don't want to delete anymore until I get help from someone in the forum.Any help would be appreciated.here is my Hijack list.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:31 AM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.client...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/t...ology/h264.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [484ae27d] rundll32.exe "C:\WINDOWS\system32\fvcetwpp.dll",b
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186746137718
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10755 bytes
  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi denz106,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
SmitfraudFix (by S!Ri)
OTScanIt.exe


Spy-Bot's TeaTimer is an excellent tool for the prevention of spyware, but it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now. It can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


Start the Smitfraud scan:
  • Double-click SmitfraudFix.exe
  • Select option #1 - Search by typing 1 and press "Enter". A text file will appear, which lists infected files (if present). It is saved as C:\rapport.txt
  • Please copy/paste the content of that file into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm


Install OTScanIt:
  • Double-click on OTScanIt.exe to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Make sure that the Non Microsoft option is clicked in the Drivers box.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning large amounts of data so depending on your system it could take a while to complete.
  • When the scan is done Notepad will open with the report file loaded in it.
  • Save the file in the new OTScanIt folder as Scan1.txt
If the log is too large to post, use the Reply button, scroll down to the Attachments section and attach the Notepad file here.


Cheers,

sage5

Edited by sage5, 31 March 2008 - 08:25 AM.

  • 0

#3
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi sage5
Thank you for the quick reply,I really appreciate it. Here is the smitfraud result.
SmitFraudFix v2.309

Scan done at 10:42:23.56, Mon 03/31/2008
Run from C:\Documents and Settings\DENNIS ANDREWS\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DENNIS ANDREWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DENNIS ANDREWS\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DENNIS~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 64.71.255.198

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBF9CED2-EA9F-46B1-8DE2-68B16625E9F0}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBF9CED2-EA9F-46B1-8DE2-68B16625E9F0}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBF9CED2-EA9F-46B1-8DE2-68B16625E9F0}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
How did you go with the OTScanIt log?
Can you attach that as your next reply please?
  • 0

#5
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry it took so long but here is the Otscanit result.
[code=auto:0]OTScanIt logfile created on: 4/1/2008 8:28:52 AM
OTScanIt by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\DENNIS ANDREWS\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 533.43 Mb Available Physical Memory | 52.12% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 74.27% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 90.13 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 124.28 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-9E0A4F8D43
Current User Name: DENNIS ANDREWS
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr = ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr = ]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
dkservice.exe -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr = ]
djsnetcn.exe -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr = ]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr = ]
ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 2:18:10 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 3/29/2008 5:10:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> File not found
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 9/28/2007 9:05:00 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr = ]
(ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NPF\ccPwdSvc.exe -> Symantec Corporation [Ver = 9.0.0.127 | Size = 72280 bytes | Modified Date = 9/23/2005 2:52:18 PM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr = ]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr = ]
(DJSNETCN) Symantec Licensing Detect Internet Connection [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 4:22:44 AM | Attr = ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr = ]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 11/26/2006 10:17:30 PM | Attr = ]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.5.85 | Size = 294912 bytes | Modified Date = 11/26/2006 10:17:06 PM | Attr = ]
(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 303104 bytes | Modified Date = 11/27/2006 8:54:26 PM | Attr = ]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 880640 bytes | Modified Date = 11/27/2006 8:53:14 PM | Attr = ]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 159744 bytes | Modified Date = 11/27/2006 8:51:06 PM | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NAV\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 2:22:48 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr = ]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr = ]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.453 | Size = 73728 bytes | Modified Date = 11/1/2006 11:17:32 AM | Attr = R ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr = ]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 4:07:38 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
484ae27d -> %SystemRoot%\system32\oicdgrjm.dll -> [Ver = | Size = 82496 bytes | Modified Date = 3/31/2008 12:14:56 PM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr = ]
OPSE reminder -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe -> ScanSoft, Inc. [Ver = 1.0.1.6 | Size = 729088 bytes | Modified Date = 7/7/2003 11:29:30 AM | Attr = ]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 4:27:36 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices ->
DJSNetCN -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr = ]
RogersAgent -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,401 | Size = 4670968 bytes | Modified Date = 6/11/2007 12:52:42 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr = ]
< DENNIS ANDREWS Startup Folder > -> C:\Documents and Settings\DENNIS ANDREWS\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [] -> [Ver = | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 9/28/2007 10:57:55 PM | Attr = ]
qoMcdBts -> %SystemRoot%\system32\qoMcdBts.dll -> [Ver = | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://rogers.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://sympatico.msn.ca/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
.[msn] -> My Computer ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{0f48cb9a-ff4f-4d9d-bed3-166bc75b1517} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ybhnydod.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 90688 bytes | Modified Date = 3/31/2008 12:14:56 PM | Attr = ]
{1EB9D5B4-210A-4F4C-B8BE-4E048274CF49} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{459282C4-8803-426D-98A1-A4990ED0CF7D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr = ]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 9.0.4.26 | Size = 94384 bytes | Modified Date = 4/14/2006 12:20:32 PM | Attr = ]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\NAV\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr = ]
{C7A9C1CD-6C93-41D5-B428-1910A55DA3DD} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqnlMcD.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 268288 bytes | Modified Date = 3/28/2008 4:35:33 PM | Attr = ]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2D2DE234-AB9F-4345-9D17-94FA78BA37E3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Rogers Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr = ]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
YPC 3.2.0 -> Yahoo! Parental Controls ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{01B480B4-C00E-4728-8DD6-AEC375FE78DD} -> () ->
{C83E4D01-15FF-4384-A5D1-EBABDD7A3122} -> (RemoteControl USB LAN LINK) ->
{DBF9CED2-EA9F-46B1-8DE2-68B16625E9F0} -> (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186746137718[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab[Java Plug-in 1.5.0_12] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->



[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 3/28/2008 9:14:58 PM | Attr = ]
rcblan.sys -> %SystemRoot%\System32\drivers\rcblan.sys -> Belcarra Technologies [Ver = 02.03.02.317 | Size = 39704 bytes | Created Date = 3/25/2008 4:31:54 PM | Attr = ]
DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini -> [Ver = | Size = 138992 bytes | Created Date = 3/28/2008 4:35:34 PM | Attr = HS]
DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2 -> [Ver = | Size = 138533 bytes | Created Date = 3/28/2008 4:35:34 PM | Attr = HS]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
gqexxsvh.ini -> %SystemRoot%\System32\gqexxsvh.ini -> [Ver = | Size = 474 bytes | Created Date = 3/31/2008 11:17:50 AM | Attr = HS]
hqbhhnro.dll -> %SystemRoot%\System32\hqbhhnro.dll -> [Ver = | Size = 90176 bytes | Created Date = 3/31/2008 4:38:41 AM | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
ifycxdnn.dll -> %SystemRoot%\System32\ifycxdnn.dll -> [Ver = | Size = 90688 bytes | Created Date = 3/31/2008 11:15:22 AM | Attr = ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr = ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr = ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr = ]
lcfexwjw.exe -> %SystemRoot%\System32\lcfexwjw.exe -> [Ver = | Size = 106496 bytes | Created Date = 3/28/2008 4:29:44 PM | Attr = ]
limvecny.dll -> %SystemRoot%\System32\limvecny.dll -> [Ver = | Size = 85568 bytes | Created Date = 3/30/2008 4:40:38 AM | Attr = ]
mjrgdcio.ini -> %SystemRoot%\System32\mjrgdcio.ini -> [Ver = | Size = 654 bytes | Created Date = 3/31/2008 12:14:56 PM | Attr = HS]
oicdgrjm.dll -> %SystemRoot%\System32\oicdgrjm.dll -> [Ver = | Size = 82496 bytes | Created Date = 3/31/2008 12:14:56 PM | Attr = ]
ppwtecvf.ini -> %SystemRoot%\System32\ppwtecvf.ini -> [Ver = | Size = 414 bytes | Created Date = 3/31/2008 4:41:53 AM | Attr = HS]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll -> [Ver = | Size = 40448 bytes | Created Date = 3/28/2008 4:29:36 PM | Attr = ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll -> [Ver = | Size = 268288 bytes | Created Date = 3/28/2008 4:35:30 PM | Attr = ]
syscvchk.dll -> %SystemRoot%\System32\syscvchk.dll -> [Ver = | Size = 2048 bytes | Created Date = 3/25/2008 10:39:37 AM | Attr = ]
tvgnoldl.dll -> %SystemRoot%\System32\tvgnoldl.dll -> [Ver = | Size = 90176 bytes | Created Date = 3/30/2008 4:37:38 AM | Attr = ]
uqdfdcub.ini -> %SystemRoot%\System32\uqdfdcub.ini -> [Ver = | Size = 294 bytes | Created Date = 3/29/2008 4:38:51 AM | Attr = HS]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
yayyVonL.dll -> %SystemRoot%\System32\yayyVonL.dll -> [Ver = | Size = 40448 bytes | Created Date = 3/28/2008 4:30:28 PM | Attr = ]
ybhnydod.dll -> %SystemRoot%\System32\ybhnydod.dll -> [Ver = | Size = 90688 bytes | Created Date = 3/31/2008 12:14:56 PM | Attr = ]
yncevmil.ini -> %SystemRoot%\System32\yncevmil.ini -> [Ver = | Size = 294 bytes | Created Date = 3/30/2008 4:40:49 AM | Attr = HS]
a.bat -> %SystemRoot%\a.bat -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
bdn.com -> %SystemRoot%\bdn.com -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
fkdnrwsv.dll -> %SystemRoot%\fkdnrwsv.dll -> [Ver = | Size = 241664 bytes | Created Date = 3/28/2008 4:29:53 PM | Attr = ]
FVProtect.exe -> %SystemRoot%\FVProtect.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 3/29/2008 9:03:00 AM | Attr = H ]
8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
mslagent -> %SystemRoot%\mslagent -> [Folder | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
mssecu.exe -> %SystemRoot%\mssecu.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 3/29/2008 3:37:36 PM | Attr = H ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr = H ]
stfngdvw.dll -> %SystemRoot%\stfngdvw.dll -> [Ver = | Size = 151552 bytes | Created Date = 3/28/2008 4:29:53 PM | Attr = ]
svpekgonpla.dll -> %SystemRoot%\svpekgonpla.dll -> [Ver = | Size = 245760 bytes | Created Date = 3/28/2008 4:29:53 PM | Attr = ]
sxfnewqb.dll -> %SystemRoot%\sxfnewqb.dll -> [Ver = | Size = 266240 bytes | Created Date = 3/28/2008 4:29:53 PM | Attr = ]
system32akttzn.exe -> %SystemRoot%\system32akttzn.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32anticipator.dll -> %SystemRoot%\system32anticipator.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
system32awtoolb.dll -> %SystemRoot%\system32awtoolb.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
system32bdn.com -> %SystemRoot%\system32bdn.com -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
system32bsva-egihsg52.exe -> %SystemRoot%\system32bsva-egihsg52.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32dpcproxy.exe -> %SystemRoot%\system32dpcproxy.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32emesx.dll -> %SystemRoot%\system32emesx.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32h@tkeysh@@k.dll -> %SystemRoot%\system32h@tkeysh@@k.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32hoproxy.dll -> %SystemRoot%\system32hoproxy.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32hxiwlgpm.dat -> %SystemRoot%\system32hxiwlgpm.dat -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32hxiwlgpm.exe -> %SystemRoot%\system32hxiwlgpm.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32medup012.dll -> %SystemRoot%\system32medup012.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32medup020.dll -> %SystemRoot%\system32medup020.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32msgp.exe -> %SystemRoot%\system32msgp.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32msnbho.dll -> %SystemRoot%\system32msnbho.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32mssecu.exe -> %SystemRoot%\system32mssecu.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
system32msvchost.exe -> %SystemRoot%\system32msvchost.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32mtr2.exe -> %SystemRoot%\system32mtr2.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32mwin32.exe -> %SystemRoot%\system32mwin32.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32netode.exe -> %SystemRoot%\system32netode.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32newsd32.exe -> %SystemRoot%\system32newsd32.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32ps1.exe -> %SystemRoot%\system32ps1.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32psof1.exe -> %SystemRoot%\system32psof1.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32psoft1.exe -> %SystemRoot%\system32psoft1.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32regc64.dll -> %SystemRoot%\system32regc64.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32regm64.dll -> %SystemRoot%\system32regm64.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32Rundl1.exe -> %SystemRoot%\system32Rundl1.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32smp -> %SystemRoot%\system32smp -> [Folder | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32sncntr.exe -> %SystemRoot%\system32sncntr.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32ssurf022.dll -> %SystemRoot%\system32ssurf022.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32ssvchost.com -> %SystemRoot%\system32ssvchost.com -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32ssvchost.exe -> %SystemRoot%\system32ssvchost.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32sysreq.exe -> %SystemRoot%\system32sysreq.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
system32taack.dat -> %SystemRoot%\system32taack.dat -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32taack.exe -> %SystemRoot%\system32taack.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32temp#01.exe -> %SystemRoot%\system32temp#01.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32thun.dll -> %SystemRoot%\system32thun.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32thun32.dll -> %SystemRoot%\system32thun32.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32vbsys2.dll -> %SystemRoot%\system32vbsys2.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
system32vcatchpi.dll -> %SystemRoot%\system32vcatchpi.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
system32winlogonpc.exe -> %SystemRoot%\system32winlogonpc.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
system32winsystem.exe -> %SystemRoot%\system32winsystem.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
system32WINWGPX.EXE -> %SystemRoot%\system32WINWGPX.EXE -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2559 bytes | Created Date = 3/24/2008 9:03:02 AM | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 3/24/2008 9:03:02 AM | Attr = ]
userconfig9x.dll -> %SystemRoot%\userconfig9x.dll -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
winsystem.exe -> %SystemRoot%\winsystem.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:55 PM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 272 bytes | Created Date = 3/29/2008 9:16:18 AM | Att
  • 0

#6
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It looks like the file is to large from Otscanit.the result is in the attachment. Thanks Dennis

Attached Files


  • 0

#7
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi denz106,


Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NY -> 484ae27d -> %SystemRoot%\system32\oicdgrjm.dll
YN -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
NY -> qoMcdBts -> %SystemRoot%\system32\qoMcdBts.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper]
YY -> {0f48cb9a-ff4f-4d9d-bed3-166bc75b1517} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ybhnydod.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {1EB9D5B4-210A-4F4C-B8BE-4E048274CF49} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {459282C4-8803-426D-98A1-A4990ED0CF7D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2D2DE234-AB9F-4345-9D17-94FA78BA37E3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab[Java Plug-in 1.5.0_12]
[Files/Folders - Created Within 30 days]
NY -> gqexxsvh.ini -> %SystemRoot%\System32\gqexxsvh.ini
NY -> hqbhhnro.dll -> %SystemRoot%\System32\hqbhhnro.dll
NY -> lcfexwjw.exe -> %SystemRoot%\System32\lcfexwjw.exe
NY -> mjrgdcio.ini -> %SystemRoot%\System32\mjrgdcio.ini
NY -> oicdgrjm.dll -> %SystemRoot%\System32\oicdgrjm.dll
NY -> ppwtecvf.ini -> %SystemRoot%\System32\ppwtecvf.ini
NY -> qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll
NY -> syscvchk.dll -> %SystemRoot%\System32\syscvchk.dll
NY -> uqdfdcub.ini -> %SystemRoot%\System32\uqdfdcub.ini
NY -> yayyVonL.dll -> %SystemRoot%\System32\yayyVonL.dll
NY -> ybhnydod.dll -> %SystemRoot%\System32\ybhnydod.dll
NY -> yncevmil.ini -> %SystemRoot%\System32\yncevmil.ini
NY -> a.bat -> %SystemRoot%\a.bat
NY -> bdn.com -> %SystemRoot%\bdn.com
NY -> fkdnrwsv.dll -> %SystemRoot%\fkdnrwsv.dll
NY -> 8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> mslagent -> %SystemRoot%\mslagent
NY -> mssecu.exe -> %SystemRoot%\mssecu.exe
NY -> stfngdvw.dll -> %SystemRoot%\stfngdvw.dll
NY -> svpekgonpla.dll -> %SystemRoot%\svpekgonpla.dll
NY -> sxfnewqb.dll -> %SystemRoot%\sxfnewqb.dll
NY -> system32akttzn.exe -> %SystemRoot%\system32akttzn.exe
NY -> system32anticipator.dll -> %SystemRoot%\system32anticipator.dll
NY -> system32awtoolb.dll -> %SystemRoot%\system32awtoolb.dll
NY -> system32bdn.com -> %SystemRoot%\system32bdn.com
NY -> system32bsva-egihsg52.exe -> %SystemRoot%\system32bsva-egihsg52.exe
NY -> system32dpcproxy.exe -> %SystemRoot%\system32dpcproxy.exe
NY -> system32emesx.dll -> %SystemRoot%\system32emesx.dll
NY -> system32h@tkeysh@@k.dll -> %SystemRoot%\system32h@tkeysh@@k.dll
NY -> system32hoproxy.dll -> %SystemRoot%\system32hoproxy.dll
NY -> system32hxiwlgpm.dat -> %SystemRoot%\system32hxiwlgpm.dat
NY -> system32hxiwlgpm.exe -> %SystemRoot%\system32hxiwlgpm.exe
NY -> system32medup012.dll -> %SystemRoot%\system32medup012.dll
NY -> system32medup020.dll -> %SystemRoot%\system32medup020.dll
NY -> system32msgp.exe -> %SystemRoot%\system32msgp.exe
NY -> system32msnbho.dll -> %SystemRoot%\system32msnbho.dll
NY -> system32mssecu.exe -> %SystemRoot%\system32mssecu.exe
NY -> system32msvchost.exe -> %SystemRoot%\system32msvchost.exe
NY -> system32mtr2.exe -> %SystemRoot%\system32mtr2.exe
NY -> system32mwin32.exe -> %SystemRoot%\system32mwin32.exe
NY -> system32netode.exe -> %SystemRoot%\system32netode.exe
NY -> system32newsd32.exe -> %SystemRoot%\system32newsd32.exe
NY -> system32ps1.exe -> %SystemRoot%\system32ps1.exe
NY -> system32psof1.exe -> %SystemRoot%\system32psof1.exe
NY -> system32psoft1.exe -> %SystemRoot%\system32psoft1.exe
NY -> system32regc64.dll -> %SystemRoot%\system32regc64.dll
NY -> system32regm64.dll -> %SystemRoot%\system32regm64.dll
NY -> system32Rundl1.exe -> %SystemRoot%\system32Rundl1.exe
NY -> system32smp -> %SystemRoot%\system32smp
NY -> system32sncntr.exe -> %SystemRoot%\system32sncntr.exe
NY -> system32ssurf022.dll -> %SystemRoot%\system32ssurf022.dll
NY -> system32ssvchost.com -> %SystemRoot%\system32ssvchost.com
NY -> system32ssvchost.exe -> %SystemRoot%\system32ssvchost.exe
NY -> system32sysreq.exe -> %SystemRoot%\system32sysreq.exe
NY -> system32taack.dat -> %SystemRoot%\system32taack.dat
NY -> system32taack.exe -> %SystemRoot%\system32taack.exe
NY -> system32temp#01.exe -> %SystemRoot%\system32temp#01.exe
NY -> system32thun.dll -> %SystemRoot%\system32thun.dll
NY -> system32thun32.dll -> %SystemRoot%\system32thun32.dll
NY -> system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX
NY -> system32vbsys2.dll -> %SystemRoot%\system32vbsys2.dll
NY -> system32vcatchpi.dll -> %SystemRoot%\system32vcatchpi.dll
NY -> system32winlogonpc.exe -> %SystemRoot%\system32winlogonpc.exe
NY -> system32winsystem.exe -> %SystemRoot%\system32winsystem.exe
NY -> system32WINWGPX.EXE -> %SystemRoot%\system32WINWGPX.EXE
NY -> userconfig9x.dll -> %SystemRoot%\userconfig9x.dll
NY -> winsystem.exe -> %SystemRoot%\winsystem.exe
NY -> Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job
[Files/Folders - Modified Within 30 days]
NY -> sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm
NY -> sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm
NY -> sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm
NY -> sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm
NY -> sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm
NY -> sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm
NY -> sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm
NY -> sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm
NY -> sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm
NY -> sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm
NY -> sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm
NY -> 59 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> gqexxsvh.ini -> %SystemRoot%\System32\gqexxsvh.ini
NY -> hqbhhnro.dll -> %SystemRoot%\System32\hqbhhnro.dll
NY -> ifycxdnn.dll -> %SystemRoot%\System32\ifycxdnn.dll
NY -> lcfexwjw.exe -> %SystemRoot%\System32\lcfexwjw.exe
NY -> mjrgdcio.ini -> %SystemRoot%\System32\mjrgdcio.ini
NY -> oicdgrjm.dll -> %SystemRoot%\System32\oicdgrjm.dll
NY -> perfc009.dat -> %SystemRoot%\System32\perfc009.dat
NY -> perfh009.dat -> %SystemRoot%\System32\perfh009.dat
NY -> PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI
NY -> ppwtecvf.ini -> %SystemRoot%\System32\ppwtecvf.ini
NY -> qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll
NY -> ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll
NY -> uqdfdcub.ini -> %SystemRoot%\System32\uqdfdcub.ini
NY -> yayyVonL.dll -> %SystemRoot%\System32\yayyVonL.dll
NY -> ybhnydod.dll -> %SystemRoot%\System32\ybhnydod.dll
NY -> yncevmil.ini -> %SystemRoot%\System32\yncevmil.ini
NY -> 8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> a.bat -> %SystemRoot%\a.bat
NY -> bdn.com -> %SystemRoot%\bdn.com
NY -> FVProtect.exe -> %SystemRoot%\FVProtect.exe
NY -> mslagent -> %SystemRoot%\mslagent
NY -> system32akttzn.exe -> %SystemRoot%\system32akttzn.exe
NY -> system32anticipator.dll -> %SystemRoot%\system32anticipator.dll
NY -> system32awtoolb.dll -> %SystemRoot%\system32awtoolb.dll
NY -> system32bdn.com -> %SystemRoot%\system32bdn.com
NY -> system32bsva-egihsg52.exe -> %SystemRoot%\system32bsva-egihsg52.exe
NY -> system32dpcproxy.exe -> %SystemRoot%\system32dpcproxy.exe
NY -> system32emesx.dll -> %SystemRoot%\system32emesx.dll
NY -> system32h@tkeysh@@k.dll -> %SystemRoot%\system32h@tkeysh@@k.dll
NY -> system32hoproxy.dll -> %SystemRoot%\system32hoproxy.dll
NY -> system32hxiwlgpm.dat -> %SystemRoot%\system32hxiwlgpm.dat
NY -> system32hxiwlgpm.exe -> %SystemRoot%\system32hxiwlgpm.exe
NY -> system32medup012.dll -> %SystemRoot%\system32medup012.dll
NY -> system32medup020.dll -> %SystemRoot%\system32medup020.dll
NY -> system32msgp.exe -> %SystemRoot%\system32msgp.exe
NY -> system32msnbho.dll -> %SystemRoot%\system32msnbho.dll
NY -> system32mssecu.exe -> %SystemRoot%\system32mssecu.exe
NY -> system32msvchost.exe -> %SystemRoot%\system32msvchost.exe
NY -> system32mtr2.exe -> %SystemRoot%\system32mtr2.exe
NY -> system32mwin32.exe -> %SystemRoot%\system32mwin32.exe
NY -> system32netode.exe -> %SystemRoot%\system32netode.exe
NY -> system32newsd32.exe -> %SystemRoot%\system32newsd32.exe
NY -> system32ps1.exe -> %SystemRoot%\system32ps1.exe
NY -> system32psof1.exe -> %SystemRoot%\system32psof1.exe
NY -> system32psoft1.exe -> %SystemRoot%\system32psoft1.exe
NY -> system32regc64.dll -> %SystemRoot%\system32regc64.dll
NY -> system32regm64.dll -> %SystemRoot%\system32regm64.dll
NY -> system32Rundl1.exe -> %SystemRoot%\system32Rundl1.exe
NY -> system32smp -> %SystemRoot%\system32smp
NY -> system32sncntr.exe -> %SystemRoot%\system32sncntr.exe
NY -> system32ssurf022.dll -> %SystemRoot%\system32ssurf022.dll
NY -> system32ssvchost.com -> %SystemRoot%\system32ssvchost.com
NY -> system32ssvchost.exe -> %SystemRoot%\system32ssvchost.exe
NY -> system32sysreq.exe -> %SystemRoot%\system32sysreq.exe
NY -> system32taack.dat -> %SystemRoot%\system32taack.dat
NY -> system32taack.exe -> %SystemRoot%\system32taack.exe
NY -> system32temp#01.exe -> %SystemRoot%\system32temp#01.exe
NY -> system32thun.dll -> %SystemRoot%\system32thun.dll
NY -> system32thun32.dll -> %SystemRoot%\system32thun32.dll
NY -> system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX
NY -> system32vbsys2.dll -> %SystemRoot%\system32vbsys2.dll
NY -> system32vcatchpi.dll -> %SystemRoot%\system32vcatchpi.dll
NY -> system32winlogonpc.exe -> %SystemRoot%\system32winlogonpc.exe
NY -> system32winsystem.exe -> %SystemRoot%\system32winsystem.exe
NY -> system32WINWGPX.EXE -> %SystemRoot%\system32WINWGPX.EXE
NY -> userconfig9x.dll -> %SystemRoot%\userconfig9x.dll
NY -> winsystem.exe -> %SystemRoot%\winsystem.exe
NY -> 44 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]


The fix should only take a very short time.
When the fix is done a message box will popup telling you that it is finished.
Click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#8
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi sage5
I ran otscanit with the fix you supplied three times but I am still getting popups. Norton seems to be killing most of them but their still there.The cmputer does seem to opeate a little better. Is there anything else you would like to try.

Thanks
Dennis
  • 0

#9
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts

Post that information back here along with a new OTScanIt scan.


Please re run OTScanIt & post me back the new log file. :)

Edited by sage5, 01 April 2008 - 06:27 PM.

  • 0

#10
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Post that information back here along with a new OTScanIt scan.


Please re run OTScanIt & post me back the new log file. :)

OTScanIt logfile created on: 4/1/2008 8:40:58 PM
OTScanIt by OldTimer - Version 1.0.8.0	 Folder = C:\Documents and Settings\DENNIS ANDREWS\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.48 Mb Total Physical Memory | 612.46 Mb Available Physical Memory | 59.84% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 91.85 Gb Free Space | 80.23% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 124.28 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-9E0A4F8D43
Current User Name: DENNIS ANDREWS
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr =	]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr =	]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr =	]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr =	]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr =	]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr =	]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr =	]
rogersagent.exe -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
dkservice.exe -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr =	]
djsnetcn.exe -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
navapsvc.exe -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr =	]
npfmntor.exe -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 3/29/2008 5:10:10 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> File not found
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 9/28/2007 9:05:00 PM | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr =	]
(ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NPF\ccPwdSvc.exe -> Symantec Corporation [Ver = 9.0.0.127 | Size = 72280 bytes | Modified Date = 9/23/2005 2:52:18 PM | Attr =	]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr =	]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr =	]
(DJSNETCN) Symantec Licensing Detect Internet Connection [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 4:22:44 AM | Attr =	]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr =	]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr =	]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 11/26/2006 10:17:30 PM | Attr =	]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.5.85 | Size = 294912 bytes | Modified Date = 11/26/2006 10:17:06 PM | Attr =	]
(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 303104 bytes | Modified Date = 11/27/2006 8:54:26 PM | Attr =	]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 880640 bytes | Modified Date = 11/27/2006 8:53:14 PM | Attr =	]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 159744 bytes | Modified Date = 11/27/2006 8:51:06 PM | Attr =	]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NAV\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 2:22:48 PM | Attr =	]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr =	]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr =	]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.453 | Size = 73728 bytes | Modified Date = 11/1/2006 11:17:32 AM | Attr = R  ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr =	]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 4:07:38 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr =	]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 4:27:36 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> 
DJSNetCN -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr =	]
RogersAgent -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,401 | Size = 4670968 bytes | Modified Date = 6/11/2007 12:52:42 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr =	]
< DENNIS ANDREWS Startup Folder > -> C:\Documents and Settings\DENNIS ANDREWS\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [] ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 9/28/2007 10:57:55 PM | Attr =	]
qoMcdBts -> %SystemRoot%\system32\qoMcdBts.dll ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://rogers.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://sympatico.msn.ca/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
{2DC64287-F606-4C10-9144-E7B3ACE316D3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqnlMcD.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 268288 bytes | Modified Date = 3/28/2008 4:35:33 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 9.0.4.26 | Size = 94384 bytes | Modified Date = 4/14/2006 12:20:32 PM | Attr =	]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\NAV\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
{bcaf8204-00d1-461f-baef-a6b8e15f06b3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\crmewnte.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 90688 bytes | Modified Date = 4/1/2008 12:19:12 PM | Attr =	]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Rogers Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Windows &Live Favorites ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
YPC 3.2.0 -> Yahoo! Parental Controls -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{01B480B4-C00E-4728-8DD6-AEC375FE78DD} ->	() -> 
{C83E4D01-15FF-4384-A5D1-EBABDD7A3122} ->	(RemoteControl USB LAN LINK) -> 
{DBF9CED2-EA9F-46B1-8DE2-68B16625E9F0} ->	(Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186746137718[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 



[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 3/28/2008 9:14:58 PM | Attr =	]
rcblan.sys -> %SystemRoot%\System32\drivers\rcblan.sys -> Belcarra Technologies [Ver = 02.03.02.317 | Size = 39704 bytes | Created Date = 3/25/2008 4:31:54 PM | Attr =	]
crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll ->  [Ver =  | Size = 90688 bytes | Created Date = 4/1/2008 12:19:11 PM | Attr =	]
DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini ->  [Ver =  | Size = 104051 bytes | Created Date = 3/28/2008 4:35:34 PM | Attr =  HS]
DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2 ->  [Ver =  | Size = 104051 bytes | Created Date = 3/28/2008 4:35:34 PM | Attr =  HS]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini ->  [Ver =  | Size = 714 bytes | Created Date = 4/1/2008 12:16:12 PM | Attr =  HS]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll ->  [Ver =  | Size = 40448 bytes | Created Date = 3/28/2008 4:29:36 PM | Attr =	]
rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll ->  [Ver =  | Size = 85568 bytes | Created Date = 4/1/2008 12:16:11 PM | Attr =	]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll ->  [Ver =  | Size = 268288 bytes | Created Date = 3/28/2008 4:35:30 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 3/29/2008 9:03:00 AM | Attr =  H ]
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe ->  [Ver =  | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 3/29/2008 3:37:36 PM | Attr =  H ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr =  H ]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2559 bytes | Created Date = 3/24/2008 9:03:02 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 3/24/2008 9:03:02 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 3/30/2008 8:53:06 AM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 3/28/2008 3:32:28 PM | Attr =	]
logfile -> %SystemDrive%\logfile ->  [Ver =  | Size = 21724 bytes | Modified Date = 3/19/2008 9:43:34 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/30/2008 11:10:45 PM | Attr = R  ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 3/30/2008 10:38:05 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 4/1/2008 5:05:24 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 3/29/2008 8:57:44 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 4/1/2008 8:37:55 PM | Attr =	]
crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll ->  [Ver =  | Size = 90688 bytes | Modified Date = 4/1/2008 12:19:12 PM | Attr =	]
DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini ->  [Ver =  | Size = 104051 bytes | Modified Date = 4/1/2008 8:40:57 PM | Attr =  HS]
DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2 ->  [Ver =  | Size = 104051 bytes | Modified Date = 4/1/2008 8:39:17 PM | Attr =  HS]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 3/30/2008 8:52:10 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 3/29/2008 8:55:53 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/30/2008 8:33:31 PM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 3/29/2008 9:10:37 AM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 3/29/2008 9:04:21 AM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 3/26/2008 8:50:45 AM | Attr =	]
mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini ->  [Ver =  | Size = 714 bytes | Modified Date = 4/1/2008 12:16:22 PM | Attr =  HS]
qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 3/30/2008 10:38:05 AM | Attr =	]
rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll ->  [Ver =  | Size = 85568 bytes | Modified Date = 4/1/2008 12:16:12 PM | Attr =	]
ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll ->  [Ver =  | Size = 268288 bytes | Modified Date = 3/28/2008 4:35:33 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Modified Date = 3/28/2008 11:19:34 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 3/29/2008 12:13:15 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13746 bytes | Modified Date = 3/29/2008 8:53:22 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 3/29/2008 8:56:33 AM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 3/30/2008 8:53:01 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 4/1/2008 8:39:07 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/19/2008 7:32:30 AM | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 3/29/2008 9:15:30 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 3/29/2008 9:07:15 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 3/29/2008 9:03:09 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 3/29/2008 9:04:14 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 3/29/2008 9:05:06 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/30/2008 11:10:41 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/30/2008 8:53:08 AM | Attr =  HS]
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe ->  [Ver =  | Size = 4096 bytes | Modified Date = 3/28/2008 4:29:56 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 3/29/2008 9:03:13 AM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 3/29/2008 10:31:45 AM | Attr =	]
msnsetuplog.bak -> %SystemRoot%\msnsetuplog.bak ->  [Ver =  | Size = 3545 bytes | Modified Date = 3/30/2008 9:46:42 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 3/28/2008 8:11:25 AM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 3/29/2008 3:37:36 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 4/1/2008 6:38:26 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 3/29/2008 12:27:36 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/31/2008 10:07:04 AM | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 4/1/2008 5:05:24 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 4/1/2008 4:54:39 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 4/1/2008 8:40:19 PM | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2559 bytes | Modified Date = 3/24/2008 9:03:03 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 3/24/2008 9:01:32 AM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 3/29/2008 9:03:16 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 3/28/2008 4:29:52 PM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1863 bytes | Modified Date = 3/17/2008 3:02:00 AM | Attr =	]
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job ->  [Ver =  | Size = 454 bytes | Modified Date = 3/19/2008 9:03:01 PM | Attr =	]
Norton AntiVirus - Run Full System Scan - DENNIS ANDREWS.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - DENNIS ANDREWS.job ->  [Ver =  | Size = 552 bytes | Modified Date = 3/28/2008 8:27:02 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 4/1/2008 8:39:16 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 3/30/2008 4:19:03 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 3/30/2008 4:19:03 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 7/24/2007 11:45:22 AM | Attr =	]

< End of report >

  • 0

Advertisements


#11
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi sage5
Here is the otscanit file.I scaned and attempted repair one more time. Thank Dennis

OTScanIt logfile created on: 4/1/2008 8:40:58 PM
OTScanIt by OldTimer - Version 1.0.8.0	 Folder = C:\Documents and Settings\DENNIS ANDREWS\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.48 Mb Total Physical Memory | 612.46 Mb Available Physical Memory | 59.84% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 91.85 Gb Free Space | 80.23% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 124.28 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-9E0A4F8D43
Current User Name: DENNIS ANDREWS
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr =	]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr =	]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr =	]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr =	]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr =	]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr =	]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr =	]
rogersagent.exe -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
dkservice.exe -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr =	]
djsnetcn.exe -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
navapsvc.exe -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr =	]
npfmntor.exe -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 3/29/2008 5:10:10 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> File not found
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 9/28/2007 9:05:00 PM | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr =	]
(ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NPF\ccPwdSvc.exe -> Symantec Corporation [Ver = 9.0.0.127 | Size = 72280 bytes | Modified Date = 9/23/2005 2:52:18 PM | Attr =	]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr =	]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr =	]
(DJSNETCN) Symantec Licensing Detect Internet Connection [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 4:22:44 AM | Attr =	]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr =	]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr =	]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 11/26/2006 10:17:30 PM | Attr =	]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.5.85 | Size = 294912 bytes | Modified Date = 11/26/2006 10:17:06 PM | Attr =	]
(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 303104 bytes | Modified Date = 11/27/2006 8:54:26 PM | Attr =	]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 880640 bytes | Modified Date = 11/27/2006 8:53:14 PM | Attr =	]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 159744 bytes | Modified Date = 11/27/2006 8:51:06 PM | Attr =	]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NAV\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 2:22:48 PM | Attr =	]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr =	]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr =	]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.453 | Size = 73728 bytes | Modified Date = 11/1/2006 11:17:32 AM | Attr = R  ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr =	]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 4:07:38 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr =	]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 4:27:36 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> 
DJSNetCN -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr =	]
RogersAgent -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,401 | Size = 4670968 bytes | Modified Date = 6/11/2007 12:52:42 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr =	]
< DENNIS ANDREWS Startup Folder > -> C:\Documents and Settings\DENNIS ANDREWS\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [] ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 9/28/2007 10:57:55 PM | Attr =	]
qoMcdBts -> %SystemRoot%\system32\qoMcdBts.dll ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://rogers.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://sympatico.msn.ca/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
{2DC64287-F606-4C10-9144-E7B3ACE316D3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqnlMcD.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 268288 bytes | Modified Date = 3/28/2008 4:35:33 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 9.0.4.26 | Size = 94384 bytes | Modified Date = 4/14/2006 12:20:32 PM | Attr =	]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\NAV\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
{bcaf8204-00d1-461f-baef-a6b8e15f06b3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\crmewnte.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 90688 bytes | Modified Date = 4/1/2008 12:19:12 PM | Attr =	]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Rogers Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Windows &Live Favorites ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
YPC 3.2.0 -> Yahoo! Parental Controls -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{01B480B4-C00E-4728-8DD6-AEC375FE78DD} ->	() -> 
{C83E4D01-15FF-4384-A5D1-EBABDD7A3122} ->	(RemoteControl USB LAN LINK) -> 
{DBF9CED2-EA9F-46B1-8DE2-68B16625E9F0} ->	(Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186746137718[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 



[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 3/28/2008 9:14:58 PM | Attr =	]
rcblan.sys -> %SystemRoot%\System32\drivers\rcblan.sys -> Belcarra Technologies [Ver = 02.03.02.317 | Size = 39704 bytes | Created Date = 3/25/2008 4:31:54 PM | Attr =	]
crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll ->  [Ver =  | Size = 90688 bytes | Created Date = 4/1/2008 12:19:11 PM | Attr =	]
DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini ->  [Ver =  | Size = 104051 bytes | Created Date = 3/28/2008 4:35:34 PM | Attr =  HS]
DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2 ->  [Ver =  | Size = 104051 bytes | Created Date = 3/28/2008 4:35:34 PM | Attr =  HS]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini ->  [Ver =  | Size = 714 bytes | Created Date = 4/1/2008 12:16:12 PM | Attr =  HS]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll ->  [Ver =  | Size = 40448 bytes | Created Date = 3/28/2008 4:29:36 PM | Attr =	]
rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll ->  [Ver =  | Size = 85568 bytes | Created Date = 4/1/2008 12:16:11 PM | Attr =	]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll ->  [Ver =  | Size = 268288 bytes | Created Date = 3/28/2008 4:35:30 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 3/29/2008 9:03:00 AM | Attr =  H ]
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe ->  [Ver =  | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 3/29/2008 3:37:36 PM | Attr =  H ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr =  H ]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2559 bytes | Created Date = 3/24/2008 9:03:02 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 3/24/2008 9:03:02 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 3/30/2008 8:53:06 AM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 3/28/2008 3:32:28 PM | Attr =	]
logfile -> %SystemDrive%\logfile ->  [Ver =  | Size = 21724 bytes | Modified Date = 3/19/2008 9:43:34 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/30/2008 11:10:45 PM | Attr = R  ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 3/30/2008 10:38:05 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 4/1/2008 5:05:24 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 3/29/2008 8:57:44 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 4/1/2008 8:37:55 PM | Attr =	]
crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll ->  [Ver =  | Size = 90688 bytes | Modified Date = 4/1/2008 12:19:12 PM | Attr =	]
DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini ->  [Ver =  | Size = 104051 bytes | Modified Date = 4/1/2008 8:40:57 PM | Attr =  HS]
DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2 ->  [Ver =  | Size = 104051 bytes | Modified Date = 4/1/2008 8:39:17 PM | Attr =  HS]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 3/30/2008 8:52:10 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 3/29/2008 8:55:53 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/30/2008 8:33:31 PM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 3/29/2008 9:10:37 AM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 3/29/2008 9:04:21 AM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 3/26/2008 8:50:45 AM | Attr =	]
mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini ->  [Ver =  | Size = 714 bytes | Modified Date = 4/1/2008 12:16:22 PM | Attr =  HS]
qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 3/30/2008 10:38:05 AM | Attr =	]
rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll ->  [Ver =  | Size = 85568 bytes | Modified Date = 4/1/2008 12:16:12 PM | Attr =	]
ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll ->  [Ver =  | Size = 268288 bytes | Modified Date = 3/28/2008 4:35:33 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Modified Date = 3/28/2008 11:19:34 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 3/29/2008 12:13:15 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13746 bytes | Modified Date = 3/29/2008 8:53:22 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 3/29/2008 8:56:33 AM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 3/30/2008 8:53:01 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 4/1/2008 8:39:07 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/19/2008 7:32:30 AM | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 3/29/2008 9:15:30 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 3/29/2008 9:07:15 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 3/29/2008 9:03:09 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 3/29/2008 9:04:14 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 3/29/2008 9:05:06 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/30/2008 11:10:41 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/30/2008 8:53:08 AM | Attr =  HS]
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe ->  [Ver =  | Size = 4096 bytes | Modified Date = 3/28/2008 4:29:56 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 3/29/2008 9:03:13 AM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 3/29/2008 10:31:45 AM | Attr =	]
msnsetuplog.bak -> %SystemRoot%\msnsetuplog.bak ->  [Ver =  | Size = 3545 bytes | Modified Date = 3/30/2008 9:46:42 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 3/28/2008 8:11:25 AM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 3/29/2008 3:37:36 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 4/1/2008 6:38:26 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 3/29/2008 12:27:36 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/31/2008 10:07:04 AM | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 4/1/2008 5:05:24 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 4/1/2008 4:54:39 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 4/1/2008 8:40:19 PM | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2559 bytes | Modified Date = 3/24/2008 9:03:03 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 3/24/2008 9:01:32 AM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 3/29/2008 9:03:16 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 3/28/2008 4:29:52 PM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1863 bytes | Modified Date = 3/17/2008 3:02:00 AM | Attr =	]
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job ->  [Ver =  | Size = 454 bytes | Modified Date = 3/19/2008 9:03:01 PM | Attr =	]
Norton AntiVirus - Run Full System Scan - DENNIS ANDREWS.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - DENNIS ANDREWS.job ->  [Ver =  | Size = 552 bytes | Modified Date = 3/28/2008 8:27:02 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 4/1/2008 8:39:16 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 3/30/2008 4:19:03 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 3/30/2008 4:19:03 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 7/24/2007 11:45:22 AM | Attr =	]

< End of report >

  • 0

#12
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi denz106,

When the fix is done a message box will popup telling you that it is finished.
Click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back here along with a new OTScanIt scan.

Those instructions weren't very clear, hopefully these ones are better:

That said, I need you to understand that while helping you with this fix, I don't have the benefit of performing the steps myself, so I am relying on you to do the steps I tell you, when I tell you to.
Many of these fixes require a specific order & timing to be successful.
A fix like this is a mult-part approach & almost never cured in the first scan.
Please don't do any "extra" steps. i.e. redoing that fix, won't acheive anything, but thankfully won't do any harm.

Now let's get back to it:

Please download the following & save to your Desktop:
Malwarebytes' Anti-Malware from Here or Here


Run the Fix:
  • Open the OTScanIT folder on the Desktop
  • Run OTScanIt.exe.
  • Copy all the text in the Code box below, and Paste it into the pane under the GREEN bar, titled Paste fix here and then click the green Run Fix button.


    [Unregister Dlls]
    [Win32 Services - Non-Microsoft Only]
    NY -> (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> 
    [Registry - Non-Microsoft Only]
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    YN -> {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll []
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    YN -> qoMcdBts -> %SystemRoot%\system32\qoMcdBts.dll
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {2DC64287-F606-4C10-9144-E7B3ACE316D3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqnlMcD.dll [Reg Error: Value  does not exist or could not be read.]
    YN -> {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [Reg Error: Value  does not exist or could not be read.]
    YN -> {bcaf8204-00d1-461f-baef-a6b8e15f06b3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\crmewnte.dll [Reg Error: Value  does not exist or could not be read.]
    [Files/Folders - Created Within 30 days]
    NY -> crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll
    NY -> DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini
    NY -> DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2
    NY -> qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll
    NY -> rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll
    NY -> ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll
    NY -> iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe
    [Files/Folders - Modified Within 30 days]
    NY -> mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini
    NY -> qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll
    NY -> rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll
    NY -> ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll
    NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
    NY -> msnsetuplog.bak -> %SystemRoot%\msnsetuplog.bak
    NY -> unins000.dat -> %SystemRoot%\unins000.dat
    NY -> unins000.exe -> %SystemRoot%\unins000.exe
    NY -> SA.DAT -> %SystemRoot%\tasks\SA.DAT
    NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    NY -> data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat

  • The fix should only take a very short time.
  • When the fix is done, click the OK button in the message box.
  • Notepad will open with a log of actions taken during the fix.
    This file is saved in the Moved Files folder and is named in date_time format (mmddyyyy_hhmmss.log format, so e.g. 04012008_082852.log)
  • I need you to Post the text from that file back here.


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please post the text from the fix log and MBAM log as your next Reply.
I will review the information when it comes back in.


Cheers,

sage5
  • 0

#13
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi sage5
That seems to work just fine,Cheers to you. I know its a little difficult dealing with a newbie but things turned out just fine. I'm not sure how the donation system works but I hope that it is safe to use my credit card. This beats the [bleep] out of reformatting. I thank you for your patience and the way you have dealt with the problem. I can't wait to visit down under again.


Thanks
Dennis
  • 0

#14
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
That's OK.
I need the text from that MBAM scan as well as the text from the fix log.

Cheers,

sage5
  • 0

#15
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi sage
Here is the MBAM.

Malwarebytes' Anti-Malware 1.10
Database version: 584

Scan type: Quick Scan
Objects scanned: 37046
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 34
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\qoMcdBts.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\system32\ejcuaxvi.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ssqnlMcD.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{94bc3d1d-22e9-4744-8ed1-3e08a3b74078} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94bc3d1d-22e9-4744-8ed1-3e08a3b74078} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomcdbts (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29309430-234e-41d9-987a-eebd99978a76} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{29309430-234e-41d9-987a-eebd99978a76} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{29be867e-7998-4a90-9adc-2cdc69d577b6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29be867e-7998-4a90-9adc-2cdc69d577b6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{94bc3d1d-22e9-4744-8ed1-3e08a3b74078} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqnlmcd -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\qoMcdBts.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\ejcuaxvi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ivxaucje.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqnlMcD.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\DcMlnqss.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DcMlnqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\odskatwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temp\cbXPHYPf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temp\geBqRLBq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temp\jbwbsunl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temp\stwjfcvn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temp\tuvTKETN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temp\umqdlywx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temp\ybnpohfn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temporary Internet Files\Content.IE5\9WEXD07B\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temporary Internet Files\Content.IE5\9WEXD07B\ptch[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temporary Internet Files\Content.IE5\9WEXD07B\ptch[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temporary Internet Files\Content.IE5\CIZ0BIC4\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temporary Internet Files\Content.IE5\F267SEP9\ptch[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temporary Internet Files\Content.IE5\O1TM2B1F\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glen Andrews\Local Settings\Temporary Internet Files\Content.IE5\ULRNCVK6\ptch[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP