Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pc antispyware causing problems [CLOSED]


  • This topic is locked This topic is locked

#16
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi sage5
Here is the OTSCANIT.Do you want a report from both the way the system is now.
OTScanIt logfile created on: 4/1/2008 8:40:58 PM
OTScanIt by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\DENNIS ANDREWS\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 612.46 Mb Available Physical Memory | 59.84% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 91.85 Gb Free Space | 80.23% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 124.28 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-9E0A4F8D43
Current User Name: DENNIS ANDREWS
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr = ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr = ]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr = ]
rogersagent.exe -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
dkservice.exe -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr = ]
djsnetcn.exe -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr = ]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 3/29/2008 5:10:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> File not found
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 9/28/2007 9:05:00 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr = ]
(ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NPF\ccPwdSvc.exe -> Symantec Corporation [Ver = 9.0.0.127 | Size = 72280 bytes | Modified Date = 9/23/2005 2:52:18 PM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr = ]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr = ]
(DJSNETCN) Symantec Licensing Detect Internet Connection [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 4:22:44 AM | Attr = ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr = ]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 11/26/2006 10:17:30 PM | Attr = ]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.5.85 | Size = 294912 bytes | Modified Date = 11/26/2006 10:17:06 PM | Attr = ]
(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 303104 bytes | Modified Date = 11/27/2006 8:54:26 PM | Attr = ]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 880640 bytes | Modified Date = 11/27/2006 8:53:14 PM | Attr = ]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 159744 bytes | Modified Date = 11/27/2006 8:51:06 PM | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NAV\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 2:22:48 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr = ]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr = ]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.453 | Size = 73728 bytes | Modified Date = 11/1/2006 11:17:32 AM | Attr = R ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr = ]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 4:07:38 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr = ]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 4:27:36 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices ->
DJSNetCN -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr = ]
RogersAgent -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,401 | Size = 4670968 bytes | Modified Date = 6/11/2007 12:52:42 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr = ]
< DENNIS ANDREWS Startup Folder > -> C:\Documents and Settings\DENNIS ANDREWS\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [] -> [Ver = | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 9/28/2007 10:57:55 PM | Attr = ]
qoMcdBts -> %SystemRoot%\system32\qoMcdBts.dll -> [Ver = | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://rogers.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://ca.red.client...//www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ca.red.client.../search/ie.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://sympatico.msn.ca/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsof...search.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
.[msn] -> My Computer ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
{2DC64287-F606-4C10-9144-E7B3ACE316D3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqnlMcD.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 268288 bytes | Modified Date = 3/28/2008 4:35:33 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr = ]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 9.0.4.26 | Size = 94384 bytes | Modified Date = 4/14/2006 12:20:32 PM | Attr = ]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\NAV\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr = ]
{bcaf8204-00d1-461f-baef-a6b8e15f06b3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\crmewnte.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 90688 bytes | Modified Date = 4/1/2008 12:19:12 PM | Attr = ]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Rogers Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr = ]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
YPC 3.2.0 -> Yahoo! Parental Controls ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{01B480B4-C00E-4728-8DD6-AEC375FE78DD} -> () ->
{C83E4D01-15FF-4384-A5D1-EBABDD7A3122} -> (RemoteControl USB LAN LINK) ->
{DBF9CED2-EA9F-46B1-8DE2-68B16625E9F0} -> (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail....es/MSNPUpld.cab[MSN Photo Upload Tool] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.mi...b?1186746137718[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macr...ash/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->



[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 3/28/2008 9:14:58 PM | Attr = ]
rcblan.sys -> %SystemRoot%\System32\drivers\rcblan.sys -> Belcarra Technologies [Ver = 02.03.02.317 | Size = 39704 bytes | Created Date = 3/25/2008 4:31:54 PM | Attr = ]
crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll -> [Ver = | Size = 90688 bytes | Created Date = 4/1/2008 12:19:11 PM | Attr = ]
DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini -> [Ver = | Size = 104051 bytes | Created Date = 3/28/2008 4:35:34 PM | Attr = HS]
DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2 -> [Ver = | Size = 104051 bytes | Created Date = 3/28/2008 4:35:34 PM | Attr = HS]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr = ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr = ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr = ]
mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini -> [Ver = | Size = 714 bytes | Created Date = 4/1/2008 12:16:12 PM | Attr = HS]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll -> [Ver = | Size = 40448 bytes | Created Date = 3/28/2008 4:29:36 PM | Attr = ]
rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll -> [Ver = | Size = 85568 bytes | Created Date = 4/1/2008 12:16:11 PM | Attr = ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll -> [Ver = | Size = 268288 bytes | Created Date = 3/28/2008 4:35:30 PM | Attr = ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 3/29/2008 9:03:00 AM | Attr = H ]
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe -> [Ver = | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 3/29/2008 3:37:36 PM | Attr = H ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr = H ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2559 bytes | Created Date = 3/24/2008 9:03:02 AM | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 3/24/2008 9:03:02 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/30/2008 8:53:06 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/28/2008 3:32:28 PM | Attr = ]
logfile -> %SystemDrive%\logfile -> [Ver = | Size = 21724 bytes | Modified Date = 3/19/2008 9:43:34 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/30/2008 11:10:45 PM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 3/30/2008 10:38:05 AM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/1/2008 5:05:24 PM | Attr = ]
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 3/29/2008 8:57:44 PM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/1/2008 8:37:55 PM | Attr = ]
crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll -> [Ver = | Size = 90688 bytes | Modified Date = 4/1/2008 12:19:12 PM | Attr = ]
DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini -> [Ver = | Size = 104051 bytes | Modified Date = 4/1/2008 8:40:57 PM | Attr = HS]
DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2 -> [Ver = | Size = 104051 bytes | Modified Date = 4/1/2008 8:39:17 PM | Attr = HS]
DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 3/30/2008 8:52:10 AM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 3/29/2008 8:55:53 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/30/2008 8:33:31 PM | Attr = ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 3/29/2008 9:10:37 AM | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 3/29/2008 9:04:21 AM | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 3/26/2008 8:50:45 AM | Attr = ]
mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini -> [Ver = | Size = 714 bytes | Modified Date = 4/1/2008 12:16:22 PM | Attr = HS]
qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll -> [Ver = | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 3/30/2008 10:38:05 AM | Attr = ]
rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll -> [Ver = | Size = 85568 bytes | Modified Date = 4/1/2008 12:16:12 PM | Attr = ]
ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll -> [Ver = | Size = 268288 bytes | Modified Date = 3/28/2008 4:35:33 PM | Attr = ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Modified Date = 3/28/2008 11:19:34 PM | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 3/29/2008 12:13:15 AM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13746 bytes | Modified Date = 3/29/2008 8:53:22 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/29/2008 8:56:33 AM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/30/2008 8:53:01 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/1/2008 8:39:07 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/19/2008 7:32:30 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/29/2008 9:15:30 AM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/29/2008 9:07:15 AM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 3/29/2008 9:03:09 AM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 3/29/2008 9:04:14 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 3/29/2008 9:05:06 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/30/2008 11:10:41 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/30/2008 8:53:08 AM | Attr = HS]
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe -> [Ver = | Size = 4096 bytes | Modified Date = 3/28/2008 4:29:56 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 3/29/2008 9:03:13 AM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 3/29/2008 10:31:45 AM | Attr = ]
msnsetuplog.bak -> %SystemRoot%\msnsetuplog.bak -> [Ver = | Size = 3545 bytes | Modified Date = 3/30/2008 9:46:42 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 3/28/2008 8:11:25 AM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 3/29/2008 3:37:36 PM | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/1/2008 6:38:26 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/29/2008 12:27:36 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 3/31/2008 10:07:04 AM | Attr = H ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/1/2008 5:05:24 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/1/2008 4:54:39 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/1/2008 8:40:19 PM | Attr = ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2559 bytes | Modified Date = 3/24/2008 9:03:03 AM | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 3/24/2008 9:01:32 AM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 3/29/2008 9:03:16 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 3/28/2008 4:29:52 PM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1863 bytes | Modified Date = 3/17/2008 3:02:00 AM | Attr = ]
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job -> [Ver = | Size = 454 bytes | Modified Date = 3/19/2008 9:03:01 PM | Attr = ]
Norton AntiVirus - Run Full System Scan - DENNIS ANDREWS.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - DENNIS ANDREWS.job -> [Ver = | Size = 552 bytes | Modified Date = 3/28/2008 8:27:02 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/1/2008 8:39:16 PM | Attr = H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 3/30/2008 4:19:03 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 3/30/2008 4:19:03 AM | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 7/24/2007 11:45:22 AM | Attr = ]

< End of report >
[/code]
  • 0

Advertisements


#17
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi denz106,

Run the Fix:
  • Open the OTScanIT folder on the Desktop
  • Run OTScanIt.exe.
  • Copy all the text in the Code box below, and Paste it into the pane under the GREEN bar, titled Paste fix here and then click the green Run Fix button.


    [Registry - Non-Microsoft Only]
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    YY -> {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll []
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    YY -> qoMcdBts -> %SystemRoot%\system32\qoMcdBts.dll
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YY -> {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [Reg Error: Value does not exist or could not be read.]
    YY -> {bcaf8204-00d1-461f-baef-a6b8e15f06b3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\crmewnte.dll [Reg Error: Value does not exist or could not be read.]
    [Files/Folders - Created Within 30 days]
    NY -> crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll
    NY -> DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini
    NY -> DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2
    NY -> mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini
    NY -> qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll
    NY -> rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll
    NY -> ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll
    NY -> iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe
    NY -> QTFont.for -> %SystemRoot%\QTFont.for
    NY -> QTFont.qfn -> %SystemRoot%\QTFont.qfn
    NY -> unins000.dat -> %SystemRoot%\unins000.dat
    NY -> unins000.exe -> %SystemRoot%\unins000.exe
    [Files/Folders - Modified Within 30 days]
    NY -> crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll
    NY -> DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini
    NY -> DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2
    NY -> mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini
    NY -> qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll
    NY -> rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll
    NY -> ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll
    NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
    NY -> iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe
    NY -> msnsetuplog.bak -> %SystemRoot%\msnsetuplog.bak
    NY -> unins000.dat -> %SystemRoot%\unins000.dat
    NY -> unins000.exe -> %SystemRoot%\unins000.exe
    NY -> SA.DAT -> %SystemRoot%\tasks\SA.DAT
    NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

  • The fix should only take a very short time.
  • When the fix is done, click the OK button in the message box.
  • Notepad will open with a log of actions taken during the fix.
    This file is saved in the Moved Files folder and is named in date_time format (mmddyyyy_hhmmss.log format, so e.g. 04012008_082852.log)
  • I need you to Post the text from that file back here.
I will review the information when it comes back in.

Cheers,

sage5
  • 0

#18
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the OTSCANIT

OTScanIt logfile created on: 4/1/2008 8:40:58 PM
OTScanIt by OldTimer - Version 1.0.8.0	 Folder = C:\Documents and Settings\DENNIS ANDREWS\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.48 Mb Total Physical Memory | 612.46 Mb Available Physical Memory | 59.84% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 91.85 Gb Free Space | 80.23% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 124.28 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-9E0A4F8D43
Current User Name: DENNIS ANDREWS
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr =	]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr =	]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr =	]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr =	]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr =	]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr =	]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr =	]
rogersagent.exe -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
dkservice.exe -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr =	]
djsnetcn.exe -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
navapsvc.exe -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr =	]
npfmntor.exe -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 3/29/2008 5:10:10 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> File not found
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 9/28/2007 9:05:00 PM | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr =	]
(ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NPF\ccPwdSvc.exe -> Symantec Corporation [Ver = 9.0.0.127 | Size = 72280 bytes | Modified Date = 9/23/2005 2:52:18 PM | Attr =	]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr =	]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr =	]
(DJSNETCN) Symantec Licensing Detect Internet Connection [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 4:22:44 AM | Attr =	]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr =	]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr =	]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 11/26/2006 10:17:30 PM | Attr =	]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.5.85 | Size = 294912 bytes | Modified Date = 11/26/2006 10:17:06 PM | Attr =	]
(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 303104 bytes | Modified Date = 11/27/2006 8:54:26 PM | Attr =	]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 880640 bytes | Modified Date = 11/27/2006 8:53:14 PM | Attr =	]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 159744 bytes | Modified Date = 11/27/2006 8:51:06 PM | Attr =	]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NAV\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 2:22:48 PM | Attr =	]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr =	]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr =	]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.453 | Size = 73728 bytes | Modified Date = 11/1/2006 11:17:32 AM | Attr = R  ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr =	]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 4:07:38 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr =	]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 4:27:36 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> 
DJSNetCN -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr =	]
RogersAgent -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,401 | Size = 4670968 bytes | Modified Date = 6/11/2007 12:52:42 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr =	]
< DENNIS ANDREWS Startup Folder > -> C:\Documents and Settings\DENNIS ANDREWS\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [] ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 9/28/2007 10:57:55 PM | Attr =	]
qoMcdBts -> %SystemRoot%\system32\qoMcdBts.dll ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://rogers.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://sympatico.msn.ca/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
{2DC64287-F606-4C10-9144-E7B3ACE316D3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqnlMcD.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 268288 bytes | Modified Date = 3/28/2008 4:35:33 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{94BC3D1D-22E9-4744-8ED1-3E08A3B74078} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcdBts.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 9.0.4.26 | Size = 94384 bytes | Modified Date = 4/14/2006 12:20:32 PM | Attr =	]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\NAV\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
{bcaf8204-00d1-461f-baef-a6b8e15f06b3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\crmewnte.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 90688 bytes | Modified Date = 4/1/2008 12:19:12 PM | Attr =	]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Rogers Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Windows &Live Favorites ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
YPC 3.2.0 -> Yahoo! Parental Controls -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{01B480B4-C00E-4728-8DD6-AEC375FE78DD} ->	() -> 
{C83E4D01-15FF-4384-A5D1-EBABDD7A3122} ->	(RemoteControl USB LAN LINK) -> 
{DBF9CED2-EA9F-46B1-8DE2-68B16625E9F0} ->	(Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186746137718[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 



[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 3/28/2008 9:14:58 PM | Attr =	]
rcblan.sys -> %SystemRoot%\System32\drivers\rcblan.sys -> Belcarra Technologies [Ver = 02.03.02.317 | Size = 39704 bytes | Created Date = 3/25/2008 4:31:54 PM | Attr =	]
crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll ->  [Ver =  | Size = 90688 bytes | Created Date = 4/1/2008 12:19:11 PM | Attr =	]
DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini ->  [Ver =  | Size = 104051 bytes | Created Date = 3/28/2008 4:35:34 PM | Attr =  HS]
DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2 ->  [Ver =  | Size = 104051 bytes | Created Date = 3/28/2008 4:35:34 PM | Attr =  HS]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini ->  [Ver =  | Size = 714 bytes | Created Date = 4/1/2008 12:16:12 PM | Attr =  HS]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll ->  [Ver =  | Size = 40448 bytes | Created Date = 3/28/2008 4:29:36 PM | Attr =	]
rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll ->  [Ver =  | Size = 85568 bytes | Created Date = 4/1/2008 12:16:11 PM | Attr =	]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll ->  [Ver =  | Size = 268288 bytes | Created Date = 3/28/2008 4:35:30 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 3/29/2008 9:03:00 AM | Attr =  H ]
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe ->  [Ver =  | Size = 4096 bytes | Created Date = 3/28/2008 4:29:56 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 3/29/2008 3:37:36 PM | Attr =  H ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr =  H ]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2559 bytes | Created Date = 3/24/2008 9:03:02 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 3/24/2008 9:03:02 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 3/30/2008 8:53:06 AM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 3/28/2008 3:32:28 PM | Attr =	]
logfile -> %SystemDrive%\logfile ->  [Ver =  | Size = 21724 bytes | Modified Date = 3/19/2008 9:43:34 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/30/2008 11:10:45 PM | Attr = R  ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 3/30/2008 10:38:05 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 4/1/2008 5:05:24 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 3/29/2008 8:57:44 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 4/1/2008 8:37:55 PM | Attr =	]
crmewnte.dll -> %SystemRoot%\System32\crmewnte.dll ->  [Ver =  | Size = 90688 bytes | Modified Date = 4/1/2008 12:19:12 PM | Attr =	]
DcMlnqss.ini -> %SystemRoot%\System32\DcMlnqss.ini ->  [Ver =  | Size = 104051 bytes | Modified Date = 4/1/2008 8:40:57 PM | Attr =  HS]
DcMlnqss.ini2 -> %SystemRoot%\System32\DcMlnqss.ini2 ->  [Ver =  | Size = 104051 bytes | Modified Date = 4/1/2008 8:39:17 PM | Attr =  HS]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 3/30/2008 8:52:10 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 3/29/2008 8:55:53 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/30/2008 8:33:31 PM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 3/29/2008 9:10:37 AM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 3/29/2008 9:04:21 AM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 3/26/2008 8:50:45 AM | Attr =	]
mcxjydnr.ini -> %SystemRoot%\System32\mcxjydnr.ini ->  [Ver =  | Size = 714 bytes | Modified Date = 4/1/2008 12:16:22 PM | Attr =  HS]
qoMcdBts.dll -> %SystemRoot%\System32\qoMcdBts.dll ->  [Ver =  | Size = 40448 bytes | Modified Date = 3/28/2008 4:29:36 PM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 3/30/2008 10:38:05 AM | Attr =	]
rndyjxcm.dll -> %SystemRoot%\System32\rndyjxcm.dll ->  [Ver =  | Size = 85568 bytes | Modified Date = 4/1/2008 12:16:12 PM | Attr =	]
ssqnlMcD.dll -> %SystemRoot%\System32\ssqnlMcD.dll ->  [Ver =  | Size = 268288 bytes | Modified Date = 3/28/2008 4:35:33 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Modified Date = 3/28/2008 11:19:34 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 3/29/2008 12:13:15 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13746 bytes | Modified Date = 3/29/2008 8:53:22 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 3/29/2008 8:56:33 AM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 3/30/2008 8:53:01 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 4/1/2008 8:39:07 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/19/2008 7:32:30 AM | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 3/29/2008 9:15:30 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 3/29/2008 9:07:15 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 3/29/2008 9:03:09 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 3/29/2008 9:04:14 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 3/29/2008 9:05:06 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/30/2008 11:10:41 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/30/2008 8:53:08 AM | Attr =  HS]
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe ->  [Ver =  | Size = 4096 bytes | Modified Date = 3/28/2008 4:29:56 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 3/29/2008 9:03:13 AM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 3/29/2008 10:31:45 AM | Attr =	]
msnsetuplog.bak -> %SystemRoot%\msnsetuplog.bak ->  [Ver =  | Size = 3545 bytes | Modified Date = 3/30/2008 9:46:42 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 3/28/2008 8:11:25 AM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 3/29/2008 3:37:36 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 4/1/2008 6:38:26 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 3/29/2008 12:27:36 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/31/2008 10:07:04 AM | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 4/1/2008 5:05:24 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 4/1/2008 4:54:39 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 4/1/2008 8:40:19 PM | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2559 bytes | Modified Date = 3/24/2008 9:03:03 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 3/24/2008 9:01:32 AM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 3/29/2008 9:03:16 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 3/28/2008 4:29:52 PM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1863 bytes | Modified Date = 3/17/2008 3:02:00 AM | Attr =	]
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job ->  [Ver =  | Size = 454 bytes | Modified Date = 3/19/2008 9:03:01 PM | Attr =	]
Norton AntiVirus - Run Full System Scan - DENNIS ANDREWS.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - DENNIS ANDREWS.job ->  [Ver =  | Size = 552 bytes | Modified Date = 3/28/2008 8:27:02 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 4/1/2008 8:39:16 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 3/30/2008 4:19:03 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 3/30/2008 4:19:03 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 7/24/2007 11:45:22 AM | Attr =	]

< End of report >

  • 0

#19
denz106

denz106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry sage5
Ignore the last post that is an old OTSCANIT file.Here is the new one

OTScanIt logfile created on: 4/4/2008 6:37:21 AM
OTScanIt by OldTimer - Version 1.0.8.0	 Folder = C:\Documents and Settings\DENNIS ANDREWS\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.48 Mb Total Physical Memory | 502.59 Mb Available Physical Memory | 49.11% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.96% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 91.80 Gb Free Space | 80.19% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 124.28 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
Drive E: | 2.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF1.02
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-9E0A4F8D43
Current User Name: DENNIS ANDREWS
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr =	]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr =	]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr =	]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr =	]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr =	]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/3/2008 10:36:29 AM | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr =	]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr =	]
ymetray.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
dkservice.exe -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr =	]
djsnetcn.exe -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
navapsvc.exe -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr =	]
npfmntor.exe -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr =	]
ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 2:18:10 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 3/29/2008 5:10:10 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/3/2008 10:36:29 AM | Attr =	]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> File not found
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/28/2007 10:56:32 PM | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 9/28/2007 9:05:00 PM | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 1/22/2007 10:19:28 PM | Attr =	]
(ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NPF\ccPwdSvc.exe -> Symantec Corporation [Ver = 9.0.0.127 | Size = 72280 bytes | Modified Date = 9/23/2005 2:52:18 PM | Attr =	]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 9/13/2007 6:49:48 PM | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 1/22/2007 10:19:34 PM | Attr =	]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 8/31/2001 3:23:12 PM | Attr =	]
(DJSNETCN) Symantec Licensing Detect Internet Connection [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Running] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 4:22:44 AM | Attr =	]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr =	]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 5/23/2007 12:13:38 PM | Attr =	]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\NAV\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 46704 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr =	]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 11/26/2006 10:17:30 PM | Attr =	]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.5.85 | Size = 294912 bytes | Modified Date = 11/26/2006 10:17:06 PM | Attr =	]
(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 303104 bytes | Modified Date = 11/27/2006 8:54:26 PM | Attr =	]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 880640 bytes | Modified Date = 11/27/2006 8:53:14 PM | Attr =	]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.5.79 | Size = 159744 bytes | Modified Date = 11/27/2006 8:51:06 PM | Attr =	]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Yahoo!\NAV\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 2:22:48 PM | Attr =	]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.6.604 | Size = 214672 bytes | Modified Date = 3/28/2007 6:52:18 PM | Attr =	]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 4:21:13 PM | Attr =	]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.453 | Size = 73728 bytes | Modified Date = 11/1/2006 11:17:32 AM | Attr = R  ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.878 | Size = 1128640 bytes | Modified Date = 7/23/2007 6:06:05 PM | Attr =	]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 4:07:38 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
484ae27d -> %SystemRoot%\system32\ejcuaxvi.DLL -> File not found
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 1/22/2007 10:19:26 PM | Attr =	]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 1:00:58 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 4:27:36 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> 
DJSNetCN -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.3.0.7 | Size = 54976 bytes | Modified Date = 2/2/2006 6:54:04 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 4:40:32 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr =	]
< DENNIS ANDREWS Startup Folder > -> C:\Documents and Settings\DENNIS ANDREWS\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 9/28/2007 10:57:55 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://rogers.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://sympatico.msn.ca/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 9.0.4.26 | Size = 94384 bytes | Modified Date = 4/14/2006 12:20:32 PM | Attr =	]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\NAV\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 5/23/2007 12:13:40 PM | Attr =	]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Rogers Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Windows &Live Favorites ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
YPC 3.2.0 -> Yahoo! Parental Controls -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{01B480B4-C00E-4728-8DD6-AEC375FE78DD} ->	() -> 
{C83E4D01-15FF-4384-A5D1-EBABDD7A3122} ->	(RemoteControl USB LAN LINK) -> 
{DBF9CED2-EA9F-46B1-8DE2-68B16625E9F0} ->	(Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186746137718[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 



[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 3/28/2008 9:14:58 PM | Attr =	]
rcblan.sys -> %SystemRoot%\System32\drivers\rcblan.sys -> Belcarra Technologies [Ver = 02.03.02.317 | Size = 39704 bytes | Created Date = 3/25/2008 4:31:54 PM | Attr =	]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/28/2008 9:28:23 PM | Attr =	]
lffax13n.dll -> %SystemRoot%\System32\lffax13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 98304 bytes | Created Date = 4/2/2008 12:28:01 PM | Attr =	]
lftif13n.dll -> %SystemRoot%\System32\lftif13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 155648 bytes | Created Date = 4/2/2008 12:28:01 PM | Attr =	]
ltclr13n.dll -> %SystemRoot%\System32\ltclr13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.068 | Size = 1693696 bytes | Created Date = 4/2/2008 12:28:01 PM | Attr =	]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 3/30/2008 9:20:09 PM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 3/29/2008 9:03:00 AM | Attr =  H ]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 3/29/2008 3:37:36 PM | Attr =  H ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 3/29/2008 12:27:36 AM | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Created Date = 4/2/2008 12:23:48 PM | Attr =  H ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 4/3/2008 2:09:59 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 3/28/2008 3:32:28 PM | Attr =	]
logfile -> %SystemDrive%\logfile ->  [Ver =  | Size = 21724 bytes | Modified Date = 3/19/2008 9:43:34 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 4/2/2008 6:56:19 PM | Attr = R  ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 3/30/2008 10:38:05 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 4/2/2008 12:21:51 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 3/29/2008 8:57:44 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 4/1/2008 8:42:36 PM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 3/30/2008 8:52:10 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 3/29/2008 8:55:53 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/30/2008 8:33:31 PM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 3/29/2008 9:10:37 AM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 3/29/2008 9:04:21 AM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 3/26/2008 8:50:45 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 3/30/2008 10:38:05 AM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Modified Date = 3/28/2008 11:19:34 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 3/29/2008 12:13:15 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13746 bytes | Modified Date = 3/29/2008 8:53:22 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 3/29/2008 8:56:33 AM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 3/30/2008 8:53:01 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 4/4/2008 6:01:03 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/19/2008 7:32:30 AM | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 3/29/2008 9:15:30 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 3/29/2008 9:07:15 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 3/29/2008 9:03:09 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 3/29/2008 9:04:14 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/30/2008 11:10:41 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 4/3/2008 2:09:59 PM | Attr =  HS]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 3/29/2008 9:03:13 AM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 3/29/2008 10:31:45 AM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 3/28/2008 8:11:25 AM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 3/29/2008 3:37:36 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 4/3/2008 7:27:08 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 3/29/2008 12:27:36 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 4/4/2008 6:18:49 AM | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 4/2/2008 6:59:07 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 4/2/2008 12:23:48 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 4/4/2008 3:43:36 AM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 3/29/2008 9:03:16 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 3/28/2008 4:29:52 PM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1863 bytes | Modified Date = 3/17/2008 3:02:00 AM | Attr =	]
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job ->  [Ver =  | Size = 454 bytes | Modified Date = 4/2/2008 9:03:00 PM | Attr =	]
Norton AntiVirus - Run Full System Scan - DENNIS ANDREWS.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - DENNIS ANDREWS.job ->  [Ver =  | Size = 552 bytes | Modified Date = 4/4/2008 5:57:44 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 4/4/2008 6:01:11 AM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 4/4/2008 5:59:46 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 4/4/2008 5:59:45 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 4/2/2008 12:24:05 PM | Attr =	]
drm_dialogs.dll -> C:\Documents and Settings\DENNIS ANDREWS\Local Settings\Temp\drm_dialogs.dll -> Sony DADC Austria AG [Ver = 1, 2, 0, 1 | Size = 65536 bytes | Modified Date = 4/3/2008 12:13:37 PM | Attr =	]
drm_dyndata_7330014.dll -> C:\Documents and Settings\DENNIS ANDREWS\Local Settings\Temp\drm_dyndata_7330014.dll -> Sony DADC Austria AG [Ver = 1, 0, 0, 3 | Size = 212992 bytes | Modified Date = 4/3/2008 5:38:34 PM | Attr =	]
11 C:\Documents and Settings\DENNIS ANDREWS\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\DENNIS ANDREWS\Local Settings\Temp\*.tmp -> 

< End of report >

  • 0

#20
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi denz106,

Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to C:\active_scan.txt
  • Post the contents of the TotalScan report & a fresh HijackThis log as your nexr reply

  • 0

#21
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP