Author Topic: my internet, all browsers, hangs when i log on (Read 1016 times)

eye_opener · « **Reply #22 on:** March 30, 2008, 03:54:53 PM »

OTScanIt logfile created on: 3/30/2008 3:28:12 PM
OTScanIt by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 318.11 Mb Available Physical Memory | 62.37% Memory free
1.22 Gb Paging File | 1.07 Gb Available in Paging File | 87.82% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.97 Gb Total Space | 41.87 Gb Free Space | 58.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DG72F061
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.0.3.512 | Size = 234656 bytes | Modified Date = 11/21/2003 5:04:56 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.0.3.512 | Size = 255136 bytes | Modified Date = 11/21/2003 5:04:56 PM | Attr = ]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 110592 bytes | Modified Date = 1/19/2006 11:06:18 AM | Attr = ]
acsd.exe -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,25,3 | Size = 1434848 bytes | Modified Date = 4/21/2004 12:16:02 PM | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 2.0.3.512 | Size = 218272 bytes | Modified Date = 11/21/2003 5:05:02 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.2.0.108 | Size = 197896 bytes | Modified Date = 11/21/2003 5:05:04 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 1/10/2003 6:13:04 PM | Attr = ]
symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 308352 bytes | Modified Date = 8/5/2004 6:23:10 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 3/29/2008 5:10:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,25,3 | Size = 1434848 bytes | Modified Date = 4/21/2004 12:16:02 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.0.3.512 | Size = 255136 bytes | Modified Date = 11/21/2003 5:04:56 PM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 2.0.3.512 | Size = 218272 bytes | Modified Date = 11/21/2003 5:05:02 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.0.3.512 | Size = 87200 bytes | Modified Date = 11/21/2003 5:04:56 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.0.3.512 | Size = 234656 bytes | Modified Date = 11/21/2003 5:04:56 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ]
(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\navapsvc.exe -> Symantec Corporation [Ver = 10.00.109 | Size = 158376 bytes | Modified Date = 11/21/2003 5:04:42 PM | Attr = ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.2.0.79 | Size = 193816 bytes | Modified Date = 11/21/2003 5:04:44 PM | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 1, 131 | Size = 66784 bytes | Modified Date = 6/24/2003 7:23:10 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.2.0.108 | Size = 197896 bytes | Modified Date = 11/21/2003 5:05:04 PM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 308352 bytes | Modified Date = 8/5/2004 6:23:10 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 1/10/2003 6:13:04 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MMTray -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 110592 bytes | Modified Date = 1/19/2006 11:06:18 AM | Attr = ]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ALUAlert -> %ProgramFiles%\Symantec\LiveUpdate\ALUNOTIFY.EXE -> Symantec Corporation [Ver = 1.90.15.0 | Size = 54472 bytes | Modified Date = 8/13/2003 7:38:48 PM | Attr = ]
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.716.0 | Size = 5562368 bytes | Modified Date = 8/13/2007 7:04:18 PM | Attr = ]
Symantec NetDriver Warning -> %ProgramFiles%\SymNetDrv\SNDWarn.exe -> Symantec Corporation [Ver = 5, 4, 3, 11 | Size = 218232 bytes | Modified Date = 10/29/2004 9:52:14 AM | Attr = ]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ALUAlert -> %ProgramFiles%\Symantec\LiveUpdate\ALUNOTIFY.EXE -> Symantec Corporation [Ver = 1.90.15.0 | Size = 54472 bytes | Modified Date = 8/13/2003 7:38:48 PM | Attr = ]
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.716.0 | Size = 5562368 bytes | Modified Date = 8/13/2007 7:04:18 PM | Attr = ]
Symantec NetDriver Warning -> %ProgramFiles%\SymNetDrv\SNDWarn.exe -> Symantec Corporation [Ver = 5, 4, 3, 11 | Size = 218232 bytes | Modified Date = 10/29/2004 9:52:14 AM | Attr = ]
< Administrator.DG72F061 Startup Folder > -> C:\Documents and Settings\Administrator.DG72F061\Start Menu\Programs\Startup ->
< Administrator.DG72F061.000 Startup Folder > -> C:\Documents and Settings\Administrator.DG72F061.000\Start Menu\Programs\Startup ->
< Administrator.DG72F061.001 Startup Folder > -> C:\Documents and Settings\Administrator.DG72F061.001\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Chris Startup Folder > -> C:\Documents and Settings\Chris\Start Menu\Programs\Startup ->
< Crystal Startup Folder > -> C:\Documents and Settings\Crystal\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003] > -> HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2285 | Size = 319488 bytes | Modified Date = 10/2/2003 2:18:52 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003] > -> HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://home.microsoft.com/search/lobby/search.asp ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://home.microsoft.com/access/allinone.asp ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://home.peoplepc.com/websearch ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.dell4me.com/mywaybiz ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.dell4me.com/mywaybiz ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\] > -> ->
HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\: Main\\Search Bar -> http://home.microsoft.com/search/lobby/search.asp ->
HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\: Main\\Search Page -> http://home.microsoft.com/access/allinone.asp ->
HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\: Main\\Start Page -> http://home.peoplepc.com/websearch ->
HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
online_musicmatch.com [https] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
objects_Email Removed

-> Out of zone range - ( 5 ) ->

1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\] > -> HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
objects_Email Removed

-> Out of zone range - ( 5 ) ->

1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\] > -> HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{4B5F2E08-6F39-479a-B547-B2026E4C7EDF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\PnEL.dll [PnIEBrowserHelperObj Class] -> EarthLink, Inc. [Ver = 2003.3.4.0 | Size = 372736 bytes | Modified Date = 6/4/2003 1:52:06 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PeoplePC\Toolbar\ScamGrd.dll [PPCScamBHO Class] -> EarthLink, Inc. [Ver = 3.0.3.0 | Size = 176128 bytes | Modified Date = 1/19/2006 6:43:11 PM | Attr = ]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 7.0.1.11 | Size = 126976 bytes | Modified Date = 11/21/2003 5:04:52 PM | Attr = ]
{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PeoplePC\Toolbar\PPCToolbar.dll [PeoplePal Toolbar] -> PeoplePC [Ver = 6, 3, 0, 15 | Size = 220672 bytes | Modified Date = 1/24/2006 6:07:41 PM | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVShExt.dll [CNavExtBho Class] -> Symantec Corporation [Ver = 10.00.109 | Size = 103592 bytes | Modified Date = 11/21/2003 5:04:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.1.11 | Size = 126976 bytes | Modified Date = 11/21/2003 5:04:52 PM | Attr = ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 10.00.109 | Size = 103592 bytes | Modified Date = 11/21/2003 5:04:42 PM | Attr = ]
{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PeoplePC\Toolbar\PPCToolbar.dll [PeoplePal Toolbar] -> PeoplePC [Ver = 6, 3, 0, 15 | Size = 220672 bytes | Modified Date = 1/24/2006 6:07:41 PM | Attr = ]
{D7F30B62-8269-41AF-9539-B2697FA7D77E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\PnEL.dll [Pop-Up Blocker] -> EarthLink, Inc. [Ver = 2003.3.4.0 | Size = 372736 bytes | Modified Date = 6/4/2003 1:52:06 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.1.11 | Size = 126976 bytes | Modified Date = 11/21/2003 5:04:52 PM | Attr = ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 10.00.109 | Size = 103592 bytes | Modified Date = 11/21/2003 5:04:42 PM | Attr = ]
WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PeoplePC\Toolbar\PPCToolbar.dll [PeoplePal Toolbar] -> PeoplePC [Ver = 6, 3, 0, 15 | Size = 220672 bytes | Modified Date = 1/24/2006 6:07:41 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\] > -> HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.1.11 | Size = 126976 bytes | Modified Date = 11/21/2003 5:04:52 PM | Attr = ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 10.00.109 | Size = 103592 bytes | Modified Date = 11/21/2003 5:04:42 PM | Attr = ]
WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PeoplePC\Toolbar\PPCToolbar.dll [PeoplePal Toolbar] -> PeoplePC [Ver = 6, 3, 0, 15 | Size = 220672 bytes | Modified Date = 1/24/2006 6:07:41 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Search -> -> File not found
Add to AMV Converter... -> %ProgramFiles%\MP3 Player Utilities 4.10\AMVConverter\grab.htm -> File not found
Add to Media Manager... -> %ProgramFiles%\MP3 Player Utilities 4.10\MediaManager\grab.htm -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\] > -> HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\] > -> HKEY_USERS\S-1-5-21-581438453-3531947903-4118515476-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Search -> -> File not found
Add to AMV Converter... -> %ProgramFiles%\MP3 Player Utilities 4.10\AMVConverter\grab.htm -> File not found
Add to Media Manager... -> %ProgramFiles%\MP3 Player Utilities 4.10\MediaManager\grab.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
FunWebProducts -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{34092526-07CE-4E19-9BCE-7192C475E392} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{43C944B7-CB8F-4FF8-A1C7-6621E93CECAB} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/html:{2AB289AE-4B90-4281-B2AE-1F4BB034B647}[HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read.[RXResultFilter Class] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_03] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> ->

[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 3/30/2008 1:08:00 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534843392 bytes | Created Date = 3/30/2008 3:24:33 PM | Attr = HS]
Hijack This -> %SystemDrive%\Hijack This -> [Folder | Created Date = 3/28/2008 7:15:16 PM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 3/30/2008 1:10:38 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 3/21/2008 8:17:42 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/20/2008 7:05:18 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/20/2008 7:05:18 PM | Attr = H ]

[Files/Folders - Modified Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 3/30/2008 1:08:00 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/28/2008 7:18:19 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534843392 bytes | Modified Date = 3/30/2008 3:24:33 PM | Attr = HS]
Hijack This -> %SystemDrive%\Hijack This -> [Folder | Modified Date = 3/30/2008 3:23:15 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/28/2008 7:52:27 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 3/24/2008 8:52:11 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/30/2008 1:10:38 PM | Attr = ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 1082400 bytes | Modified Date = 3/30/2008 3:25:55 PM | Attr = HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 15524 bytes | Modified Date = 3/30/2008 2:00:18 PM | Attr = HS]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/30/2008 1:20:41 PM | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CONFIG -> %SystemRoot%\System32\CONFIG -> [Folder | Modified Date = 3/28/2008 7:13:12 PM | Attr = ]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 3/20/2008 2:17:16 AM | Attr = ]
DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 3/28/2008 7:12:11 PM | Attr = RHS]
DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 3/28/2008 7:12:31 PM | Attr = ]
PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT -> [Ver = | Size = 53668 bytes | Modified Date = 3/28/2008 7:24:47 PM | Attr = ]
PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT -> [Ver = | Size = 382308 bytes | Modified Date = 3/28/2008 7:24:47 PM | Attr = ]
WBEM -> %SystemRoot%\System32\WBEM -> [Folder | Modified Date = 3/28/2008 7:12:54 PM | Attr = ]
WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> [Ver = | Size = 2206 bytes | Modified Date = 3/30/2008 3:25:15 PM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 3/30/2008 3:24:35 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 3/30/2008 1:10:38 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Modified Date = 3/22/2008 10:44:38 PM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 3/28/2008 7:11:44 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/21/2008 8:40:51 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/30/2008 3:26:45 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 3/21/2008 8:17:42 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/20/2008 7:05:18 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 3/25/2008 10:50:06 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/28/2008 7:12:53 PM | Attr = ]
SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 3/30/2008 12:58:58 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/30/2008 3:25:17 PM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 598 bytes | Modified Date = 3/25/2008 10:51:02 PM | Attr = ]
RegSweep Scheduled Scan.job -> %SystemRoot%\tasks\RegSweep Scheduled Scan.job -> [Ver = | Size = 386 bytes | Modified Date = 3/28/2008 3:30:00 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/30/2008 3:24:46 PM | Attr = H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 412 bytes | Modified Date = 3/30/2008 3:25:37 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 11/16/2007 7:35:33 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 11/16/2007 7:35:33 PM | Attr = ]
getseal[1].com&size=S&use_flash=YES&use_transparent=YES&lang=en -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\LKC21VXM\getseal[1].com -> [Ver = | Size = 3573 bytes | Modified Date = 9/26/2006 3:43:41 PM | Attr = ]
DELL_Drv.EXE -> C:\Documents and Settings\Owner\Local Settings\Temp\DELL_Drv.EXE -> [Ver = | Size = 930277 bytes | Modified Date = 10/14/2004 11:16:26 PM | Attr = ]
extracted_s_fileB1.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\extracted_s_fileB1.exe -> [Ver = | Size = 6274214 bytes | Modified Date = 8/4/2007 5:52:08 PM | Attr = ]
extracted_s_fileB2.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\extracted_s_fileB2.exe -> [Ver = | Size = 6274214 bytes | Modified Date = 8/4/2007 6:53:17 PM | Attr = ]
extracted_s_fileB3.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\extracted_s_fileB3.exe -> [Ver = | Size = 6274214 bytes | Modified Date = 8/4/2007 10:28:24 PM | Attr = ]
extracted_s_fileB4.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\extracted_s_fileB4.exe -> [Ver = | Size = 6274214 bytes | Modified Date = 8/4/2007 10:28:47 PM | Attr = ]
extracted_s_fileB5.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\extracted_s_fileB5.exe -> [Ver = | Size = 6274214 bytes | Modified Date = 8/4/2007 10:33:28 PM | Attr = ]
extracted_s_fileB6.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\extracted_s_fileB6.exe -> [Ver = | Size = 6274214 bytes | Modified Date = 12/22/2007 7:26:55 PM | Attr = ]
FFPage.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\FFPage.exe -> [Ver = | Size = 24576 bytes | Modified Date = 11/12/2006 11:39:14 AM | Attr = ]
pacman.EXE -> C:\Documents and Settings\Owner\Local Settings\Temp\pacman.EXE -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 3158016 bytes | Modified Date = 8/5/2007 10:47:50 PM | Attr = ]
ppaluninst.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\ppaluninst.exe -> PeoplePC, Inc. [Ver = 6.3.0.17 | Size = 36583 bytes | Modified Date = 1/16/2007 7:11:29 PM | Attr = ]
setup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\setup.exe -> [Ver = | Size = 36864 bytes | Modified Date = 9/25/2003 5:55:46 PM | Attr = ]
stsetup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\stsetup.exe -> [Ver = | Size = 234920 bytes | Modified Date = 7/22/2007 9:24:24 PM | Attr = ]
switchsetup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\switchsetup.exe -> [Ver = | Size = 445088 bytes | Modified Date = 7/22/2007 9:24:20 PM | Attr = ]
tpw5k009.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\tpw5k009.exe -> [Ver = | Size = 591398 bytes | Modified Date = 8/6/2007 12:43:00 AM | Attr = ]
uninst.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\uninst.exe -> [Ver = | Size = 335876 bytes | Modified Date = 7/22/2007 9:24:29 PM | Attr = ]
vmpremov.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\vmpremov.exe -> Viewpoint Corporation [Ver = 3, 0, 14, 160 | Size = 61440 bytes | Modified Date = 8/6/2003 4:16:10 PM | Attr = ]
WebLaunchInstaller.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\WebLaunchInstaller.exe -> thriXXX [Ver = 1.0 | Size = 627119 bytes | Modified Date = 9/23/2007 9:26:52 PM | Attr = ]
559 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp ->
md5deep.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~eozxxul.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
sed.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~eozxxul.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
swreg.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~eozxxul.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
md5deep.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~gsiqhdo.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
sed.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~gsiqhdo.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
swreg.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~gsiqhdo.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
md5deep.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~niisniz.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
sed.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~niisniz.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
swreg.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~niisniz.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
md5deep.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~okxekcy.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
sed.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~okxekcy.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
swreg.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~okxekcy.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
md5deep.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~qftmqri.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
sed.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~qftmqri.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
swreg.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~qftmqri.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
md5deep.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~slesmha.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
sed.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~slesmha.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
swreg.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~slesmha.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr = ]
setup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\7zS6D.tmp\setup.exe -> Mozilla Corporation [Ver = 2.0.0.8 | Size = 423840 bytes | Modified Date = 10/9/2007 12:33:14 AM | Attr = ]
updater.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\7zS6D.tmp\nonlocalized\updater.exe -> Mozilla Foundation [Ver = 1.8.1.8: 2007100816 | Size = 131968 bytes | Modified Date = 10/9/2007 12:33:23 AM | Attr = ]
xpicleanup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\7zS6D.tmp\nonlocalized\xpicleanup.exe -> Mozilla Foundation [Ver = 1.8.1.8: 2007100816 | Size = 73072 bytes | Modified Date = 10/9/2007 12:33:27 AM | Attr = ]
talkback.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\7zS6D.tmp\optional\extensions\[email protected]\components\talkback.exe -> Full Circle Software, Inc. [Ver = 2.2.unofficial | Size = 406776 bytes | Modified Date = 10/9/2007 12:33:35 AM | Attr = ]
setup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\7zSC7.tmp\setup.exe -> Mozilla Corporation [Ver = 2.0.0.8 | Size = 423840 bytes | Modified Date = 10/9/2007 12:33:14 AM | Attr = ]
helper.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\7zSC7.tmp\localized\uninstall\helper.exe -> Mozilla Corporation [Ver = 2.0.0.8 | Size = 450552 bytes | Modified Date = 10/9/2007 12:33:15 AM | Attr = ]
firefox.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\7zSC7.tmp\nonlocalized\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.8: 2007100816 | Size = 7648616 bytes | Modified Date = 10/9/2007 12:33:17 AM | Attr = ]
updater.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\7zSC7.tmp\nonlocalized\updater.exe -> Mozilla Foundation [Ver = 1.8.1.8: 2007100816 | Size = 131968 bytes | Modified Date = 10/9/2007 12:33:23 AM | Attr = ]
xpicleanup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\7zSC7.tmp\nonlocalized\xpicleanup.exe -> Mozilla Foundation [Ver = 1.8.1.8: 2007100816 | Size = 73072 bytes | Modified Date = 10/9/2007 12:33:27 AM | Attr = ]
talkback.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\7zSC7.tmp\optional\extensions\[email protected]\components\talkback.exe -> Full Circle Software, Inc. [Ver = 2.2.unofficial | Size = 406776 bytes | Modified Date = 10/9/2007 12:33:35 AM | Attr = ]
DELL_Drv.Exe -> C:\Documents and Settings\Owner\Local Settings\Temp\DellDJ\DELL_Drv.Exe -> [Ver = | Size = 932460 bytes | Modified Date = 1/30/2005 6:52:00 PM | Attr = ]
setup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\DellDJ\setup.exe -> [Ver = | Size = 86016 bytes | Modified Date = 6/21/2005 9:50:36 AM | Attr = ]
AVSDVDCopyTrial.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\DRDld\AVSDVDCopyTrial.exe -> Online Media Technologies Ltd. [Ver = 1.4.1.92 | Size = 28826158 bytes | Modified Date = 10/21/2007 8:45:04 PM | Attr = ]
InternetSecuritySetup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\PeoplePC Online\InternetSecuritySetup.exe -> PeoplePC, Inc. [Ver = 1.5.0.15 | Size = 20816473 bytes | Modified Date = 4/19/2006 3:51:46 PM | Attr = ]
PPCPost6000.EXE -> C:\Documents and Settings\Owner\Local Settings\Temp\PeoplePC Online\PPCPost6000.EXE -> [Ver = | Size = 44483 bytes | Modified Date = 1/16/2007 7:13:37 PM | Attr = ]
Setup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\PeoplePC Online\Setup.exe -> [Ver = 6, 3, 0, 75 | Size = 81920 bytes | Modified Date = 4/14/2006 3:58:34 PM | Attr = ]
regcure.1.x.x.xx-patch.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX01.672\regcure.1.x.x.xx-patch.exe -> [Ver = | Size = 245493 bytes | Modified Date = 4/6/2007 8:09:16 AM | Attr = ]
RegCureSetup_1_5.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX01.672\RegCureSetup_1_5.exe -> ParetoLogic Inc. [Ver = 1.5.0.0 | Size = 1075536 bytes | Modified Date = 8/16/2007 2:55:25 PM | Attr = ]
regcure.1.x.x.xx-patch.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX12.078\regcure.1.x.x.xx-patch.exe -> [Ver = | Size = 245493 bytes | Modified Date = 4/6/2007 8:09:16 AM | Attr = ]
RegCureSetup_1_5.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX12.078\RegCureSetup_1_5.exe -> ParetoLogic Inc. [Ver = 1.5.0.0 | Size = 1075536 bytes | Modified Date = 8/16/2007 2:55:25 PM | Attr = ]
regcure.1.x.x.xx-patch.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX14.1578\regcure.1.x.x.xx-patch.exe -> [Ver = | Size = 245493 bytes | Modified Date = 4/6/2007 8:09:16 AM | Attr = ]
RegCureSetup_1_5.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX14.1578\RegCureSetup_1_5.exe -> ParetoLogic Inc. [Ver = 1.5.0.0 | Size = 1075536 bytes | Modified Date = 8/16/2007 2:55:25 PM | Attr = ]
BluesPortScan.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for blue.zip\blue\BluesPortScan.exe -> Volker Voss [Ver = 5.0.2.1262 | Size = 254464 bytes | Modified Date = 11/25/2002 9:26:54 AM | Attr = ]
MotoSkin.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for motoskinv0.1.8.zip\MotoSkin.exe -> [Ver = | Size = 52224 bytes | Modified Date = 1/26/2005 4:36:22 PM | Attr = ]
MySpaceMp3Gopher.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for MySpaceMp3Gopher.zip\MySpaceMp3Gopher.exe -> www.mouseindustries.com [Ver = 2, 0, 9, 11 | Size = 135680 bytes | Modified Date = 5/27/2007 5:11:20 PM | Attr = ]
rapidhacker 1.0.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for RapidHacker_1.0beta.zip\RapidHacker 1.0beta\rapidhacker 1.0.exe -> xyr0x security [Ver = 1.00 | Size = 311296 bytes | Modified Date = 1/24/2007 9:20:48 AM | Attr = ]
MySpaceMp3Gopher.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for MySpaceMp3Gopher.zip\MySpaceMp3Gopher.exe -> www.mouseindustries.com [Ver = 2, 0, 9, 11 | Size = 135680 bytes | Modified Date = 5/27/2007 5:11:20 PM | Attr = ]
Mot_unlocker.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for unlocker.zip\unlocker\Mot_unlocker.exe -> [Ver = | Size = 717824 bytes | Modified Date = 12/9/2004 1:12:56 PM | Attr = ]
MySpaceMp3Gopher.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for MySpaceMp3Gopher.zip\MySpaceMp3Gopher.exe -> www.mouseindustries.com [Ver = 2, 0, 9, 11 | Size = 135680 bytes | Modified Date = 5/27/2007 5:11:20 PM | Attr = ]
MySpaceMp3Gopher.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 4 for MySpaceMp3Gopher.zip\MySpaceMp3Gopher.exe -> www.mouseindustries.com [Ver = 2, 0, 9, 11 | Size = 135680 bytes | Modified Date = 5/27/2007 5:11:20 PM | Attr = ]
MySpaceMp3Gopher.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 6 for MySpaceMp3Gopher.zip\MySpaceMp3Gopher.exe -> www.mouseindustries.com [Ver = 2, 0, 9, 11 | Size = 135680 bytes | Modified Date = 5/27/2007 5:11:20 PM | Attr = ]
MySpaceMp3Gopher.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 7 for MySpaceMp3Gopher.zip\MySpaceMp3Gopher.exe -> www.mouseindustries.com [Ver = 2, 0, 9, 11 | Size = 135680 bytes | Modified Date = 5/27/2007 5:11:20 PM | Attr = ]
MySpaceMp3Gopher.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 8 for MySpaceMp3Gopher.zip\MySpaceMp3Gopher.exe -> www.mouseindustries.com [Ver = 2, 0, 9, 11 | Size = 135680 bytes | Modified Date = 5/27/2007 5:11:20 PM | Attr = ]
MySpaceMp3Gopher.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 9 for MySpaceMp3Gopher.zip\MySpaceMp3Gopher.exe -> www.mouseindustries.com [Ver = 2, 0, 9, 11 | Size = 135680 bytes | Modified Date = 5/27/2007 5:11:20 PM | Attr = ]
setup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\WMDM\setup.exe -> [Ver = | Size = 86016 bytes | Modified Date = 11/17/2005 9:54:34 AM | Attr = ]
acsdir.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\acsdir.dll -> [Ver = | Size = 81920 bytes | Modified Date = 8/6/2003 5:02:18 PM | Attr = ]
AOLVPChk.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\AOLVPChk.dll -> Viewpoint Corporation [Ver = 3, 2, 2, 26 | Size = 49152 bytes | Modified Date = 8/20/20

guestolo · « **Reply #23 on:** March 30, 2008, 03:59:07 PM »

Did you run Regcure on this machine, did your problems start after that?

How is internet running now?

eye_opener · « **Reply #24 on:** March 30, 2008, 04:12:16 PM »

i did run reg cure at one while and i do believe my problems started after that
as far as my interent idk
i am running in safe mode
i will try running it in normal and then if all wells i will post again

eye_opener · « **Reply #25 on:** March 30, 2008, 04:18:57 PM »

may God himself bless you?!

My internet is working GREAT

Thanks for everything

is there anythingelse i should do

guestolo · « **Reply #26 on:** March 30, 2008, 08:16:52 PM »

Can we just do a couple more steps
I don't suggest running RegCleaners, they can have negative effects
If you didn't pay for RegCure
I would opt to uninstall it from Add and Remove Programs
If there is no entry there
Navigate to this folder
C:\Program Files\RegCure
Open that folder and run uninst.exe
Follow the prompts for removal

Also, PeoplePC toolbar is not recommended, I suggest that you uninstall it also
If no entry in Add and Remove Programs
Navigate to this folder
C:\Program Files\PeoplePC\Toolbar
With your browser closed, run ppaluninst.exe
Follow the prompts

Can you delete these folders if found
C:\Program Files\MyWebSearch
C:\Program Files\Need2Find

Download ATF Cleaner by Atribune and save it to your Desktop.

http://www.atribune.org/ccount/click.php?id=1

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything it can, check "Select All".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
NOTE: Reboot may be a bit slower after running ATF-Cleaner
We have cleared the Prefetch folder, bootup will get quicker as this folder is rebuilt

Afterwards:
download Malwarebytes' Anti-Malware from Here or Here

Print the rest of these instructions, or save them to textfile on desktop
Close your browser windows

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

eye_opener · « **Reply #27 on:** March 31, 2008, 07:16:54 AM »

mbam log

Malwarebytes' Anti-Malware 1.09
Database version: 507

Scan type: Full Scan (C:\|)
Objects scanned: 142884
Time elapsed: 56 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 146
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 91

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e89-a32a-416b-bcdb-33b3ef3617d3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e8b-a32a-416b-bcdb-33b3ef3617d3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{630d6140-04c5-4db0-b27a-020d766ff09b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\VideoAccessCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Hijack This\backups\backup-20080330-125829-354.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0415910A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\08264275.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0826B9F7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0826E116.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\08274697.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\08276402.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\082774BB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\08277A68.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\08277FC7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\08278594 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\092F88EB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\092F9109.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\092F96D6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\092F9D00.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\09301E74.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\0936805E.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.htmlx (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\VideoAccessCodec\imex.bat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\VideoAccessCodec\install.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\VideoAccessCodec\vpnpms.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:38 AM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-21-581438453-3531947903-4118515476-1009\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm565LZUS
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://us.f524.mail.yahoo.com/ym/ShowLette...ad=b&Idx=22
O24 - Desktop Component 1: (no name) - http://Email Removedmusicnow.com/images/az/tuner_top_left.gif

--
End of file - 7619 bytes

guestolo · « **Reply #28 on:** March 31, 2008, 12:43:36 PM »

1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Click the Customize Desktop button.
5. Click the Web tab in the Desktop Items window.
6. Under web pages, highlight and delete anything in this window you do not recognize

Do a "System scan only" with Hijackthis and put a check next to these entries:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm565LZUS

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the entries below in BLUE to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]C:\Program Files\Need2Find[/color]

======================================================
Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

If you are not prompted to reboot your computer, can you reboot manually anyways

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Can you post that log along with a fresh hijackthis log please
Keep me informed how things are running

NOTE: Did you choose to hold onto PeoplePC toolbar?
It was typically an unrecommended toolbar and not needed
Do you get popup ads from it?

eye_opener · « **Reply #29 on:** March 31, 2008, 06:35:21 PM »

no i didn't choose to keep it i can't find the uninistall also C:\Program Files\Need2Find can not be found

File/Folder C:\Program Files\Need2Find not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03312008_185052

everything else in ur last blog was taken care of

guestolo · « **Reply #30 on:** March 31, 2008, 07:47:41 PM »

Sometimes the best way to get rid of a program is to reinstall it and then uninstall it

Can you try that option please

Download and install
The PeoplePC toolbar from this link
Click HERE
SAVE this to desktop, do NOT choose run
Install it then Uninstall it
Reboot

Afterwards post a fresh hijackthis log and keep me informed how things are running

eye_opener · « **Reply #31 on:** March 31, 2008, 10:29:58 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:13 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Hijack This\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6533 bytes

and things are running great

guestolo · « **Reply #32 on:** April 01, 2008, 07:47:56 AM »

Darn, I missed one
Do a "System scan only" with Hijackthis and put a check next to these entries:

O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer

Do a fresh scan>>save logfile with hijackthis
If that 018 entry is not found, don't bother posting back the log

Can you do me a favor
Look in your Add and Remove Programs
Is there an entry for Java 6 update 2?

If it's not there, can you do the following
Download and SAVE this to desktop, don't choose Run
Windows Installer Cleanup utility (msicuu2.exe)
After you save it to desktop, double click on it to install it
After you install it, you can delete the installer from desktop
Go to START>>All Programs>>Windows Installer Cleanup
The program will open
Do you then see Java 6 update 2 in the list?

eye_opener · « **Reply #33 on:** April 01, 2008, 03:44:16 PM »

yes i saw it on there

guestolo · « **Reply #34 on:** April 01, 2008, 06:21:58 PM »

[quote name=\'eye_opener\' post=\'425617\' date=\'Apr 1 2008, 01:44 PM\']yes i saw it on there[/quote]

So I take it Java is not in your Add and Remove programs

Can you do the following
Close any browser windows you may have open, including this one
Open Windows Install Cleanup
Select Java from the list and Remove it

Reboot your computer afterwards
Back in Windows
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
From that link scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5".
Click the "Download" button to the right.
Click the Accept button>>the page will refresh
Click on the link to download Windows Offline Installation, Multi-language (15.18 MB) and SAVE to your desktop.
Then from your desktop double-click on jre-6u5-windows-i586-p.exe that you downloaded to install the newest version.

Let me know how you make out with that
We'll just do some final steps afterwards and you should be good to go

eye_opener · « **Reply #35 on:** April 01, 2008, 10:43:09 PM »

i was unable to download the update instead i was faced with

guestolo · « **Reply #36 on:** April 01, 2008, 10:52:37 PM »

What happens when you click the link I supplied, can you save the download to desktop?

CLICK HERE

eye_opener · « **Reply #37 on:** April 01, 2008, 11:10:54 PM »

it just takes me to the download page with all the applications

guestolo · « **Reply #38 on:** April 01, 2008, 11:27:56 PM »

Can you try the following link
http://www.java.com/en/download/manual.jsp

Download and SAVE the OFFLINE installation
Run the installer
If you are prompted to install the Google toolbar or other toolbar, Uncheck the selection

eye_opener · « **Reply #39 on:** April 02, 2008, 01:02:40 AM »

i have successfully installed an updated JAVA

News:

Author Topic: my internet, all browsers, hangs when i log on (Read 1016 times)