[Eudemonia]

Hi im Josh I cannot to xfire and most game updates server it says error connecting to server someone told me it could be my firewall so i turned it off and tried and still cant connect please if you can help


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:31 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zumie\zumie.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zumie\zumie.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: TMZ Toolbar Search Class - {cec2ba6b-0675-46d3-bae0-b2a442eadba0} - C:\Program Files\TMZ Toolbar\tmztb.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: (no name) - {605B3D3F-4F33-41D0-BA27-98238E1E839F} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TMZ Toolbar Loader - {9391af7a-7e55-4787-9538-4849787a052e} - C:\Program Files\TMZ Toolbar\tmztb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: TBSB07396 - {D7ADF7C1-14FB-4110-B2DF-187884CAC12A} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: TMZ Toolbar - {57bd111f-adfe-4659-948a-94817376583f} - C:\Program Files\TMZ Toolbar\tmztb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm025YYUS
O8 - Extra context menu item: &TMZ Toolbar Search - C:\Documents and Settings\All Users\Application Data\TMZ Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.xfire.com
O15 - Trusted Zone: http://www.yoyogames.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Zumie Search Service - Zumie.com - C:\Program Files\Zumie\zumie.exe

--
End of file - 16172 bytes

Edited by Eudemonia, 18 July 2008 - 12:36 PM.

[Advertisements]

This is my second post again Hello my name is Josh and i cannot connect to many servers like xfire,aim, video game servers and some others heres my hijack this log please get back to me asap

Deckard's System Scanner v20071014.68
Run by Compaq_Administrator on 2008-07-18 18:47:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
85: 2008-07-18 22:47:34 UTC - RP327 - Deckard's System Scanner Restore Point
84: 2008-07-18 18:40:39 UTC - RP326 - Avira AntiVir Personal - 7/18/2008 14:39
83: 2008-07-18 14:47:53 UTC - RP325 - System Checkpoint
82: 2008-07-17 14:45:56 UTC - RP324 - System Checkpoint
81: 2008-07-16 14:15:01 UTC - RP323 - System Checkpoint


-- First Restore Point --
1: 2008-04-20 00:25:09 UTC - RP243 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 11.77 GiB (less than 15%) free.


-- HijackThis (run as Compaq_Administrator.exe) --------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:26 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zumie\zumie.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zumie\zumie.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\4O1G2UVM\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Compaq_Administrator.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: TMZ Toolbar Search Class - {cec2ba6b-0675-46d3-bae0-b2a442eadba0} - C:\Program Files\TMZ Toolbar\tmztb.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: (no name) - {605B3D3F-4F33-41D0-BA27-98238E1E839F} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TMZ Toolbar Loader - {9391af7a-7e55-4787-9538-4849787a052e} - C:\Program Files\TMZ Toolbar\tmztb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: TBSB07396 - {D7ADF7C1-14FB-4110-B2DF-187884CAC12A} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: TMZ Toolbar - {57bd111f-adfe-4659-948a-94817376583f} - C:\Program Files\TMZ Toolbar\tmztb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm025YYUS
O8 - Extra context menu item: &TMZ Toolbar Search - C:\Documents and Settings\All Users\Application Data\TMZ Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.xfire.com
O15 - Trusted Zone: http://www.yoyogames.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Zumie Search Service - Zumie.com - C:\Program Files\Zumie\zumie.exe

--
End of file - 16099 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>

S3 efipsk - c:\docume~1\compaq~1\locals~1\temp\efipsk.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 Zumie Search Service - "c:\program files\zumie\zumie.exe" "c:\program files\zumie\zumie.dll" service <Not Verified; Zumie.com; Zumie Search>

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-18 18:18:03 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-18 18:00:28 438 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-07-18 03:00:06 526 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
2008-07-18 01:50:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-17 13:45:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-11 20:00:00 578 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job


-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-18 18:50:25 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\Recent
2008-07-18 18:41:50 0 d-------- C:\Program Files\CCleaner
2008-07-18 15:54:55 0 d-------- C:\Nexon
2008-07-18 15:54:55 0 d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-07-16 19:04:54 0 d-------- C:\Program Files\Trend Micro
2008-07-14 12:56:25 0 d-------- C:\Program Files\TMZ Toolbar
2008-07-14 12:56:25 0 d-------- C:\Documents and Settings\All Users\Application Data\TMZ Toolbar
2008-07-13 17:14:23 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
2008-07-12 15:13:30 0 --a------ C:\Documents and Settings\Compaq_Administrator\jagex_runescape_preferences.dat
2008-07-12 14:19:21 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\FunWebProducts
2008-07-12 14:19:05 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-07-12 14:19:04 0 d-------- C:\Program Files\MyWebSearch
2008-07-12 14:18:29 0 d-------- C:\Program Files\FunWebProducts
2008-07-10 14:56:13 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\funkitron
2008-07-08 21:24:46 0 d-------- C:\Program Files\SouthPeak Interactive
2008-07-08 20:21:54 92208 --a------ C:\WINDOWS\system32\WING.DLL <Not Verified; Microsoft Corporation; WinG>
2008-07-08 20:21:54 345600 -ra------ C:\WINDOWS\system\QTIM32.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-07-08 19:56:16 0 d-------- C:\Program Files\Cosmi
2008-07-08 19:22:36 0 d-------- C:\Program Files\Hasbro Interactive
2008-06-29 19:28:07 0 d-------- C:\Program Files\SceneCaster


-- Find3M Report ---------------------------------------------------------------

2008-07-18 18:28:02 0 d-------- C:\Program Files\PokerStars
2008-07-18 18:00:07 0 d-------- C:\Program Files\Norton Security Scan
2008-07-17 22:57:39 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\OpenOffice.org2
2008-07-17 22:57:29 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\ShoppingReport
2008-07-17 20:46:36 0 d-------- C:\Program Files\Soulseek
2008-07-16 22:42:26 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\teamspeak2
2008-07-14 19:22:30 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-07-14 08:13:56 0 d-------- C:\Program Files\LimeWire
2008-07-14 00:09:42 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire
2008-07-12 18:54:08 0 d-------- C:\Program Files\Warcraft III
2008-07-12 14:19:05 0 d-------- C:\Program Files\MSN Messenger
2008-07-09 13:24:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-09 13:21:22 0 d-------- C:\Program Files\Common Files\AOL
2008-07-08 19:25:10 227 --a----c- C:\WINDOWS\PowerReg.dat
2008-06-12 11:02:49 196 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-06-07 13:21:45 0 d-------- C:\Program Files\Common Files
2008-06-05 09:08:41 7800 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-06-05 08:59:34 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-30 22:46:28 0 d-------- C:\Program Files\GamingSquared
2008-05-30 14:51:35 0 d-------- C:\Program Files\Zumie
2008-05-30 14:51:33 0 d-------- C:\Program Files\ShoppingReport
2008-05-30 14:51:29 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-05-30 14:33:19 0 d-------- C:\Program Files\TmNationsForever
2008-05-29 18:52:26 0 d-------- C:\Program Files\InstallPlay89[1]
2008-05-29 18:47:17 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2008-05-18 10:22:31 0 d-------- C:\Program Files\Project64 1.6
2008-05-14 20:10:36 55496 --a------ C:\WINDOWS\War3Unin.dat
2008-05-14 20:10:32 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-14 20:10:32 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-29 13:14:08 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
02/06/2008 08:13 AM 1173024 --a------ C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9391af7a-7e55-4787-9538-4849787a052e}]
06/04/2008 05:51 PM 1271136 --a------ C:\Program Files\TMZ Toolbar\tmztb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7ADF7C1-14FB-4110-B2DF-187884CAC12A}]
05/15/2008 04:18 PM 1920120 --a------ C:\Program Files\Freeze.com Toolbar\freeze_us.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{57BD111F-ADFE-4659-948A-94817376583F}"= C:\Program Files\TMZ Toolbar\tmztb.dll [06/04/2008 05:51 PM 1271136]

[-HKEY_CLASSES_ROOT\CLSID\{57BD111F-ADFE-4659-948A-94817376583F}]
[HKEY_CLASSES_ROOT\TmzTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{10b5f4e3-71db-40c9-aba6-8825b579955e}]
[HKEY_CLASSES_ROOT\TmzTb.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 04:50 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [03/17/2008 04:38 PM]
"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" [07/12/2008 02:19 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [07/12/2008 02:19 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [07/12/2008 02:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/26/2007 08:50 PM]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\ApcMain.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [07/12/2008 02:19 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 4:41:28 PM]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [9/28/2005 5:32:36 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/21/2008 3:44:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
"C:\Program Files\AIM\AIM Pro\aimpro.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe nogui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5000 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S1D3.tmp" /EF "HKLM"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
rundll32.exe ftutil2.dll,SetWriteCacheMode

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-18 18:52:57 ------------

[Eudemonia]

This is my second post again Hello my name is Josh and i cannot connect to many servers like xfire,aim, video game servers and some others heres my hijack this log please get back to me asap

Deckard's System Scanner v20071014.68
Run by Compaq_Administrator on 2008-07-18 18:47:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
85: 2008-07-18 22:47:34 UTC - RP327 - Deckard's System Scanner Restore Point
84: 2008-07-18 18:40:39 UTC - RP326 - Avira AntiVir Personal - 7/18/2008 14:39
83: 2008-07-18 14:47:53 UTC - RP325 - System Checkpoint
82: 2008-07-17 14:45:56 UTC - RP324 - System Checkpoint
81: 2008-07-16 14:15:01 UTC - RP323 - System Checkpoint


-- First Restore Point --
1: 2008-04-20 00:25:09 UTC - RP243 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 11.77 GiB (less than 15%) free.


-- HijackThis (run as Compaq_Administrator.exe) --------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:26 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zumie\zumie.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zumie\zumie.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\4O1G2UVM\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Compaq_Administrator.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: TMZ Toolbar Search Class - {cec2ba6b-0675-46d3-bae0-b2a442eadba0} - C:\Program Files\TMZ Toolbar\tmztb.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: (no name) - {605B3D3F-4F33-41D0-BA27-98238E1E839F} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TMZ Toolbar Loader - {9391af7a-7e55-4787-9538-4849787a052e} - C:\Program Files\TMZ Toolbar\tmztb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: TBSB07396 - {D7ADF7C1-14FB-4110-B2DF-187884CAC12A} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: TMZ Toolbar - {57bd111f-adfe-4659-948a-94817376583f} - C:\Program Files\TMZ Toolbar\tmztb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm025YYUS
O8 - Extra context menu item: &TMZ Toolbar Search - C:\Documents and Settings\All Users\Application Data\TMZ Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.xfire.com
O15 - Trusted Zone: http://www.yoyogames.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Zumie Search Service - Zumie.com - C:\Program Files\Zumie\zumie.exe

--
End of file - 16099 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>

S3 efipsk - c:\docume~1\compaq~1\locals~1\temp\efipsk.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 Zumie Search Service - "c:\program files\zumie\zumie.exe" "c:\program files\zumie\zumie.dll" service <Not Verified; Zumie.com; Zumie Search>

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-18 18:18:03 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-18 18:00:28 438 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-07-18 03:00:06 526 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
2008-07-18 01:50:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-17 13:45:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-11 20:00:00 578 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job


-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-18 18:50:25 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\Recent
2008-07-18 18:41:50 0 d-------- C:\Program Files\CCleaner
2008-07-18 15:54:55 0 d-------- C:\Nexon
2008-07-18 15:54:55 0 d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-07-16 19:04:54 0 d-------- C:\Program Files\Trend Micro
2008-07-14 12:56:25 0 d-------- C:\Program Files\TMZ Toolbar
2008-07-14 12:56:25 0 d-------- C:\Documents and Settings\All Users\Application Data\TMZ Toolbar
2008-07-13 17:14:23 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
2008-07-12 15:13:30 0 --a------ C:\Documents and Settings\Compaq_Administrator\jagex_runescape_preferences.dat
2008-07-12 14:19:21 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\FunWebProducts
2008-07-12 14:19:05 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-07-12 14:19:04 0 d-------- C:\Program Files\MyWebSearch
2008-07-12 14:18:29 0 d-------- C:\Program Files\FunWebProducts
2008-07-10 14:56:13 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\funkitron
2008-07-08 21:24:46 0 d-------- C:\Program Files\SouthPeak Interactive
2008-07-08 20:21:54 92208 --a------ C:\WINDOWS\system32\WING.DLL <Not Verified; Microsoft Corporation; WinG>
2008-07-08 20:21:54 345600 -ra------ C:\WINDOWS\system\QTIM32.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2008-07-08 19:56:16 0 d-------- C:\Program Files\Cosmi
2008-07-08 19:22:36 0 d-------- C:\Program Files\Hasbro Interactive
2008-06-29 19:28:07 0 d-------- C:\Program Files\SceneCaster


-- Find3M Report ---------------------------------------------------------------

2008-07-18 18:28:02 0 d-------- C:\Program Files\PokerStars
2008-07-18 18:00:07 0 d-------- C:\Program Files\Norton Security Scan
2008-07-17 22:57:39 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\OpenOffice.org2
2008-07-17 22:57:29 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\ShoppingReport
2008-07-17 20:46:36 0 d-------- C:\Program Files\Soulseek
2008-07-16 22:42:26 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\teamspeak2
2008-07-14 19:22:30 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-07-14 08:13:56 0 d-------- C:\Program Files\LimeWire
2008-07-14 00:09:42 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire
2008-07-12 18:54:08 0 d-------- C:\Program Files\Warcraft III
2008-07-12 14:19:05 0 d-------- C:\Program Files\MSN Messenger
2008-07-09 13:24:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-09 13:21:22 0 d-------- C:\Program Files\Common Files\AOL
2008-07-08 19:25:10 227 --a----c- C:\WINDOWS\PowerReg.dat
2008-06-12 11:02:49 196 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-06-07 13:21:45 0 d-------- C:\Program Files\Common Files
2008-06-05 09:08:41 7800 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-06-05 08:59:34 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-30 22:46:28 0 d-------- C:\Program Files\GamingSquared
2008-05-30 14:51:35 0 d-------- C:\Program Files\Zumie
2008-05-30 14:51:33 0 d-------- C:\Program Files\ShoppingReport
2008-05-30 14:51:29 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-05-30 14:33:19 0 d-------- C:\Program Files\TmNationsForever
2008-05-29 18:52:26 0 d-------- C:\Program Files\InstallPlay89[1]
2008-05-29 18:47:17 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2008-05-18 10:22:31 0 d-------- C:\Program Files\Project64 1.6
2008-05-14 20:10:36 55496 --a------ C:\WINDOWS\War3Unin.dat
2008-05-14 20:10:32 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-14 20:10:32 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-29 13:14:08 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
02/06/2008 08:13 AM 1173024 --a------ C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9391af7a-7e55-4787-9538-4849787a052e}]
06/04/2008 05:51 PM 1271136 --a------ C:\Program Files\TMZ Toolbar\tmztb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7ADF7C1-14FB-4110-B2DF-187884CAC12A}]
05/15/2008 04:18 PM 1920120 --a------ C:\Program Files\Freeze.com Toolbar\freeze_us.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{57BD111F-ADFE-4659-948A-94817376583F}"= C:\Program Files\TMZ Toolbar\tmztb.dll [06/04/2008 05:51 PM 1271136]

[-HKEY_CLASSES_ROOT\CLSID\{57BD111F-ADFE-4659-948A-94817376583F}]
[HKEY_CLASSES_ROOT\TmzTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{10b5f4e3-71db-40c9-aba6-8825b579955e}]
[HKEY_CLASSES_ROOT\TmzTb.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 04:50 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [03/17/2008 04:38 PM]
"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" [07/12/2008 02:19 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [07/12/2008 02:19 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [07/12/2008 02:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/26/2007 08:50 PM]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\ApcMain.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [07/12/2008 02:19 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 4:41:28 PM]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [9/28/2005 5:32:36 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/21/2008 3:44:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
"C:\Program Files\AIM\AIM Pro\aimpro.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe nogui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5000 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S1D3.tmp" /EF "HKLM"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
rundll32.exe ftutil2.dll,SetWriteCacheMode

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-18 18:52:57 ------------

[Eudemonia]

Also i tried downloading the malware remover and i could not connect to the server im pretty sure its some form of virius it always comes up as possible firewall issues but its nopt my firewall so please help me of you can

[Thunderbird1988]

Hello Eudemonia and welcome at Geekstogo,

I have merged the two topics you made.

Before running a new scan let's clean out the temporary folders.




Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
  
• Click Select All found at the bottom of the list.
  
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
  
• Close ALL Internet browsers (very important).
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.




Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
  
• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  
• In the Drivers section click on Non-Microsoft.
  
• Under Additional Scans click the checkboxes in front of the following items to select them:
  
  
  • Reg - BotCheck
    
    File - Additional Folder Scans
    
    
• Do not change any other settings.
  
• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
  
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  
• Save the file to your desktop or other location where you can find it back.

Use the Add Reply button and attach the file in your next post.

Thunderbird1988

[Eudemonia]

Here ya go

[code=auto:0]OTScanIt logfile created on: 7/19/2008 3:13:38 PM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 665.13 Mb Available Physical Memory | 69.39% Memory free
2.26 Gb Paging File | 1.72 Gb Available in Paging File | 76.02% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.73 Gb Total Space | 12.33 Gb Free Space | 6.94% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.40 Gb Free Space | 4.66% Space Free | Partition Type: FAT32
Drive E: | 671.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILSONS
Current User Name: Compaq_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 169584 bytes | Modified Date = 9/17/2005 3:27:12 AM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 192112 bytes | Modified Date = 9/17/2005 3:27:06 AM | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 202352 bytes | Modified Date = 9/17/2005 3:27:10 AM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 214672 bytes | Modified Date = 9/19/2005 2:24:20 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 6:21:14 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1247600 bytes | Modified Date = 10/1/2007 7:38:49 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ]
arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/3/2005 2:19:16 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 7/25/2006 6:03:42 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 4/21/2008 3:44:52 PM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/21/2006 7:08:48 AM | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 6:50:00 PM | Attr = ]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 12/4/2007 1:03:10 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ]
zumie.exe -> %ProgramFiles%\Zumie\zumie.exe -> Zumie.com [Ver = 1, 0, 0, 0 | Size = 3584 bytes | Modified Date = 5/6/2008 4:12:02 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 5:25:42 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2/19/2008 1:10:32 PM | Attr = ]
m3srchmn.exe -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3SRCHMN.EXE -> MyWebSearch.com [Ver = 1, 0, 0, 4 | Size = 24688 bytes | Modified Date = 7/12/2008 2:19:04 PM | Attr = ]
zumie.exe -> %ProgramFiles%\Zumie\zumie.exe -> Zumie.com [Ver = 1, 0, 0, 0 | Size = 3584 bytes | Modified Date = 5/6/2008 4:12:02 PM | Attr = ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1202.1501.beta | Size = 124400 bytes | Modified Date = 4/21/2008 3:44:50 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 1:10:24 PM | Attr = ]
aimpro.exe -> %ProgramFiles%\AIM\AIM Pro\aimpro.exe -> WebEx [Ver = 929 2006 01 16 | Size = 5039696 bytes | Modified Date = 1/29/2007 11:57:04 PM | Attr = ]
ventrilo.exe -> %ProgramFiles%\Ventrilo\Ventrilo.exe -> [Ver = 3, 0, 0, 0 | Size = 1388544 bytes | Modified Date = 10/24/2007 3:10:20 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ]
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/3/2005 2:19:16 AM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 7/25/2006 6:03:42 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 192112 bytes | Modified Date = 9/17/2005 3:27:06 AM | Attr = ]
(ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\ccPwdSvc.exe -> Symantec Corporation [Ver = 9.0.2.11 | Size = 72280 bytes | Modified Date = 10/13/2005 11:48:40 AM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 202352 bytes | Modified Date = 9/17/2005 3:27:10 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 169584 bytes | Modified Date = 9/17/2005 3:27:12 AM | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\comHost.exe -> Symantec Corporation [Ver = 9.0.5.5 | Size = 45744 bytes | Modified Date = 1/2/2006 4:18:24 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 9/29/2007 8:55:15 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 4/21/2008 3:44:52 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 1:10:24 PM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/21/2006 7:08:48 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.171 | Size = 2119360 bytes | Modified Date = 7/25/2006 6:03:42 PM | Attr = ]
(MyWebSearchService) My Web Search Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSSVC.EXE -> MyWebSearch.com [Ver = 1, 0, 0, 1 | Size = 28739 bytes | Modified Date = 7/12/2008 2:19:04 PM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\navapsvc.exe -> Symantec Corporation [Ver = 12.0.5.3 | Size = 133792 bytes | Modified Date = 12/31/2005 1:42:18 AM | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.1.2 | Size = 749696 bytes | Modified Date = 9/24/2005 6:10:56 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 6:50:00 PM | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 12/4/2007 1:03:10 PM | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 5:22:48 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 214672 bytes | Modified Date = 9/19/2005 2:24:20 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 6:21:14 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1247600 bytes | Modified Date = 10/1/2007 7:38:49 AM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ]
(Zumie Search Service) Zumie Search Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Zumie\zumie.exe -> Zumie.com [Ver = 1, 0, 0, 0 | Size = 3584 bytes | Modified Date = 5/6/2008 4:12:02 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\afc.sys -> Arcsoft, Inc. [Ver = 1, 0, 0, 2 | Size = 11776 bytes | Modified Date = 2/23/2005 2:58:56 PM | Attr = ]
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 36352 bytes | Modified Date = 3/9/2005 5:53:00 PM | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 8:10:42 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 8:10:42 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 395312 bytes | Modified Date = 9/21/2007 2:01:48 AM | Attr = ]
(efipsk) efipsk [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\efipsk.sys -> File not found
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 112688 bytes | Modified Date = 9/21/2007 2:01:48 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr = ]
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.0.0 | Size = 16224 bytes | Modified Date = 10/7/2007 7:20:03 AM | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/8/2005 3:07:18 AM | Attr = ]
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 241664 bytes | Modified Date = 12/6/2005 2:20:50 PM | Attr = ]
(HSX_DP) HSX_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DP.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 936448 bytes | Modified Date = 12/6/2005 2:20:40 PM | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5268 built by: WinDDK | Size = 4299264 bytes | Modified Date = 6/14/2006 2:04:12 PM | Attr = ]
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 9/24/2007 1:11:03 PM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/5/2005 6:57:08 PM | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20071125.006\NAVENG.SYS -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 81232 bytes | Modified Date = 11/14/2007 5:00:00 AM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20071125.006\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 865904 bytes | Modified Date = 11/14/2007 5:00:00 AM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 3535680 bytes | Modified Date = 5/9/2006 4:50:00 PM | Attr = ]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.05024 | Size = 34176 bytes | Modified Date = 3/3/2006 6:31:02 PM | Attr = ]
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.05024 | Size = 13056 bytes | Modified Date = 3/3/2006 6:31:04 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.20a | Size = 46080 bytes | Modified Date = 3/9/2006 2:00:00 PM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 5:31:34 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
(SAVRT) SAVRT [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.0.10 | Size = 334984 bytes | Modified Date = 8/26/2005 5:22:48 PM | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.0.10 | Size = 53896 bytes | Modified Date = 8/26/2005 5:22:50 PM | Attr = ]
(SCREAMINGBDRIVER) Screaming Bee Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ScreamingBAudio.sys -> Screaming Bee LLC [Ver = 1.1.0.0 | Size = 21920 bytes | Modified Date = 9/27/2006 12:21:10 AM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2,0,0,73 | Size = 389728 bytes | Modified Date = 9/15/2005 6:21:14 PM | Attr = ]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 639224 bytes | Modified Date = 10/7/2007 7:23:04 AM | Attr = ]
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 6.0.0.99 | Size = 12944 bytes | Modified Date = 9/19/2005 2:23:26 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.0.0.20 | Size = 108168 bytes | Modified Date = 9/17/2005 3:20:06 AM | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 6.0.0.99 | Size = 109200 bytes | Modified Date = 9/19/2005 2:23:32 PM | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 6.0.0.99 | Size = 31888 bytes | Modified Date = 9/19/2005 2:23:40 PM | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20071127.002\SymIDSCo.sys -> Symantec Corporation [Ver = 8.1.1.2 | Size = 158064 bytes | Modified Date = 11/6/2007 12:07:07 PM | Attr = ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 8/7/2006 7:59:27 PM | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 6.0.0.99 | Size = 27792 bytes | Modified Date = 9/19/2005 2:23:36 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 6.0.0.99 | Size = 24720 bytes | Modified Date = 9/19/2005 2:23:48 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 6.0.0.99 | Size = 196240 bytes | Modified Date = 9/19/2005 2:23:52 PM | Attr = ]
(winachsx) winachsx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 670208 bytes | Modified Date = 12/6/2005 2:20:42 PM | Attr = ]
(X4HSX32) X4HSX32 [Kernel | Auto | Running] -> %ProgramFiles%\GameTap\bin\Release\X4HSX32.sys -> Exent Technologies Ltd. [Ver = 07.00.02.02 | Size = 31400 bytes | Modified Date = 12/13/2007 2:52:12 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe ["C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 5:25:42 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2/19/2008 1:10:32 PM | Attr = ]
My Web Search Bar Search Scope Monitor -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3SRCHMN.EXE ["C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0] -> MyWebSearch.com [Ver = 1, 0, 0, 4 | Size = 24688 bytes | Modified Date = 7/12/2008 2:19:04 PM | Attr = ]
MyWebSearch Plugin -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3PLUGIN.DLL [rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF] -> MyWebSearch.com [Ver = 1, 0, 1, 4 | Size = 53352 bytes | Modified Date = 7/12/2008 2:19:04 PM | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 7311360 bytes | Modified Date = 5/9/2006 4:50:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 1/31/2008 11:13:08 PM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Performance Center -> %ProgramFiles%\Ascentive\Performance Center\ApcMain.exe [C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m] -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/26/2007 8:50:49 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1202.1501.beta | Size = 124400 bytes | Modified Date = 4/21/2008 3:44:50 PM | Attr = ]
< Compaq_Administrator Startup Folder > -> C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk -> %ProgramFiles%\OpenOffice.org 2.4\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 1/21/2008 4:41:28 PM | Attr = ]
%UserProfile%\Start Menu\Programs\Startup\Xfire.lnk -> %ProgramFiles%\Xfire\xfire.exe -> Xfire Inc. [Ver = 13133 | Size = 3088520 bytes | Modified Date = 9/28/2005 5:32:36 PM | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 8:29:58 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\Userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/10/2004 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/10/2004 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/10/2004 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/10/2004 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_TS-H652L_______________0603____\5&349aa4df&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_DX3218M&Prod_JZY122W&Rev_1.0\5&33aa457c&0&000 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/31/2005 12:02:02 AM | Attr = ]
AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/27/2001 8:07:38 AM | Attr = HS]
AUTORUN.FCB [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\AUTORUN.FCB [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2004 12:01:14 AM | Attr = HS]
Autorun.inf [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ] -> D:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 90 bytes | Modified Date = 6/11/2007 3:25:24 PM | Attr = ]
autoplay.exe [MZ� | ] -> E:\autoplay.exe [ CDFS ] -> [Ver = | Size = 61440 bytes | Modified Date = 10/14/2003 11:06:53 AM | Attr = R ]
autorun.inf [[autorun] | open=autoplay.exe | icon=war3.ico | | ] -> E:\autorun.inf [ CDFS ] -> [Ver = | Size = 47 bytes | Modified Date = 6/11/2002 12:13:52 PM | Attr = R ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\{cec2ba6b-0675-46d3-bae0-b2a442eadba0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TMZ Toolbar\tmztb.dll [TMZ Toolbar Search Class] -> AOL LLC [Ver = 5.11.8.2 | Size = 1271136 bytes | Modified Date = 6/4/2008 5:51:22 PM | Attr = ]
HKEY_LOCAL_MACHINE\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOLTBSearch Class] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://my.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{605B3D3F-4F33-41D0-BA27-98238E1E839F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_CURRENT_USER\: URLSearchHooks\\{cec2ba6b-0675-46d3-bae0-b2a442eadba0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TMZ Toolbar\tmztb.dll [TMZ Toolbar Search Class] -> AOL LLC [Ver = 5.11.8.2 | Size = 1271136 bytes | Modified Date = 6/4/2008 5:51:22 PM | Attr = ]
HKEY_CURRENT_USER\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOLTBSearch Class] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ]
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
trymedia.com .[http] -> Trusted sites ->
trymedia.com .[https] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 35 domain(s) found. ->
www_xfire.com [http] -> Trusted sites ->
www_yoyogames.com [http] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/24/2005 6:12:08 AM | Attr = ]
{100EB1FD-D03E-47FD-81F3-EE91287F9465} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShoppingReport] -> ShopperReports [Ver = 2.5.0.9 | Size = 1173024 bytes | Modified Date = 2/6/2008 8:13:58 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{9391af7a-7e55-4787-9538-4849787a052e} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TMZ Toolbar\tmztb.dll [TMZ Toolbar Loader] -> AOL LLC [Ver = 5.11.8.2 | Size = 1271136 bytes | Modified Date = 6/4/2008 5:51:22 PM | Attr = ]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [CNavExtBho Class] -> Symantec Corporation [Ver = 12.0.5.3 | Size = 140960 bytes | Modified Date = 12/31/2005 1:42:34 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 10/20/2007 3:28:35 PM | Attr = R ]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> Hewlett-Packard [Ver = 1.0.0.1 | Size = 208896 bytes | Modified Date = 8/7/2006 7:47:07 PM | Attr = ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 4/21/2008 3:44:57 PM | Attr = ]
{D7ADF7C1-14FB-4110-B2DF-187884CAC12A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Freeze.com Toolbar\freeze_us.dll [TBSB07396 Class] -> [Ver = 4, 0, 5, 0 | Size = 1920120 bytes | Modified Date = 5/15/2008 4:18:36 PM | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports] -> ShopperReports [Ver = 2.5.0.9 | Size = 1173024 bytes | Modified Date = 2/6/2008 8:13:58 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 10/20/2007 3:28:35 PM | Attr = R ]
{57bd111f-adfe-4659-948a-94817376583f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TMZ Toolbar\tmztb.dll [TMZ Toolbar] -> AOL LLC [Ver = 5.11.8.2 | Size = 1271136 bytes | Modified Date = 6/4/2008 5:51:22 PM | Attr = ]
{B7D3E479-CC68-42B5-A338-938ECE35F419} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Freeze.com Toolbar\freeze_us.dll [Freeze.com Toolbar] -> [Ver = 4, 0, 5, 0 | Size = 1920120 bytes | Modified Date = 5/15/2008 4:18:36 PM | Attr = ]
{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 12.0.5.3 | Size = 140960 bytes | Modified Date = 12/31/2005 1:42:34 AM | Attr = ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 10/20/2007 3:28:35 PM | Attr = R ]
WebBrowser\\{57BD111F-ADFE-4659-948A-94817376583F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TMZ Toolbar\tmztb.dll [TMZ Toolbar] -> AOL LLC [Ver = 5.11.8.2 | Size = 1271136 bytes | Modified Date = 6/4/2008 5:51:22 PM | Attr = ]
WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Freeze.com Toolbar\freeze_us.dll [Freeze.com Toolbar] -> [Ver = 4, 0, 5, 0 | Size = 1920120 bytes | Modified Date = 5/15/2008 4:18:36 PM | Attr = ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 12.0.5.3 | Size = 140960 bytes | Modified Date = 12/31/2005 1:42:34 AM | Attr = ]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ]
{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %

[Thunderbird1988]

Hello Eudemonia,

Could you please attach it. Now the log got cut off.

Thunderbird1988

[Eudemonia]

here it is again thanks

Attached Files

•  OTScanIt.Txt   245.77KB   132 downloads

Edited by Eudemonia, 19 July 2008 - 04:27 PM.

[Thunderbird1988]

Hello Eudemonia,


Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).




Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> zumie.exe -> %ProgramFiles%\Zumie\zumie.exe
YY -> m3srchmn.exe -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
YY -> zumie.exe -> %ProgramFiles%\Zumie\zumie.exe
[Win32 Services - Non-Microsoft Only]
YY -> (MyWebSearchService) My Web Search Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSSVC.EXE
YY -> (Zumie Search Service) Zumie Search Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Zumie\zumie.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> My Web Search Bar Search Scope Monitor -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3SRCHMN.EXE ["C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0]
YY -> MyWebSearch Plugin -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3PLUGIN.DLL [rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
YN -> HKEY_CURRENT_USER\: Main\\Search Page -> http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
YN -> HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YY -> {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YY -> {C5428486-50A0-4a02-9D20-520B59A9F9B2}:{C9CCBB35-D123-4a31-AFFC-9B2933132116} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports - Compare product prices]
YY -> {C5428486-50A0-4a02-9D20-520B59A9F9B3}:{A16AD1E9-F69A-45af-9462-B1C286708842} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports - Compare travel rates]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YY -> CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports - Compare product prices]
YY -> CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports - Compare travel rates]
[Files/Folders - Created Within 30 days]
NY -> f3PSSavr.scr -> %SystemRoot%\System32\f3PSSavr.scr
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> f3PSSavr.scr -> %SystemRoot%\System32\f3PSSavr.scr
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 138 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
NY -> @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:08948D52
NY -> @Alternate Data Stream - 128 bytes -> %AllUsersProfile%\Application Data\TEMP:27AAAD97
NY -> @Alternate Data Stream - 105 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9
NY -> AdwareAlert -> C:\Documents and Settings\Compaq_Administrator\Application Data\AdwareAlert
NY -> FunWebProducts -> C:\Documents and Settings\Compaq_Administrator\Application Data\FunWebProducts
NY -> ShoppingReport -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShoppingReport
[Extra Files]
%ProgramFiles%\ShoppingReport
%ProgramFiles%\Zumie
%ProgramFiles%\MyWebSearch
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.




If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.

Please post also a new Hijackthislog


I will review the information when it comes back in.

[Eudemonia]

this is the results

Explorer killed successfully
[Processes - Non-Microsoft Only]
Process zumie.exe killed successfully.
C:\Program Files\Zumie\zumie.exe moved successfully.
Process m3srchmn.exe killed successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE moved successfully.
Unable to kill process zumie.exe .
File C:\Program Files\Zumie\zumie.exe not found.
[Win32 Services - Non-Microsoft Only]
Service MyWebSearchService stopped successfully.
Service MyWebSearchService deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE moved successfully.
Service Zumie Search Service stopped successfully.
Service Zumie Search Service deleted successfully.
File C:\Program Files\Zumie\zumie.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor deleted successfully.
File C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL unregistered successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\\'' updated successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\\provider not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll unregistered successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116}\ not found.
File C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842}\ not found.
File C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ not found.
File C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ not found.
File C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll not found.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\f3PSSavr.scr moved successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\f3PSSavr.scr not found!
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08948D52 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\AdwareAlert\Settings folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\AdwareAlert\Registry Backups folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\AdwareAlert\Quarantine folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\AdwareAlert\Log folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\AdwareAlert folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\FunWebProducts\Data\Compaq_Administrator folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\FunWebProducts\Data folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\FunWebProducts folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\ShoppingReport\cs\res1 folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\ShoppingReport\cs\report folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\ShoppingReport\cs\dwld folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\ShoppingReport\cs\db folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\ShoppingReport\cs folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\ShoppingReport folder moved successfully.
[Extra Files]
< %ProgramFiles%\ShoppingReport >
C:\Program Files\ShoppingReport\Bin\2.5.0 folder moved successfully.
C:\Program Files\ShoppingReport\Bin folder moved successfully.
C:\Program Files\ShoppingReport folder moved successfully.
< %ProgramFiles%\Zumie >
C:\Program Files\Zumie folder moved successfully.
< %ProgramFiles%\MyWebSearch >
C:\Program Files\MyWebSearch\SrchAstt\1.bin folder moved successfully.
C:\Program Files\MyWebSearch\SrchAstt folder moved successfully.
C:\Program Files\MyWebSearch\bar\Settings folder moved successfully.
C:\Program Files\MyWebSearch\bar\Notifier folder moved successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON folder moved successfully.
C:\Program Files\MyWebSearch\bar\Message folder moved successfully.
C:\Program Files\MyWebSearch\bar\icons folder moved successfully.
C:\Program Files\MyWebSearch\bar\History folder moved successfully.
C:\Program Files\MyWebSearch\bar\Game folder moved successfully.
C:\Program Files\MyWebSearch\bar\Cache folder moved successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON folder moved successfully.
C:\Program Files\MyWebSearch\bar\Avatar folder moved successfully.
C:\Program Files\MyWebSearch\bar\1.bin folder moved successfully.
C:\Program Files\MyWebSearch\bar folder moved successfully.
C:\Program Files\MyWebSearch folder moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cli3A4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Gam3A3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\trace.txt scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\tricon-aol.txt scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DF6EC8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DF84B5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFFC38.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 07202008_163815

Files moved on Reboot...
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cli3A4.tmp moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Gam3A3.tmp moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\trace.txt moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\tricon-aol.txt moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DF6EC8.tmp moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DF84B5.tmp moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFFC38.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

and this is the hijack this still cant connect to all the same servers i could'nt before

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:28 PM, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: TMZ Toolbar Search Class - {cec2ba6b-0675-46d3-bae0-b2a442eadba0} - C:\Program Files\TMZ Toolbar\tmztb.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: (no name) - {605B3D3F-4F33-41D0-BA27-98238E1E839F} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TMZ Toolbar Loader - {9391af7a-7e55-4787-9538-4849787a052e} - C:\Program Files\TMZ Toolbar\tmztb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: TBSB07396 - {D7ADF7C1-14FB-4110-B2DF-187884CAC12A} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: TMZ Toolbar - {57bd111f-adfe-4659-948a-94817376583f} - C:\Program Files\TMZ Toolbar\tmztb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm025YYUS
O8 - Extra context menu item: &TMZ Toolbar Search - C:\Documents and Settings\All Users\Application Data\TMZ Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.xfire.com
O15 - Trusted Zone: http://www.yoyogames.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14174 bytes

[Thunderbird1988]

Hello Eudemonia,

I am not sure this is a malwareproblem. have you already looked here?

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {605B3D3F-4F33-41D0-BA27-98238E1E839F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm025YYUS
O15 - Trusted Zone: http://*.trymedia.com (HKLM)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Thunderbird1988

[Thunderbird1988]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Thunderbird1988]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.