1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: very slow performance

Discussion in 'Virus & Other Malware Removal' started by ms_luckylady, Feb 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. ms_luckylady

    ms_luckylady Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    43
    :confused: have incl. hjt log
    windows media player and ei very slow and often not responding

    please help?:eek:
     

    Attached Files:

  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    For better viewing:

    Logfile of HijackThis v1.99.0
    Scan saved at 1:49:57 PM, on 2/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\TELUS\TELUS Security service\Freedom.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\TELUS eCare\bin\mpbtn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\My Documents\hijackthis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [ES Current Services] C:\WINDOWS\system32\Winservc\gotcha.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.winantivirus.com/p...
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.3.37/hotstreak/hotstreak-en_US.cab
    O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.5.2.33/squares/squares-en_US.cab
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://msluckylady.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142630698640
    O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us29/n.cab
    O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
     
  3. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, ms_luckylady :)

    Welcome to TSG.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the C:\Windows\System 32 folder. Locate the Winservc folder and right click on it. Select Send to, then Compressed folder. That will create a .zip folder in the C:\Windows\System32 folder labeled, Winservc.zip. Close all windows.

    Please go here:
    The Spy Killer Forum
    • Click on "New Topic"
    • Put your name, e-mail address, and this as the title: "Contents of C:\WINDOWS\system32\Winservc"
    • Put a link to this thread in the description box.
    • Then next to the file box, at the bottom, click the browse button, then navigate to this folder:
      • C:\WINDOWS\system32\Winservc.zip
    • Click Open.
    • Click Post.
    Jotti File Submission:
    • Please go to Jotti's malware scan
    • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
      • C:\WINDOWS\system32\Winservc\gotcha.exe
    • Click on the submit button
    • Please post the results in your next reply.

    Download ComboFix from Here or Here. to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  4. ms_luckylady

    ms_luckylady Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    43
    Hi!
    one quick question
    how do I put a link to the thread (C:WINDOWS\system32\winservc) (right?) in the description box?
    hyper link or ftp link?
    could you explain the difference?
     
  5. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, ms_luckylady :)

    The link is the addess to this thread. It should appear in the address bar above. Just right click on it and select copy and paste it at the Spykiller forum. It should appear as:

    http://forums.techguy.org/newreply.php?do=newreply&noquote=1&p=4443149

    Go to the Spykiller forum and take a look at some of those submittions as an example.

    Anything else you do not understand?
     
  6. ms_luckylady

    ms_luckylady Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    43
    I enter "C:\WINDOWS\system32\Winservc\gotcha.exe" and submit.
    Message:
    The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.
    ???help
     
  7. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, ms_luckylady :)

    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O4 - HKLM\..\RunServices: [ES Current Services] C:\WINDOWS\system32\Winservc\gotcha.exe


    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\Winservc
      C:\WINDOWS\system32\Winservc.zip


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
      • If able, copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on a note pad document. Save it on the desktop and post its contents in your next reply.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Restart the computer and Test.

    Post a fresh Hijackthis log and let me know how is the computer doing?
     
  8. ms_luckylady

    ms_luckylady Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    43
    here are results you requested :)

    Logfile of HijackThis v1.99.0
    Scan saved at 1:07:26 PM, on 2/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\TELUS\TELUS Security service\Freedom.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\TELUS eCare\bin\mpbtn.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\CallerID Box\CallerIDBox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\My Documents\hijackthis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.winantivirus.com/p...
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.3.37/hotstreak/hotstreak-en_US.cab
    O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.5.2.33/squares/squares-en_US.cab
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://msluckylady.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142630698640
    O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us29/n.cab
    O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    C:\WINDOWS\system32\Winservc moved successfully.
    C:\WINDOWS\system32\Winservc.zip moved successfully.

    Created on 02/13/2007 13:04:18
     
  9. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, ms_luckylady :)

    The log looks clear. How is the computer doing?
     
  10. ms_luckylady

    ms_luckylady Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    43
    still having freeze up issues(n) totally lost here
     
  11. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, ms_luckylady :)

    Lets take a deeper look:

    Click here to download WinPFind.
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!

    Reboot into Safe Mode

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    • Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete, restart the computer back in Normal Mode.
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next reply!
     
  12. ms_luckylady

    ms_luckylady Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    43
    Here is the WinPFind report you requested. Next?:eek:

    WinPFind logfile created on: 2/14/2007 10:29:31 AM
    WinPFind by OldTimer - v2.0.1 Folder = C:\Documents and Settings\Owner\Shared\WinPFind\

    »»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

    Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
    Internet Explorer Version: 7.0.5730.11

    »»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

    513792 Kb Total Physical Memory | 378836 Kb Available Physical Memory | 73.73% Memory free
    1256624 Kb Paging File | 1198316 Kb Available in Paging File | 95.36% Paging File free
    Paging file location: C:\pagefile.sys 756 1512

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 151870476 Kb Total Space | 99583740 Kb Free Space | 65.57% Space Free
    Drive D: | 4409212 Kb Total Space | 1758352 Kb Free Space | 39.88% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    »»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

    C:\Documents and Settings\Owner\Shared\WinPFind\WinPFind.exe ()

    »»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

    (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped]
    = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)

    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
    = C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

    (dvpapi) dvpapi [Win32_Own | Auto | Stopped]
    = C:\Program Files\Common Files\Command Software\dvpapi.exe (Command Software Systems, Inc.)

    (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped]
    = C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

    (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped]
    = C:\WINDOWS\system32\HPZipm12.exe (HP)

    (PrismXL) PrismXL [Win32_Own | Auto | Stopped]
    = C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

    »»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

    >>>>> Run Keys and Auto-Start Folders <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    !AVG Anti-Spyware = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
    Alcmtr = C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    AlcWzrd = C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
    High Definition Audio Property Page Shortcut = C:\WINDOWS\system32\HDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    HP Component Manager = C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
    HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
    IgfxTray = C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    Motive SmartBridge = C:\Program Files\TELUS eCare\SmartBridge\MotiveSB.exe (TELUS)
    NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    QuickTime Task = C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    Recguard = C:\WINDOWS\SMINST\Recguard.exe ()
    RemoteControl = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    SoundMan = C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
    SunKistEM = C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
    TELUS Security service = C:\Program Files\TELUS\TELUS Security service\Freedom.exe (Zero-Knowledge Systems Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    IncrediMail = C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    ES Current Services = C:\WINDOWS\system32\Winservc\gotcha.exe (File not found)


    < Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
    = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
    = C:\Program Files\Microsoft Office\Office\OSA.EXE ()

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TELUS eCare.lnk
    = C:\Program Files\TELUS eCare\bin\matcli.exe (Motive Communications, Inc.)

    < User Startup Folder = C:\Documents and Settings\Owner\Start Menu\Programs\Startup >
    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()

    >>>>> MsConfig Disabled Items <<<<<

    >>>>> Disabled Startup Folder Items <<<<<

    >>>>> Items Started Through Miscellaneous Registry Keys <<<<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) )


    >>>>> Security Providers <<<<<

    >>>>> Winlogon Keys <<<<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
    Control_RunDLL (File not found)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    DllName = C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

    >>>>> Policy Keys <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    NoCDBurning = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
    {17492023-C23A-453E-A040-C7C580BBF700} = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    dontdisplaylastusername = 0
    legalnoticecaption =
    legalnoticetext =
    shutdownwithoutlogon = 1
    undockwithoutlogon = 1

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    NoDriveTypeAutoRun = 145

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    DisableRegistryTools = 0

    >>>>> Desktop Components <<<<<

    >>>>> HOSTS File <<<<<

    HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 734 bytes | Modified Date: 9/21/2006 11:37:50 AM)
    127.0.0.1 localhost

    >>>>> Internet Explorer Settings <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    Local Page = %SystemRoot%\system32\blank.htm
    Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Local Page = C:\WINDOWS\system32\blank.htm
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
    CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    ProxyEnable = 0
    ProxyOverride = 127.0.0.1

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com/p...\www.winantivirus]
    http

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pogo.com\www]
    https

    >>>>> Browser Helper Objects <<<<<

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    - Yahoo! Toolbar Helper ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    - AcroIEHlprObj Class ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
    - PopKill Class ( HKLM = C:\Program Files\TELUS\TELUS Security service\pkR.dll (Zero-Knowledge Systems Inc.) )

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}]
    - ZKBho Class ( HKLM = C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll (Zero-Knowledge Systems Inc.) )

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    - SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    - Google Toolbar Helper ( HKLM = c:\program files\Google\googletoolbar4.dll (Google Inc.) )

    >>>>> Bars, Toolbars and Extensions <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar4.dll (Google Inc.) )
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar4.dll (Google Inc.) )
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    {CA0B9B71-C2AF-11D3-B376-0800460222F0} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar4.dll (Google Inc.) )
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
    {08C1F79B-0FBC-4157-ABB5-F33EC39AD0C7} = 8196 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    {4982D40A-C53B-4615-B15B-B5B5E98D167C} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    {FB5F1910-F110-11d2-BB9E-00C04F795683} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    NextId = 8197

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
    MenuText = Sun Java Console
    ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKLM C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.) )
    ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKCU C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

    >>>>> Approved Shell Extensions <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
    {42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) )
    {764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
    {7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
    {7F67036B-66F1-411A-AD85-759FB9C5B0DB} = SampleView ( HKLM = C:\WINDOWS\system32\ShellvRTF.dll (XSS) )
    {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
    {88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
    {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )

    >>>>> Context Menu Handlers / Column Handlers <<<<<

    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}]
    - AVMenu Class ( HKLM = C:\Program Files\TELUS\TELUS Security service\AVContextR.dll (Zero-Knowledge Systems Inc.) )

    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware]
    @ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}]
    - AVMenu Class ( HKLM = C:\Program Files\TELUS\TELUS Security service\AVContextR.dll (Zero-Knowledge Systems Inc.) )

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware]
    @ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\igfxcui]
    @ = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} ( HKLM = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation) )

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}]
    - AVMenu Class ( HKLM = C:\Program Files\TELUS\TELUS Security service\AVContextR.dll (Zero-Knowledge Systems Inc.) )

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
    - PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

    >>>>> User Agent Post Platform <<<<<

    >>>>> TCP/IP Configuration <<<<<

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4ABD3A41-DE2E-4073-90C3-C712564F2128}] ( Intel(R) PRO/100 VE Network Connection )
    DefaultGateway =
    DhcpDefaultGateway = 142.59.152.1;
    DhcpIPAddress = 142.59.155.106
    DhcpNameServer = 154.11.129.59 154.11.129.187
    DhcpServer = 209.115.152.129
    DhcpSubnetMask = 255.255.252.0
    Domain =
    EnableDHCP = 1
    IPAddress = 0.0.0.0;
    IPAutoconfigurationAddress = 0.0.0.0
    NameServer =
    SubnetMask = 0.0.0.0;

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EE77D8D9-FE42-4ECE-AFE2-38DA031C9959}] ( 1394 Net Adapter )
    DefaultGateway =
    Domain =
    EnableDHCP = 1
    IPAddress = 0.0.0.0;
    NameServer =
    SubnetMask = 0.0.0.0;

    >>>>> WinSock2 Parameters <<<<<

    >>>>> Protocol Handlers <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cetihpz]
    CLSID = {CF184AD3-CDCB-4168-A3F7-8E447D129300} - ( HKLM C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) )

    >>>>> Protocol Filters <<<<<

    >>>>> Downloaded Program Files <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00B71CFB-6864-4346-A978-C0A14556272C}\DownloadInformation]
    CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14B87622-7E19-4EA8-93B3-97215F77A6BC}\DownloadInformation]
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation]
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    INF = C:\WINDOWS\Downloaded Program Files\erma.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EF9F042-C2EB-4293-8213-474CAEEF531D}\DownloadInformation]
    CODEBASE = http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB
    INF = C:\WINDOWS\Downloaded Program Files\TmHcmsX.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}\DownloadInformation]
    CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    INF = C:\WINDOWS\Downloaded Program Files\erma.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2917297F-F02B-4B9D-81DF-494B6333150B}\DownloadInformation]
    CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\DownloadInformation]
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    INF = C:\WINDOWS\Downloaded Program Files\yinst.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3107C2A8-9F0B-4404-A58B-21BD85268FBC}\DownloadInformation]
    CODEBASE = http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\DownloadInformation]
    CODEBASE = http://msluckylady.spaces.live.com//PhotoUpload/MsnPUpld.cab
    INF = C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{58FC4C77-71C2-4972-A8CD-78691AD85158}\DownloadInformation]
    CODEBASE = http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
    INF = C:\WINDOWS\Downloaded Program Files\bja.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{615F158E-D5CA-422F-A8E7-F6A5EED7063B}\DownloadInformation]
    CODEBASE = http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab
    INF = C:\WINDOWS\Downloaded Program Files\bejeweled.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\DownloadInformation]
    CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142630698640
    INF = C:\WINDOWS\Downloaded Program Files\muweb.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6F6DBC29-7A0C-4AC0-A42D-10EC70678526}\DownloadInformation]
    CODEBASE = http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
    INF = C:\WINDOWS\Downloaded Program Files\wordcube.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\DownloadInformation]
    CODEBASE = http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    INF = C:\WINDOWS\Downloaded Program Files\xscan.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\DownloadInformation]
    CODEBASE = http://www.worldwinner.com/games/shared/wwlaunch.cab
    INF = C:\WINDOWS\Downloaded Program Files\wwlaunch.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    INF =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}\DownloadInformation]
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94299420-321F-4FF9-A247-62A23EBB640B}\DownloadInformation]
    CODEBASE = http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
    INF = C:\WINDOWS\Downloaded Program Files\wordmojo.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]
    CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    INF = C:\WINDOWS\Downloaded Program Files\asinst.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AC2881FD-5760-46DB-83AE-20A5C6432A7E}\DownloadInformation]
    CODEBASE = http://www.worldwinner.com/games/v64/swapit/swapit.cab
    INF = C:\WINDOWS\Downloaded Program Files\swapit.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}\DownloadInformation]
    CODEBASE = http://www.worldwinner.com/games/v40/hangman/hangman.cab
    INF = C:\WINDOWS\Downloaded Program Files\hangman.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}\DownloadInformation]
    CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    INF = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\DownloadInformation]
    CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\DownloadInformation]
    CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    INF =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\DownloadInformation]
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    INF =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation]
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    INF =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\DownloadInformation]
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    INF =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\DownloadInformation]
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    INF =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    INF =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}\DownloadInformation]
    CODEBASE = http://dinet.info/n/us29/n.cab

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E70E3E64-2793-4AEF-8CC8-F1606BE563B0}\DownloadInformation]
    CODEBASE = http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
    INF = C:\WINDOWS\Downloaded Program Files\wwspades.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F6BF0D00-0B2A-4A75-BF7B-F385591623AF}\DownloadInformation]
    CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FAE74270-E5EE-49C3-B816-EA8B4D55F38F}\DownloadInformation]
    CODEBASE = http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
    INF = C:\WINDOWS\Downloaded Program Files\h2hpool.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
    CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Quick Quack by pogo\DownloadInformation]
    CODEBASE = http://game1.pogo.com/applet-6.5.3.37/hotstreak/hotstreak-en_US.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Quick Quack by pogo.osd

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\QWERTY by pogo\DownloadInformation]
    CODEBASE = http://game1.pogo.com/applet-6.5.2.33/squares/squares-en_US.cab
    OSD = C:\WINDOWS\Downloaded Program Files\QWERTY by pogo.osd

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\RaptisoftGameLoader\DownloadInformation]
    CODEBASE = http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    OSD = C:\WINDOWS\Downloaded Program Files\OSD28E7.OSD
     
  13. ms_luckylady

    ms_luckylady Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    43
    »»»»»»»»»»»»»»»»»»»» Files Created Within 30 Days »»»»»»»»»»»»»

    C:\avone.ini [Ver = | Size = 108 bytes | Created Date = 2/3/2007 5:53:58 PM | Attr = ]
    C:\sqmdata00.sqm [Ver = | Size = 268 bytes | Created Date = 2/14/2007 10:25:34 AM | Attr = H ]
    C:\sqmnoopt00.sqm [Ver = | Size = 244 bytes | Created Date = 2/14/2007 10:25:34 AM | Attr = H ]
    C:\Documents and Settings\Owner\My Documents\Document.rtf [Ver = | Size = 1034 bytes | Created Date = 2/13/2007 8:07:47 PM | Attr = ]
    C:\Documents and Settings\Owner\My Documents\My Computer.lnk [Ver = | Size = 104 bytes | Created Date = 1/19/2007 8:24:15 PM | Attr = ]
    C:\Documents and Settings\Owner\My Documents\OTMoveIt results.rtf [Ver = | Size = 312 bytes | Created Date = 2/13/2007 1:06:36 PM | Attr = ]
    C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 849 bytes | Created Date = 2/10/2007 4:45:39 PM | Attr = ]
    C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk [Ver = | Size = 902 bytes | Created Date = 1/27/2007 5:32:42 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\avgas-setup-7.5.0.50.exe [Ver = | Size = 6469352 bytes | Created Date = 2/10/2007 4:43:39 PM | Attr = ]
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\avgas-setup-7.5.0.50.exe:Zone.Identifier (26 bytes)
    C:\Documents and Settings\Owner\Desktop\Cucusoft AVI to VCD DVD MPEG Creator Pro.lnk [Ver = | Size = 805 bytes | Created Date = 2/3/2007 3:28:58 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\Fw FUNNY PICTURES - ha ha ha.eml [Ver = | Size = 581122 bytes | Created Date = 1/24/2007 1:21:17 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\Insaniquarium Deluxe.lnk [Ver = | Size = 1733 bytes | Created Date = 1/26/2007 11:51:09 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\LimeWire 4.12.11.lnk [Ver = | Size = 1582 bytes | Created Date = 2/11/2007 7:41:13 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\Shortcut to RT2.lnk [Ver = | Size = 961 bytes | Created Date = 1/27/2007 4:28:22 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\spywareblastersetup351.exe Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Created Date = 2/10/2007 6:27:26 PM | Attr = ]
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\spywareblastersetup351.exe:Zone.Identifier (26 bytes)
    C:\Documents and Settings\Owner\Desktop\winpfind.exe [Ver = | Size = 262159 bytes | Created Date = 2/13/2007 8:05:19 PM | Attr = ]
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\winpfind.exe:Zone.Identifier (26 bytes)
    C:\Documents and Settings\Owner\Desktop\Xilisoft MPEG to DVD Converter.lnk [Ver = | Size = 947 bytes | Created Date = 1/27/2007 5:30:30 PM | Attr = ]
    C:\WINDOWS\Aurora MPEG To DVD.INI [Ver = | Size = 67 bytes | Created Date = 1/27/2007 5:58:17 PM | Attr = ]
    C:\WINDOWS\b.exe [Ver = | Size = 0 bytes | Created Date = 2/6/2007 8:22:36 PM | Attr = ]
    C:\WINDOWS\HP_48BitScanUpdatePatch.ini [Ver = | Size = 214 bytes | Created Date = 1/26/2007 2:40:21 PM | Attr = ]
    C:\WINDOWS\iun6002.exe Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 1/26/2007 11:51:05 PM | Attr = ]
    C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 2/10/2007 12:44:17 PM | Attr = ]
    C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 2/10/2007 12:44:17 PM | Attr = H ]
    C:\WINDOWS\system.tmp [Ver = | Size = 231 bytes | Created Date = 2/9/2007 11:49:36 PM | Attr = ]
    C:\WINDOWS\win.tmp [Ver = | Size = 1037 bytes | Created Date = 2/9/2007 11:49:36 PM | Attr = ]
    C:\WINDOWS\System32\asuninst.exe Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2/8/2007 8:14:56 PM | Attr = ]
    C:\WINDOWS\System32\ffdshow.ax [Ver = 1, 0, 0, 1 | Size = 1761280 bytes | Created Date = 2/3/2007 3:28:57 PM | Attr = ]
    C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Created Date = 2/8/2007 8:14:25 PM | Attr = ]
    C:\WINDOWS\System32\lfbmp13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 57344 bytes | Created Date = 1/19/2007 8:22:54 PM | Attr = ]
    C:\WINDOWS\System32\lfcmp13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 401408 bytes | Created Date = 1/19/2007 8:22:54 PM | Attr = ]
    C:\WINDOWS\System32\lfgif13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 69632 bytes | Created Date = 1/19/2007 8:22:55 PM | Attr = ]
    C:\WINDOWS\System32\libavcodec.dll [Ver = | Size = 2255360 bytes | Created Date = 2/3/2007 3:28:57 PM | Attr = ]
    C:\WINDOWS\System32\libmpeg2_ff.dll [Ver = | Size = 112640 bytes | Created Date = 2/3/2007 3:28:57 PM | Attr = ]
    C:\WINDOWS\System32\libmplayer.dll [Ver = | Size = 395776 bytes | Created Date = 2/3/2007 3:28:57 PM | Attr = ]
    C:\WINDOWS\System32\ltdis13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 299008 bytes | Created Date = 1/19/2007 8:22:54 PM | Attr = ]
    C:\WINDOWS\System32\ltefx13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.068 | Size = 206336 bytes | Created Date = 1/19/2007 8:22:54 PM | Attr = ]
    C:\WINDOWS\System32\ltfil13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 163840 bytes | Created Date = 1/19/2007 8:22:54 PM | Attr = ]
    C:\WINDOWS\System32\ltimg13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 450560 bytes | Created Date = 1/19/2007 8:22:54 PM | Attr = ]
    C:\WINDOWS\System32\ltkrn13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 462848 bytes | Created Date = 1/19/2007 8:22:54 PM | Attr = ]
    C:\WINDOWS\System32\ltmm_n.dll [Ver = 14.0.0.000 | Size = 1003520 bytes | Created Date = 2/3/2007 5:53:17 PM | Attr = ]
    C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Created Date = 2/8/2007 8:14:24 PM | Attr = ]
    C:\WINDOWS\System32\QuickTime.qtp [Ver = | Size = 9066 bytes | Created Date = 2/8/2007 12:59:39 PM | Attr = ]
    C:\WINDOWS\System32\sirenacm.dll Microsoft Corp. [Ver = 8.1.0178.00 | Size = 51056 bytes | Created Date = 1/19/2007 12:53:04 PM | Attr = ]
    C:\WINDOWS\System32\taskkill.exe [Ver = | Size = 0 bytes | Created Date = 2/6/2007 8:22:38 PM | Attr = ]
    C:\WINDOWS\System32\TomsMoComp_ff.dll [Ver = | Size = 262144 bytes | Created Date = 2/3/2007 3:28:57 PM | Attr = ]
    C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Created Date = 2/8/2007 8:14:25 PM | Attr = ]
    C:\WINDOWS\System32\WNASPI32.DLL Adaptec [Ver = 4.71 (0002) | Size = 45056 bytes | Created Date = 1/27/2007 5:23:20 PM | Attr = ]
    C:\WINDOWS\System32\ZPORT4AS.dll [Ver = | Size = 11776 bytes | Created Date = 2/8/2007 8:14:56 PM | Attr = ]
    C:\WINDOWS\System32\drivers\ASPI32.SYS Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Created Date = 1/27/2007 5:23:20 PM | Attr = ]
    C:\WINDOWS\System32\drivers\AvgAsCln.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2/10/2007 4:45:37 PM | Attr = ]
    C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 1/28/2007 6:56:05 PM | Attr = ]

    »»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»

    C:\avone.ini [Ver = | Size = 108 bytes | Modified Date = 2/3/2007 5:57:22 PM | Attr = ]
    C:\sqmdata00.sqm [Ver = | Size = 268 bytes | Modified Date = 2/14/2007 10:25:36 AM | Attr = H ]
    C:\sqmnoopt00.sqm [Ver = | Size = 244 bytes | Modified Date = 2/14/2007 10:25:36 AM | Attr = H ]
    C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 87552 bytes | Modified Date = 2/5/2007 9:04:24 PM | Attr = ]
    C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [Ver = | Size = 2114336 bytes | Modified Date = 2/13/2007 7:35:08 PM | Attr = H ]
    C:\Documents and Settings\Owner\My Documents\Audio slave - AudioSlave - Be Yourself.mp3 [Ver = | Size = 5575221 bytes | Modified Date = 1/19/2007 10:38:54 PM | Attr = ]
    C:\Documents and Settings\Owner\My Documents\Audio Slave - Audioslave - Bleed.mp3 [Ver = | Size = 5080398 bytes | Modified Date = 1/19/2007 10:39:04 PM | Attr = ]
    C:\Documents and Settings\Owner\My Documents\desktop.ini [Ver = | Size = 76 bytes | Modified Date = 1/30/2007 9:39:16 PM | Attr = HS]
    C:\Documents and Settings\Owner\My Documents\Document.rtf [Ver = | Size = 1034 bytes | Modified Date = 2/13/2007 8:07:48 PM | Attr = ]
    C:\Documents and Settings\Owner\My Documents\My Computer.lnk [Ver = | Size = 104 bytes | Modified Date = 1/19/2007 8:24:16 PM | Attr = ]
    C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk [Ver = | Size = 571 bytes | Modified Date = 2/13/2007 11:06:18 PM | Attr = ]
    C:\Documents and Settings\Owner\My Documents\OTMoveIt results.rtf [Ver = | Size = 312 bytes | Modified Date = 2/13/2007 1:06:38 PM | Attr = ]
    C:\Documents and Settings\Owner\My Documents\shoulder.mp3 [Ver = | Size = 6237769 bytes | Modified Date = 1/19/2007 10:39:30 PM | Attr = ]
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\shoulder.mp3:Zone.Identifier (26 bytes)
    C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 849 bytes | Modified Date = 2/10/2007 4:45:40 PM | Attr = ]
    C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk [Ver = | Size = 902 bytes | Modified Date = 1/27/2007 5:32:44 PM | Attr = ]
    C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk [Ver = | Size = 1736 bytes | Modified Date = 2/5/2007 5:47:00 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\avgas-setup-7.5.0.50.exe [Ver = | Size = 6469352 bytes | Modified Date = 2/10/2007 4:43:40 PM | Attr = ]
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\avgas-setup-7.5.0.50.exe:Zone.Identifier (26 bytes)
    C:\Documents and Settings\Owner\Desktop\CCleaner.lnk [Ver = | Size = 1548 bytes | Modified Date = 2/8/2007 10:46:48 AM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\Cucusoft AVI to VCD DVD MPEG Creator Pro.lnk [Ver = | Size = 805 bytes | Modified Date = 2/3/2007 3:29:00 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\Fw FUNNY PICTURES - ha ha ha.eml [Ver = | Size = 581122 bytes | Modified Date = 1/24/2007 1:21:18 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\Insaniquarium Deluxe.lnk [Ver = | Size = 1733 bytes | Modified Date = 1/26/2007 11:51:10 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\LimeWire 4.12.11.lnk [Ver = | Size = 1582 bytes | Modified Date = 2/11/2007 7:41:14 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\Shortcut to RT2.lnk [Ver = | Size = 961 bytes | Modified Date = 1/27/2007 4:28:24 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\spywareblastersetup351.exe Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Modified Date = 2/10/2007 6:27:28 PM | Attr = ]
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\spywareblastersetup351.exe:Zone.Identifier (26 bytes)
    C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk [Ver = | Size = 1475 bytes | Modified Date = 2/13/2007 2:39:42 PM | Attr = ]
    C:\Documents and Settings\Owner\Desktop\winpfind.exe [Ver = | Size = 262159 bytes | Modified Date = 2/13/2007 8:05:22 PM | Attr = ]
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\winpfind.exe:Zone.Identifier (26 bytes)
    C:\Documents and Settings\Owner\Desktop\Xilisoft MPEG to DVD Converter.lnk [Ver = | Size = 947 bytes | Modified Date = 1/27/2007 5:30:32 PM | Attr = ]
    C:\WINDOWS\ALCFDRTM.VER Realtek Semiconductor Corp. [Ver = 1, 2, 0, 0 | Size = 73728 bytes | Modified Date = 2/4/2007 11:34:58 PM | Attr = ]
    C:\WINDOWS\Aurora MPEG To DVD.INI [Ver = | Size = 67 bytes | Modified Date = 1/27/2007 8:26:56 PM | Attr = ]
    C:\WINDOWS\b.exe [Ver = | Size = 0 bytes | Modified Date = 2/6/2007 8:22:38 PM | Attr = ]
    C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 2/14/2007 10:26:54 AM | Attr = S]
    C:\WINDOWS\freedom.backup.dat [Ver = | Size = 225 bytes | Modified Date = 2/14/2007 10:25:34 AM | Attr = ]
    C:\WINDOWS\hpoins03.dat [Ver = | Size = 29359 bytes | Modified Date = 2/11/2007 10:30:48 PM | Attr = ]
    C:\WINDOWS\HP_48BitScanUpdatePatch.ini [Ver = | Size = 214 bytes | Modified Date = 1/26/2007 2:40:22 PM | Attr = ]
    C:\WINDOWS\iun6002.exe Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 1/27/2007 8:25:28 PM | Attr = ]
    C:\WINDOWS\NeroDigital.ini [Ver = | Size = 49 bytes | Modified Date = 2/8/2007 1:47:40 PM | Attr = ]
    C:\WINDOWS\popcinfo.dat [Ver = | Size = 35 bytes | Modified Date = 1/27/2007 12:09:04 AM | Attr = ]
    C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 2/10/2007 12:44:18 PM | Attr = ]
    C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 2/12/2007 11:25:12 AM | Attr = H ]
    C:\WINDOWS\win.ini [Ver = | Size = 1255 bytes | Modified Date = 2/11/2007 10:33:14 PM | Attr = ]
    C:\WINDOWS\win.tmp [Ver = | Size = 1037 bytes | Modified Date = 2/8/2007 11:19:28 PM | Attr = ]
    C:\WINDOWS\System32\amcompat.tlb [Ver = | Size = 16832 bytes | Modified Date = 1/27/2007 5:57:28 PM | Attr = ]
    C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Modified Date = 2/8/2007 8:14:26 PM | Attr = ]
    C:\WINDOWS\System32\nscompat.tlb [Ver = | Size = 23392 bytes | Modified Date = 1/27/2007 5:57:28 PM | Attr = ]
    C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Modified Date = 2/8/2007 8:14:26 PM | Attr = ]
    C:\WINDOWS\System32\QuickTime.qtp [Ver = | Size = 9066 bytes | Modified Date = 2/10/2007 12:44:56 PM | Attr = ]
    C:\WINDOWS\System32\sirenacm.dll Microsoft Corp. [Ver = 8.1.0178.00 | Size = 51056 bytes | Modified Date = 1/19/2007 12:53:04 PM | Attr = ]
    C:\WINDOWS\System32\taskkill.exe [Ver = | Size = 0 bytes | Modified Date = 2/6/2007 8:22:40 PM | Attr = ]
    C:\WINDOWS\System32\tmp.reg [Ver = | Size = 2080 bytes | Modified Date = 2/10/2007 4:34:14 PM | Attr = ]
    C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Modified Date = 2/8/2007 8:14:26 PM | Attr = ]
    C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 1170 bytes | Modified Date = 2/14/2007 9:53:20 AM | Attr = ]

    »»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
    @Alternate Data Stream - C:\UNWISE.EXE:SummaryInformation (88 bytes)
    @Alternate Data Stream - C:\UNWISE.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\aawsepersonal.exe:Zone.Identifier (26 bytes)
    [WSUD , ]C:\Documents and Settings\Owner\My Documents\AdbeRdr707_en_US.exe ( )
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\avg71free_394a752.exe:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\ccsetup131.exe:Zone.Identifier (26 bytes)
    [Thawte Consulting , ]C:\Documents and Settings\Owner\My Documents\ccsetup131.exe (Piriform Ltd)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\DatRemoverPlus.exe:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\FreedomCleanup.exe:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\HijackThis.exe:Zone.Identifier (26 bytes)
    [UPX! , UPX0 , ]C:\Documents and Settings\Owner\My Documents\HijackThis.exe (Soeperman Enterprises Ltd.)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\honey.mp3:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\mystery.mp3:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\ones.mp3:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\oven.mp3:Zone.Identifier (26 bytes)
    [FSG! , ]C:\Documents and Settings\Owner\My Documents\oven.mp3 ()
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\roderigo.mp3:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\shoulder.mp3:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\spybotsd14.exe:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\My Documents\telus_security_en.exe:Zone.Identifier (26 bytes)
    [WSUD , ]C:\Documents and Settings\Owner\My Documents\telus_security_en.exe (TELUS )
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\avgas-setup-7.5.0.50.exe:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\FreedomCleanup.exe:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\mp3_organizer.zip:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\QuickScanner.zip:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\spywareblastersetup351.exe:Zone.Identifier (26 bytes)
    [Thawte Consulting , ]C:\Documents and Settings\Owner\Desktop\spywareblastersetup351.exe (Javacool Software LLC )
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\TelusDatRemoverPlus.exe:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\telus_security_en.exe:Zone.Identifier (26 bytes)
    [WSUD , ]C:\Documents and Settings\Owner\Desktop\telus_security_en.exe (TELUS )
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\WAPMail.exe:Zone.Identifier (26 bytes)
    @Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\winpfind.exe:Zone.Identifier (26 bytes)
    [UPX! , UPX0 , ]C:\WINDOWS\tsc.exe (Trend Micro Inc.)
    [PECompact2 , qoologic , SAHAgent , ]C:\WINDOWS\VPTNFILE.637 ()
    [aspack , UPX! , ]C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
    [PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
    [PTech , ]C:\WINDOWS\System32\igfxhcsy.lhp ()
    [PEC2 , ]C:\WINDOWS\System32\ODBCJET.HLP ()
    @Alternate Data Stream - C:\WINDOWS\System32\Process.exe:Zone.Identifier (26 bytes)
    [Thawte Consulting , ]C:\WINDOWS\System32\SmartUI2.ocx (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com)
    @Alternate Data Stream - C:\WINDOWS\System32\SrchSTS.exe:Zone.Identifier (26 bytes)
    [UPX! , UPX0 , ]C:\WINDOWS\System32\SrchSTS.exe (S!Ri)
    @Alternate Data Stream - C:\WINDOWS\System32\swreg.exe:Zone.Identifier (26 bytes)
    [UPX! , UPX0 , ]C:\WINDOWS\System32\swreg.exe (SteelWerX)
    @Alternate Data Stream - C:\WINDOWS\System32\swsc.exe:Zone.Identifier (26 bytes)
    [UPX! , UPX0 , ]C:\WINDOWS\System32\swsc.exe ()
    [winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
    [Thawte Consulting , ]C:\WINDOWS\System32\XceedCry.dll (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com)
    [Thawte Consulting , ]C:\WINDOWS\System32\XceedZip.dll (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com)
    [aspack , ]C:\WINDOWS\System32\drivers\css-dvp.sys (Command Software Systems, Inc.)

    < End of report >
     
  14. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, ms_luckylady :)

    RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop. RIGHT-CLICK on DelDomains.inf and select: Install

    Download ComboFix from Here or Here. to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  15. ms_luckylady

    ms_luckylady Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    43
    Here is combo fix result:

    "Owner" - 07-02-14 13:33:13 Service Pack 2
    ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Owner\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\b.exe
    C:\INSTALL.LOG
    C:\WINDOWS\system32\drivers\npf.sys


    ((((((((((((((((((((((((((((((( Files Created from 2007-01-14 to 2007-02-14 ))))))))))))))))))))))))))))))))))


    2007-02-13 13:29 <DIR> d-------- C:\Program Files\Webroot
    2007-02-13 13:04 <DIR> d-------- C:\_OTMoveIt
    2007-02-12 12:58 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Uniblue
    2007-02-11 19:41 <DIR> d-------- C:\Program Files\LimeWire
    2007-02-10 16:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-02-10 16:45 <DIR> d-------- C:\Program Files\Grisoft
    2007-02-10 16:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-02-10 16:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
    2007-02-10 15:26 <DIR> d-------- C:\!KillBox
    2007-02-10 13:17 <DIR> d-------- C:\Program Files\CyberDefender
    2007-02-08 23:05 540,672 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
    2007-02-08 23:05 5,505,024 --a------ C:\DOCUME~1\Owner\ntuser.dat
    2007-02-06 20:22 0 --a------ C:\WINDOWS\system32\taskkill.exe
    2007-02-03 17:53 1,003,520 --a------ C:\WINDOWS\system32\ltmm_n.dll
    2007-02-03 17:53 <DIR> d-------- C:\AVOneExport
    2007-02-03 15:47 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2007-02-03 15:29 <DIR> d-------- C:\ConverterOutput
    2007-02-03 15:28 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
    2007-02-03 15:28 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
    2007-02-03 15:28 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
    2007-02-03 15:28 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
    2007-02-03 15:28 <DIR> d-------- C:\Program Files\Cucusoft
    2007-01-30 21:06 <DIR> d-------- C:\WINDOWS\WBEM
    2007-01-30 21:06 <DIR> d-------- C:\WINDOWS\system32\en-US
    2007-01-30 21:04 <DIR> d--h-c--- C:\WINDOWS\ie7
    2007-01-30 21:02 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2007-01-30 21:01 <DIR> d-------- C:\WINDOWS\network diagnostic
    2007-01-28 18:56 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-01-27 20:28 <DIR> d-------- C:\aurora_dvd
    2007-01-27 20:26 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
    2007-01-27 17:57 <DIR> d-------- C:\Program Files\Aurora MPEG To DVD Burner
    2007-01-27 17:29 <DIR> d-------- C:\Program Files\Xilisoft
    2007-01-27 17:23 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
    2007-01-27 17:23 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
    2007-01-27 17:18 <DIR> d-------- C:\Program Files\VideoCharge Software
    2007-01-27 17:10 <DIR> d-------- C:\Program Files\DVD Author ActiveX Control
    2007-01-26 23:51 737,280 --a------ C:\WINDOWS\iun6002.exe
    2007-01-26 23:49 <DIR> d-------- C:\Program Files\Insaniquarium Deluxe
    2007-01-19 20:22 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2007-01-19 20:22 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2007-01-19 20:22 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2007-01-19 20:22 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2007-01-19 20:22 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2007-01-19 20:22 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2007-01-19 20:22 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2007-01-19 20:22 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-02-14 13:30 225 --a------ C:\WINDOWS\freedom.backup.dat
    2007-02-14 09:10 -------- d-------- C:\Program Files\Common Files\pestpatrol
    2007-02-13 20:42 -------- d-------- C:\Program Files\Common Files\command software
    2007-02-11 22:30 29359 --a------ C:\WINDOWS\hpoins03.dat
    2007-02-10 16:34 2080 --a------ C:\WINDOWS\system32\tmp.reg
    2007-02-10 13:00 -------- d-------- C:\Program Files\three rings design
    2007-02-10 12:57 -------- d-------- C:\Program Files\yahoo!
    2007-02-09 21:29 -------- d-------- C:\Program Files\paint shop pro 6
    2007-02-08 10:46 -------- d-------- C:\Program Files\ccleaner
    2007-02-06 20:12 -------- d-------- C:\Program Files\microsoft reference
    2007-02-05 20:14 -------- d-------- C:\Program Files\palm
    2007-02-05 20:13 -------- d--h----- C:\Program Files\installshield installation information
    2007-02-05 20:13 -------- d-------- C:\Program Files\faxtalk faxcenter pro 7.0
    2007-02-05 20:09 -------- d-------- C:\Program Files\bjballroom
    2007-02-05 17:47 -------- d-------- C:\Program Files\msn messenger
    2007-01-28 16:20 -------- d-------- C:\Program Files\telus ecare
    2007-01-27 16:54 -------- d-------- C:\Program Files\ahead
    2007-01-27 16:08 -------- d-------- C:\Program Files\google
    2007-01-27 00:09 35 --a------ C:\WINDOWS\popcinfo.dat
    2007-01-26 14:40 1708 --a------ C:\DOCUME~1\Owner\Application Data\hpcom_48bitscanupdate.log
    2007-01-24 15:21 -------- d-------- C:\Program Files\Common Files\adobe
    2007-01-24 15:21 -------- d-------- C:\DOCUME~1\Owner\Application Data\adobeum
    2007-01-15 14:21 -------- d-------- C:\Program Files\java
    2006-12-11 17:31 73728 --a------ C:\WINDOWS\alcfdrtm.exe
    2006-11-24 21:07 53248 --a------ C:\WINDOWS\system32\process.exe
    2006-11-24 21:07 40960 --a------ C:\WINDOWS\system32\swsc.exe
    2006-11-24 21:07 288417 --a------ C:\WINDOWS\system32\srchsts.exe
    2006-11-24 21:07 135168 --a------ C:\WINDOWS\system32\swreg.exe
    2006-11-19 13:35 8918 --a------ C:\WINDOWS\extend.dat
    2006-11-09 21:03 247 --a------ C:\Program Files\setuplog.txt


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "AlcWzrd"="ALCWZRD.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "Motive SmartBridge"="C:\\PROGRA~1\\TELUSE~1\\SMARTB~1\\MotiveSB.exe"
    "TELUS Security service"="\"C:\\Program Files\\TELUS\\TELUS Security service\\Freedom.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
    "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "ES Current Services"="C:\\WINDOWS\\system32\\Winservc\\gotcha.exe"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
    Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-02-14 13:36:35
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/543527

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice