Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help.. here's my HiJackThis log..Agent.exe prob as well [RESO

Started by GwendieDraper , Jul 26 2007 11:57 PM

  • This topic is locked This topic is locked

#1
GwendieDraper
Posted 26 July 2007 - 11:57 PM

GwendieDraper

    Member

  • Member
  • PipPip
  • 44 posts
I am having a issue with my pc.. it has been running pretty slow.. and has recently started freezing on me.. and Agent.exe seems to be bogging me down accoring to my task manager...
Here's my HijacjThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:13 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NY7Y30M\VundoFix[1].exe
C:\HJTmay4me\HijackThis.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
F3 - REG:win.ini: load=??? ?, ???????????????
F3 - REG:win.ini: run=??? ?, ???????????????
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = ?
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...ammon-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.co...fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.co...wbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145855677484
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki....tkiUploader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pog...sh.1.0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pog...aploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...443/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

Advertisements

#2
GwendieDraper
Posted 30 July 2007 - 01:20 PM

GwendieDraper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
its been over three days.. im also noticing some other stuff.. like when i got ot start windows.. it wont go past the windows logo where the bar runs saying its loading.. i have to hold down the power button and then turn it back on...then it would have a screen asking me if i wantto start it in normal mode or safe mode.. saying that there was a problem with how my pc was starting or an error.. i not sure exactly what it said...
And when i did get it on today.. my volume control loaded like 120 times today.. i had to end process in task manager to get the to go away....
  • 0

#3
Essexboy
Posted 01 August 2007 - 04:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there GwendieDraper sorry for the delay. So lets get right down to the nuts and bolts

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: load=??? ?, ???????????????
F3 - REG:win.ini: run=??? ?, ???????????????
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pog...aploader_v6.cab

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

______________________________________

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

and a new Hijackthis log and an update on your current problems

Edited by Essexboy, 04 August 2007 - 08:26 AM.

  • 0

#4
Essexboy
Posted 07 August 2007 - 02:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#5
Essexboy
Posted 11 August 2007 - 04:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#6
Essexboy
Posted 11 August 2007 - 04:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
noticed the topic closed... and i realize i need an updated HiJackThis log anyway.. so im sending it now..

Logfile of HijackThis v1.99.1
Scan saved at 10:50:21 AM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HJTmay4me\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.co...fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.co...wbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.co...earch-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145855677484
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki....tkiUploader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pog...sh.1.0.0.80.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...443/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#7
Essexboy
Posted 11 August 2007 - 04:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok back with you now

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#8
GwendieDraper
Posted 11 August 2007 - 04:10 PM

GwendieDraper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Heres the combofix log:


ComboFix 07-08-09.3 - "Owner" 2007-08-11 14:56:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.49 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\cup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\plates.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\tray.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\back_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backchalk.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\cancel.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\cancelup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\career.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\career_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\close.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\closeup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\continue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\continueover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\download_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\easy.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\easy_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\hard.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\hard_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\help.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\help_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\highscores.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\letsplay.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\medium.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\medium_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\off.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\off_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\on_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\pause.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\pauseover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitgame.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\resumegame.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\submit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\submitup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\tryagain.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\career.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\customer.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\endless.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\global.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\powerups.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\cook.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\idle.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\lower.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\upper.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\fonts\arial.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\chair.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\textedit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\title.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\playfirst_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\credits.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\help.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\chairflags.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\clock.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\closingtime.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\coinflip.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\expertscore.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\fork_timer.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\jar.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\level.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\level_career.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\score.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\sound.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\staroff.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\staron.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tablenumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\dinerdash.exe
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\ystem3~1


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 14:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 19:35 <DIR> d-------- C:\DOCUME~1\Family\APPLIC~1\Creative
2007-08-01 15:09 <DIR> d-------- C:\Deckard
2007-08-01 15:04 2,418 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-01 14:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-01 14:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-01 14:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-08-01 14:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-27 12:54 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-07-27 12:54 <DIR> d-------- C:\Program Files\TryMedia
2007-07-27 12:54 <DIR> d-------- C:\Program Files\TDS3
2007-07-27 12:54 <DIR> d-------- C:\Program Files\S3
2007-07-27 12:54 <DIR> d-------- C:\Program Files\Office.com
2007-07-27 12:54 <DIR> d-------- C:\Program Files\Motive
2007-07-27 12:54 <DIR> d-------- C:\Program Files\monstersgame
2007-07-27 12:54 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-27 12:54 <DIR> d-------- C:\Program Files\mfk
2007-07-27 12:54 <DIR> d-------- C:\Program Files\JMF2.1.1
2007-07-27 12:54 <DIR> d-------- C:\Program Files\illiminable
2007-07-27 12:54 <DIR> d-------- C:\Program Files\Disney Interactive
2007-07-27 12:54 <DIR> d-------- C:\Program Files\DIFX
2007-07-27 12:54 <DIR> d-------- C:\Program Files\{E9A69A5D-E826-4AAC-8514-4DFBDB1A14B9}
2007-07-20 18:01 <DIR> d-------- C:\Program Files\Trymedia(2)
2007-07-20 17:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-07-20 10:27 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 22:26 --------- d-------- C:\Program Files\Oberon Media
2007-07-26 22:21 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\wsInspector
2007-07-24 14:22 29 --a--c--- C:\WINDOWS\popcinfo.dat
2007-07-19 10:46 --------- d-------- C:\Program Files\mIRC
2007-06-29 13:20 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Pogo Games
2007-06-19 18:05 --------- d-------- C:\Program Files\SpywareBlaster
2007-06-13 15:34 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\MysteryStudio
2007-05-16 08:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-04-08 15:41 432 --a------ C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
2005-11-22 23:01 1701 --a--c--- C:\Program Files\pspbrwse.jbf
2005-08-08 17:39 457 --a--c--- C:\Program Files\INSTALL.LOG
2005-05-07 21:32 774144 --a------ C:\Program Files\RngInterstitial.dll
2005-04-28 16:20 89049967 --a--c--- C:\Program Files\psp8.zip
2004-11-03 14:11 143 --ah-c--- C:\Program Files\hpothb07.dat
2004-11-03 13:58 251 --ah-c--- C:\Program Files\hpothb07.tif
2005-09-07 17:25:05 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 05:40]
"VTTimer"="VTTimer.exe" [2004-01-15 20:33 C:\WINDOWS\system32\VTTimer.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 15:18]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-22 11:00]
"LVCOMS"="C:\WINDOWS\system32\LVComS.exe" [2002-04-05 16:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 12:30]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 14:23]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-20 14:15]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 07:14]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 14:57]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2003-06-26 04:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [2004-03-28 15:07:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveLongFreeItch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BO1HelperStartUp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R3 P1110VID;Creative WebCam NX;C:\WINDOWS\system32\DRIVERS\P1110VID.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
R3 SunkFilt;Alcor Micro Corp - 9360;\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S3 CA561;Micro Webcam;C:\WINDOWS\system32\Drivers\SPCA561.SYS
S3 DCamUSBSQTECH;Dual-Mode DSC(2770);C:\WINDOWS\system32\Drivers\SQcaptur.sys
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S3 SMALUSB;Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\smallogi.sys
S3 SunkFilt39;Alcor Micro Corp - 3239;\??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison;\??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys


Contents of the 'Scheduled Tasks' folder
2007-07-30 22:30:08 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7200#CN3983C3G9I5.job - C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
2007-08-11 18:29:02 C:\WINDOWS\Tasks\HP Usg Daily.job - C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
2007-04-04 19:14:57 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 15:04:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000362

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-11 15:06:19
C:\ComboFix-quarantined-files.txt ... 2007-08-11 15:05

--- E O F ---
  • 0

#9
GwendieDraper
Posted 11 August 2007 - 04:15 PM

GwendieDraper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
And here's the HiJackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 3:13:53 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\HJTmay4me\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.co...fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.co...wbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.co...earch-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145855677484
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki....tkiUploader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pog...sh.1.0.0.80.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...443/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#10
Essexboy
Posted 11 August 2007 - 04:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking better let's now search for the hidden nasties :blink:

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Could you also update me on how your system is running now :whistling:
  • 0

Advertisements

#11
GwendieDraper
Posted 11 August 2007 - 05:09 PM

GwendieDraper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
And here's the WinPFind3u log:

My system still seems a lil slow.. but i guess it could just be the pc..lol


WinPFind3 logfile created on: 8/11/2007 3:57:30 PM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

191.48 Mb Total Physical Memory | 60.68 Mb Available Physical Memory | 31.69% Memory free
466.22 Mb Paging File | 291.81 Mb Available in Paging File | 62.59% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 59.08 Gb Free Space | 77.03% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-6990BE8220
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 1:54:12 PM | Attr = ]
aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 1:54:14 PM | Attr = ]
cursorxp.exe -> %ProgramFiles%\CursorXP\CursorXP.exe -> [Ver = 1, 3, 0, 0 | Size = 128000 bytes | Modified Date = 1/19/2005 5:34:16 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 1.80.0 | Size = 221184 bytes | Modified Date = 8/20/2003 2:57:00 PM | Attr = ]
hphmon05.exe -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,1,7 | Size = 483328 bytes | Modified Date = 8/20/2003 2:15:48 PM | Attr = R ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
isafe.exe -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 259184 bytes | Modified Date = 6/23/2005 7:46:00 AM | Attr = ]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 5:40:32 AM | Attr = ]
lvcoms.exe -> %System32%\LVComS.exe -> Logitech Inc. [Ver = 6.0.3.1038 | Size = 102400 bytes | Modified Date = 4/5/2002 4:35:22 PM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr = ]
sdmcp.exe -> %CommonProgramFiles%\Stardock\sdmcp.exe -> Stardock [Ver = 0, 0, 5, 9 | Size = 253952 bytes | Modified Date = 1/31/2005 2:14:52 PM | Attr = ]
shwiconem.exe -> %ProgramFiles%\Digital Media Reader\shwiconem.exe -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 3/11/2004 3:18:54 PM | Attr = ]
vetmsg.exe -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 201840 bytes | Modified Date = 6/23/2005 7:46:00 AM | Attr = ]
vttimer.exe -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.100.2004.0115 | Size = 49152 bytes | Modified Date = 1/15/2004 8:33:44 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]
wwsecure.exe -> %System32%\wwSecure.exe -> Webroot Software, Inc. [Ver = 6.0.1.10 | Size = 486400 bytes | Modified Date = 5/20/2005 4:53:52 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 1:54:14 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 259184 bytes | Modified Date = 6/23/2005 7:46:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/31/2007 4:03:50 PM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | Disabled | Stopped] -> -> File not found
(PACSPTISVR) PACSPTISVR [Win32_Own | Disabled | Stopped] -> -> File not found
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | Disabled | Stopped] -> -> File not found
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 201840 bytes | Modified Date = 6/23/2005 7:46:00 AM | Attr = ]
(wwSecSvc) Washer Security Access [Win32_Own | Auto | Running] -> %System32%\wwSecure.exe -> Webroot Software, Inc. [Ver = 6.0.1.10 | Size = 486400 bytes | Modified Date = 5/20/2005 4:53:52 PM | Attr = ]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %System32%\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 5:07:38 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Creative WebCam Tray -> %ProgramFiles%\Creative\Shared Files\CamTray.exe -> Creative Technology Ltd [Ver = 3.2.1.0 | Size = 184320 bytes | Modified Date = 6/26/2003 4:02:00 AM | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 1.80.0 | Size = 221184 bytes | Modified Date = 8/20/2003 2:57:00 PM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.239.0.0 | Size = 188416 bytes | Modified Date = 7/25/2003 7:14:02 AM | Attr = ]
HPHmon05 -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,1,7 | Size = 483328 bytes | Modified Date = 8/20/2003 2:15:48 PM | Attr = R ]
HPHUPD05 -> %ProgramFiles%\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe -> Hewlett-Packard [Ver = 5,1,7 | Size = 49152 bytes | Modified Date = 8/20/2003 2:23:08 PM | Attr = R ]
IPInSightMonitor 01 -> %ProgramFiles%\SBC Yahoo!\Connection Manager\IP InSight\ipmon32.exe -> Visual Networks [Ver = 5.5.33.226 | Size = 98304 bytes | Modified Date = 7/14/2003 12:30:28 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 5:40:32 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 86960 bytes | Modified Date = 9/11/2006 5:40:34 AM | Attr = ]
LVCOMS -> %System32%\LVComS.exe -> Logitech Inc. [Ver = 6.0.3.1038 | Size = 102400 bytes | Modified Date = 4/5/2002 4:35:22 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 3/22/2005 11:00:34 AM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr = ]
SunKistEM -> %ProgramFiles%\Digital Media Reader\shwiconem.exe -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 3/11/2004 3:18:54 PM | Attr = ]
UserFaultCheck -> -> File not found
VTTimer -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.100.2004.0115 | Size = 49152 bytes | Modified Date = 1/15/2004 8:33:44 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CursorXP -> %ProgramFiles%\CursorXP\CursorXP.exe -> [Ver = 1, 3, 0, 0 | Size = 128000 bytes | Modified Date = 1/19/2005 5:34:16 PM | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 5:40:32 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
%UserStartup%\MRU-Blaster Silent Clean.lnk -> %ProgramFiles%\MRU-Blaster\mrublaster.exe -> [Ver = 1.05.0009 | Size = 1216512 bytes | Modified Date = 3/28/2004 3:07:48 PM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKLM] -> %CommonProgramFiles%\Stardock\MCPCore.dll [0aMCPClient] -> Stardock [Ver = 0, 0, 5, 3 | Size = 98304 bytes | Modified Date = 1/31/2005 2:14:34 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 7:13:28 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
MCPClient -> %CommonProgramFiles%\Stardock\MCPStub.dll -> Stardock [Ver = 0, 0, 5, 2 | Size = 49152 bytes | Modified Date = 1/31/2005 2:13:38 PM | Attr = ]
WRNotifier -> WRLogonNTF.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com ->
HKCU: CustomizeSearch -> ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 2:39:26 PM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 2:39:26 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKLM] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{04BEAB9D-5C42-4C40-BBF0-C6C7470AD2B2} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [&Yahoo! Messenger] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [&Yahoo! Messenger] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 2:39:26 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 2:39:26 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
yie6 -> IEAK ->
YPC 3.2.0 -> Yahoo! Parental Controls ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{AACEF7A1-521D-4AAE-9D37-53B0366CA9BD} -> () ->
{F3D89BF6-5446-47C0-92F4-F230748B1E87} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries0000000001 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/23/2005 7:46:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries0000000002 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/23/2005 7:46:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries0000000003 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/23/2005 7:46:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries0000000021 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/23/2005 7:46:00 AM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 1.80.0 | Size = 81920 bytes | Modified Date = 8/20/2003 2:57:00 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{01A88BB1-1174-41EC-ACCB-963509EAE56B} -> SysProWmi Class - CodeBase = http://support.dell....iler/SysPro.CAB ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204 ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> ewidoOnlineScan Control - CodeBase = http://download.ewid...oOnlineScan.cab ->
{231B1C6E-F934-42A2-92B6-C2FEFEC24276} -> yucsetreg Class - CodeBase = C:\Program Files\Yahoo!\common\yucconfig.dll ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.syma...bin/AvSniff.cab ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> YInstStarter Class - CodeBase = ->
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} -> Microsoft PID Sniffer - CodeBase = https://support.micr...ActiveX/odc.cab ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www.snapfish....fishActivia.cab ->
{4B48D5DF-9021-45F7-A240-60304302A215} -> Malicious Software Removal Tool - CodeBase = http://download.micr.../WebCleaner.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.mcaf...01/mcinsctl.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://groups.msn.co...UC/MsnPUpld.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://www.bitdefend...can8/oscan8.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onec...lscbase9602.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.syma...n/bin/cabsa.cab ->
{6BEA1C48-1850-486C-8F58-C7354BA3165E} -> - CodeBase = http://updates.lifes...ll/pinstall.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1145855677484 ->
{74C861A1-D548-4916-BC8A-FDE92EDFF62C} -> - CodeBase = http://mediaplayer.w...ler/install.cab ->
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai...all/xscan53.cab ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} -> WScanCtl Class - CodeBase = http://www3.ca.com/s...nfo/webscan.cab ->
{8714912E-380D-11D5-B8AA-00D0B78F3D48} -> Yahoo! Webcam Upload Wrapper - CodeBase = http://chat.yahoo.com/cab/yuplapp.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} -> RegConfig Class - CodeBase = http://download.yaho...rod/yregcfg.cab ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://download.yaho...mail/ymmapi.dll ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn...pDownloader.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://messenger.zon...ro.cab32846.cab ->
{B9191F79-5613-4C76-AA2A-398534BB8999} -> YAddBook Class - CodeBase = http://download.yaho...alls/yab_af.cab ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> - CodeBase = http://download.mcaf...,26/mcgdmgr.cab ->
{C3DFA998-A486-11D4-AA25-00C04F72DAEB} -> MSN Photo Upload Tool - CodeBase = http://sc.groups.msn...UC/MsnPUpld.cab ->
{C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} -> FotkiUploader Control - CodeBase = http://images.fotki....tkiUploader.cab ->
{D18F962A-3722-4B59-B08D-28BB9EB2281E} -> PhotosCtrl Class - CodeBase = http://photos.yahoo....plorer1_9us.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = https://fpdownload.m...ash/swflash.cab ->
{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} -> SproutLauncherCtrl Class - CodeBase = http://download.game...outLauncher.cab ->
{DA758BB1-5F89-4465-975F-8D7179A4BCF3} -> WheelofFortune Object - CodeBase = http://messenger.zon...oF.cab31267.cab ->
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -> CPlayFirstDinerDashControl Object - CodeBase = http://clubgames.pog...sh.1.0.0.80.cab ->
{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -> Yahoo! Webcam Viewer Wrapper - CodeBase = http://chat.yahoo.com/cab/yvwrctl.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcaf...443/mcfscan.cab ->
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -> MSN Chat Control 4.5 - CodeBase = http://chat.msn.com/bin/msnchat45.cab ->
Aces Up! by pogo -> - CodeBase = http://game1.pogo.co.../aces-en_US.cab ->
All-In Texas Hold'em by pogo -> - CodeBase = http://game1.pogo.co...allin-en_US.cab ->
Backgammon by pogo -> - CodeBase = http://game1.pogo.co...ammon-en_US.cab ->
Bingo Luau by pogo -> - CodeBase = http://game1.pogo.co...bingo-en_US.cab ->
Blackjack by pogo -> - CodeBase = http://game1.pogo.co...kjack-en_US.cab ->
Blackjack Carnival by pogo -> - CodeBase = http://game1.pogo.co...jack2-en_US.cab ->
Blooop by pogo -> - CodeBase = http://game1.pogo.co...scade-en_US.cab ->
Bowling by pogo -> - CodeBase = http://game1.pogo.co...wling-en_US.cab ->
Canasta by pogo -> - CodeBase = http://game1.pogo.co...nasta-en_US.cab ->
Dice City Roller by pogo -> - CodeBase = http://game1.pogo.co...z/ytz-en_US.cab ->
Dice Derby by pogo -> - CodeBase = http://game1.pogo.co...dflag-en_US.cab ->
Euchre by pogo -> - CodeBase = http://game1.pogo.co...uchre-en_US.cab ->
First Class Solitaire by pogo -> - CodeBase = http://game1.pogo.co...lass2-en_US.cab ->
Fortune Bingo by pogo -> - CodeBase = http://game1.pogo.co...bingo-en_US.cab ->
Greenback Bayou by pogo -> - CodeBase = http://game1.pogo.co...nback-en_US.cab ->
Hangman Hijinks by pogo -> - CodeBase = http://game1.pogo.co...ngman-en_US.cab ->
High Stakes Poker by pogo -> - CodeBase = http://game1.pogo.co...poker-en_US.cab ->
Hog Heaven Slots by pogo -> - CodeBase = http://game1.pogo.co...fancy-en_US.cab ->
Jungle Gin by pogo -> - CodeBase = http://game1.pogo.co.../gin2-en_US.cab ->
Lost Temple Poker by pogo -> - CodeBase = http://game1.pogo.co...poker-en_US.cab ->
Lottso by pogo -> - CodeBase = http://game1.pogo.co...ottso-en_US.cab ->
Mah Jong Garden by pogo -> - CodeBase = http://game1.pogo.co...jong2-en_US.cab ->
Makeover Madness by pogo -> - CodeBase = http://game1.pogo.co...shoes-en_US.cab ->
Microsoft XML Parser for Java -> - CodeBase = ->
Multiline Slots by pogo -> - CodeBase = http://game1.pogo.co...slots-en_US.cab ->
Pai Gow by pogo -> - CodeBase = http://game1.pogo.co...aigow-en_US.cab ->
Payday FreeCell by pogo -> - CodeBase = http://game1.pogo.co...ecell-en_US.cab ->
Payday Freecell Solitaire by pogo -> - CodeBase = http://game1.pogo.co...cell2-en_US.cab ->
Penguin Blocks by pogo -> - CodeBase = http://game1.pogo.co...guins-en_US.cab ->
Perfect Pair Solitaire by pogo -> - CodeBase = http://game1.pogo.co...wheel-en_US.cab ->
Phlinx by pogo -> - CodeBase = http://game1.pogo.co...inger-en_US.cab ->
Pop Fu by pogo -> - CodeBase = http://game1.pogo.co...popfu-en_US.cab ->
PoppaZoppa by pogo -> - CodeBase = http://game1.pogo.co...zoppa-en_US.cab ->
Poppit by pogo -> - CodeBase = http://game1.pogo.co...ppit2-en_US.cab ->
Quick Quack by pogo -> - CodeBase = http://game1.pogo.co...treak-en_US.cab ->
QWERTY by pogo -> - CodeBase = http://game1.pogo.co...uares-en_US.cab ->
Showbiz Slots 2 by pogo -> - CodeBase = http://game1.pogo.co...wbiz2-en_US.cab ->
Shuffle Bump by pogo -> - CodeBase = http://game1.pogo.co.../puck-en_US.cab ->
Spider Solitaire by pogo -> - CodeBase = http://game1.pogo.co...pider-en_US.cab ->
Stax by pogo -> - CodeBase = http://game1.pogo.co.../stax-en_US.cab ->
Stellar Sweeper by pogo -> - CodeBase = http://game1.pogo.co...eeper-en_US.cab ->
Sweet Tooth TM by pogo -> - CodeBase = http://game1.pogo.co...tooth-en_US.cab ->
Texas Hold'em Poker by pogo -> - CodeBase = http://game1.pogo.co...oldem-en_US.cab ->
Tri-Peaks by pogo -> - CodeBase = http://game1.pogo.co...peaks-en_US.cab ->
Tumble Bees by pogo -> - CodeBase = http://game1.pogo.co...mbee2-en_US.cab ->
Turbo 21 v2 by pogo -> - CodeBase = http://game1.pogo.co...rbo22-en_US.cab ->
Vaults of Atlantis Slots by pogo -> - CodeBase = http://game1.pogo.co...slots-en_US.cab ->
Wonderland Memories by pogo -> - CodeBase = http://game1.pogo.co...ories-en_US.cab ->
Word Craft by pogo -> - CodeBase = http://game1.pogo.co...abble-en_US.cab ->
Word Search Daily by pogo -> - CodeBase = http://game1.pogo.co...earch-en_US.cab ->
Word Whomp Whackdown by pogo -> - CodeBase = http://game1.pogo.co...kdown-en_US.cab ->
WordJong by pogo -> - CodeBase = http://game1.pogo.co...djong-en_US.cab ->
World Class Solitaire by pogo -> - CodeBase = http://game1.pogo.co...class-en_US.cab ->
Yahoo! Pool 2 -> - CodeBase = http://download2.gam...ts/y/poti_x.cab ->


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 8/11/2007 1:54:15 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 7/27/2007 11:54:05 AM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 8/1/2007 2:09:08 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 200855552 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 8/11/2007 2:00:55 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 8/11/2007 1:54:23 PM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 8/1/2007 2:10:14 PM | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 8/11/2007 1:54:23 PM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 8/11/2007 2:14:10 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 8/11/2007 1:54:23 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 8/11/2007 1:54:22 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 8/11/2007 1:54:22 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2418 bytes | Created Date = 8/1/2007 2:04:25 PM | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 8/11/2007 1:54:23 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Modified Date = 7/27/2007 12:54:18 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 7/30/2007 5:18:08 PM | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 8/11/2007 3:14:14 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/1/2007 2:08:06 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 8/1/2007 3:09:10 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 200855552 bytes | Modified Date = 8/11/2007 3:34:52 PM | Attr = HS]
HJTmay4me -> %SystemDrive%\HJTmay4me -> [Folder | Modified Date = 8/11/2007 3:13:18 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/1/2007 3:32:32 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 8/11/2007 3:00:56 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/11/2007 3:14:12 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 7/28/2007 9:50:38 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 7/27/2007 12:54:04 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/11/2007 3:34:52 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Modified Date = 7/20/2007 12:47:24 AM | Attr = ]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 7/27/2007 11:22:56 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 7/20/2007 10:12:38 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/11/2007 3:01:48 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 8/11/2007 2:55:52 PM | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/1/2007 2:08:08 PM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 7/28/2007 9:50:42 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 7/27/2007 12:40:16 PM | Attr = ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 29 bytes | Modified Date = 7/24/2007 2:22:38 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/11/2007 2:54:24 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 7/18/2007 10:15:52 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 7/27/2007 12:56:18 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 282 bytes | Modified Date = 7/30/2007 5:18:08 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 8/11/2007 3:40:58 PM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 8/11/2007 3:38:12 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1465 bytes | Modified Date = 7/30/2007 5:18:08 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 7/28/2007 2:19:24 AM | Attr = ]
HP DArC Task #Hewlett-Packard#7200#CN3983C3G9I5.job -> %SystemRoot%\tasks\HP DArC Task #Hewlett-Packard#7200#CN3983C3G9I5.job -> [Ver = | Size = 320 bytes | Modified Date = 7/30/2007 3:30:10 PM | Attr = ]
HP Usg Daily.job -> %SystemRoot%\tasks\HP Usg Daily.job -> [Ver = | Size = 342 bytes | Modified Date = 8/11/2007 3:29:08 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/11/2007 3:35:10 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 8/9/2007 8:47:14 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 7/27/2007 12:56:52 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 8/11/2007 2:56:10 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 73276 bytes | Modified Date = 8/11/2007 3:40:58 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 425936 bytes | Modified Date = 8/11/2007 3:40:58 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 507722 bytes | Modified Date = 8/11/2007 3:40:58 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2418 bytes | Modified Date = 8/1/2007 3:05:10 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 7/27/2007 12:56:20 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/11/2007 3:38:04 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\mw104817.torrent:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\RegSeeker.zip:Zone.Identifier ->
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\LPT$VPN.693 -> [Ver = | Size = 15178581 bytes | Modified Date = 6/17/2005 11:31:58 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 6/17/2005 11:31:58 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.0.1.435 | Size = 57344 bytes | Modified Date = 7/25/2005 2:04:32 AM | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.693 -> [Ver = | Size = 15178581 bytes | Modified Date = 6/17/2005 11:31:58 AM | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 6/17/2005 11:36:42 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
aspack , -> %System32%\LTDIS14N.dll -> LEAD Technologies, Inc. [Ver = 14.0.0.012 | Size = 130048 bytes | Modified Date = 8/12/2004 1:33:50 PM | Attr = ]
aspack , -> %System32%\ltefx14N.dll -> LEAD Technologies, Inc. [Ver = 14.0.0.013 | Size = 98304 bytes | Modified Date = 8/19/2004 1:37:28 PM | Attr = ]
aspack , -> %System32%\ltfil14N.DLL -> LEAD Technologies, Inc. [Ver = 14.0.0.013 | Size = 78336 bytes | Modified Date = 8/19/2004 1:37:02 PM | Attr = ]
aspack , -> %System32%\ltimg14N.dll -> LEAD Technologies, Inc. [Ver = 14.0.0.013 | Size = 376320 bytes | Modified Date = 8/19/2004 1:37:28 PM | Attr = ]
aspack , -> %System32%\ltkrn14N.dll -> LEAD Technologies, Inc. [Ver = 14.0.0.013 | Size = 210432 bytes | Modified Date = 8/23/2004 5:56:22 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\msvcrt10.zip:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %System32%\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 2956 bytes -> %System32%\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
qoologic , aspack , SAHAgent , winsync , -> %System32%\pav.sig -> [Ver = | Size = 8498488 bytes | Modified Date = 2/20/2005 3:11:16 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\plugindll.zip:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]

< End of report >
  • 0

#12
Essexboy
Posted 12 August 2007 - 06:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Doesn't look to bad now. First a little fix then a wash and brush up and then see how we go from there

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {04BEAB9D-5C42-4C40-BBF0-C6C7470AD2B2} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[File String Scan - Non-Microsoft Only]
NY -> @Alternate Data Stream - 26 bytes -> %SystemDrive%\mw104817.torrent:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %SystemDrive%\RegSeeker.zip:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %System32%\msvcrt10.zip:Zone.Identifier
NY -> @Alternate Data Stream - 0 bytes -> %System32%\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
NY -> @Alternate Data Stream - 2956 bytes -> %System32%\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
NY -> @Alternate Data Stream - 0 bytes -> %System32%\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
NY -> @Alternate Data Stream - 26 bytes -> %System32%\plugindll.zip:Zone.Identifier


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

THEN

please run an AVG Scan to get the registry entries I may have missed

  • Run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


NOW

A wash and brush up

Prefetch is clickable for more information

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run Tune Up 2007 Trial

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable the anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor

All I need now is an update on your system and a new Hijackthis log
  • 0

#13
GwendieDraper
Posted 13 August 2007 - 10:18 AM

GwendieDraper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here's the WinPFind3u after the fix:

And my pc seems to be running better.. its not stalling or freezing anymore.. no more error messages popping up either :whistling:
Thank you :blink: Also do you want me to wait for you to respond to the log i am giving now to do the rest of the what you want me to do?


[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{04BEAB9D-5C42-4C40-BBF0-C6C7470AD2B2} deleted successfully.
[File String Scan - Non-Microsoft Only]
ADS C:\mw104817.torrent:Zone.Identifier deleted successfully.
ADS C:\RegSeeker.zip:Zone.Identifier deleted successfully.
ADS C:\WINDOWS\SYSTEM32\msvcrt10.zip:Zone.Identifier deleted successfully.
ADS C:\WINDOWS\SYSTEM32\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} deleted successfully.
ADS C:\WINDOWS\SYSTEM32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINDOWS\SYSTEM32\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} deleted successfully.
ADS C:\WINDOWS\SYSTEM32\plugindll.zip:Zone.Identifier deleted successfully.
< End of log >
Created on 08/13/2007 09:14:40
  • 0

#14
Essexboy
Posted 13 August 2007 - 01:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Continue the rest please GwendieDraper and then let me see how it is running. My feeling is AVG will come up tracking cookies only
  • 0

#15
GwendieDraper
Posted 14 August 2007 - 02:20 PM

GwendieDraper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
The PC is running soo much better.. and i love that last program :whistling:
Heres my HiJackThis log:
Only problem i had was getting the report from AVG.. but it had only found 2 things and they were cookies as you had predicted :blink:
Thank you for your help :help:

Logfile of HijackThis v1.99.1
Scan saved at 1:18:17 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\HJTmay4me\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.co...fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.co...wbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.co...earch-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewid...oOnlineScan.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.snapfish....fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145855677484
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} - http://images.fotki....tkiUploader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - http://download.game...outLauncher.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - http://clubgames.pog...sh.1.0.0.80.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...443/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{28FD11C9-D708-4256-9B0C-C4D301E42EE7}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP