When I try to log on to XP user it goes back to restart, and it does it over and over. This started when I tried to open a file in my Bit Torrent. I think the zip file contained a virus. I also get lots of pop ups too. Please HELP!!!

EDIT: Please only post HJT and spyware logs as attachments, Thanks,
LGW

Attached Files

K's HJT.txt (8.2 KB, 5 views)

Hya kshy_69, welcome to PCHF.


Please download VundoFix.exe
to your desktop.

• Double-click *VundoFix.exe* to run it.
• Click the *Scan for Vundo* button.
• Once it's done scanning, click the *Remove Vundo* button.
• You will receive a prompt asking if you want to remove the files, click *YES*
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click *OK*.
• Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the *Scan for Vundo* button." when
VundoFix appears at reboot.

Hi Joe 5,
Thank you. This site really helps me. The Vundofix found no virus! What now??
Kathy

VundoFix V6.1.6
Checking Java version...
Java version is 1.5.0.2
Java version is 1.5.0.4
Scan started at 4:55:44 PM 10/2/2006
Listing files found while scanning....
No infected files were found.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Also rename your HijackThis.exe to aaa.exe, and then make and post a new log from it please.

Kathy_2 - 06-10-05 17:28:47.58 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Kathy_2\Desktop"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{FEEBDB07-1883-4731-86E0-99E8584AFC81}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FEEBDB07-1883-4731-86E0-99E8584AFC81}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FEEBDB07-1883-4731-86E0-99E8584AFC81}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FEEBDB07-1883-4731-86E0-99E8584AFC81}\InprocServer32]
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{ABE1C6DA-2E2C-4D47-91B0-2C931CFA65AC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ABE1C6DA-2E2C-4D47-91B0-2C931CFA65AC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ABE1C6DA-2E2C-4D47-91B0-2C931CFA65AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ABE1C6DA-2E2C-4D47-91B0-2C931CFA65AC}\InprocServer32]
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{53F33109-0FA5-4FF7-B988-98B91B95AB73}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{53F33109-0FA5-4FF7-B988-98B91B95AB73}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{53F33109-0FA5-4FF7-B988-98B91B95AB73}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{53F33109-0FA5-4FF7-B988-98B91B95AB73}\InprocServer32]
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{CA3A42D8-534B-4FE3-A75B-78A78EF90C68}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CA3A42D8-534B-4FE3-A75B-78A78EF90C68}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CA3A42D8-534B-4FE3-A75B-78A78EF90C68}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CA3A42D8-534B-4FE3-A75B-78A78EF90C68}\InprocServer32]
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{C7FCC896-7FF1-4B93-99C7-408E32467CC7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C7FCC896-7FF1-4B93-99C7-408E32467CC7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C7FCC896-7FF1-4B93-99C7-408E32467CC7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C7FCC896-7FF1-4B93-99C7-408E32467CC7}\InprocServer32]
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{E38E367B-C212-4F41-9D26-6D80021E2869}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E38E367B-C212-4F41-9D26-6D80021E2869}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E38E367B-C212-4F41-9D26-6D80021E2869}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E38E367B-C212-4F41-9D26-6D80021E2869}\InprocServer32]
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{B3109EEC-4024-43B9-9EE7-4A320FB23189}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B3109EEC-4024-43B9-9EE7-4A320FB23189}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B3109EEC-4024-43B9-9EE7-4A320FB23189}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B3109EEC-4024-43B9-9EE7-4A320FB23189}\InprocServer32]
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{0C18961F-2CB5-49FA-B435-BDE6BE843EBF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0C18961F-2CB5-49FA-B435-BDE6BE843EBF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0C18961F-2CB5-49FA-B435-BDE6BE843EBF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0C18961F-2CB5-49FA-B435-BDE6BE843EBF}\InprocServer32]
@="C:\\WINDOWS\\system32\\meacm32.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{03EE94BC-96AE-49BE-875B-743FC805473A}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{03EE94BC-96AE-49BE-875B-743FC805473A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{03EE94BC-96AE-49BE-875B-743FC805473A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{03EE94BC-96AE-49BE-875B-743FC805473A}\InprocServer32]
@="C:\\WINDOWS\\system32\\mcasn1.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\adrot-uninst.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\Program Files\outlook
C:\Program Files\winupdate
C:\Program Files\winupdates
C:\Program Files\Common Files\{8CE58561-0224-1033-1202-991020990001}

((((((((((((((((((((((((((((((( Files Created from 2006-09-05 to 2006-10-05 ))))))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2006-10-05 17:30 -------- d-------- C:\Program Files\Common Files
2006-10-05 17:14 -------- d-------- C:\Program Files\Common Files\rwri
2006-10-02 18:07 5 --ahs---- C:\WINDOWS\system32\aababbd2_d.dll
2006-10-02 18:07 -------- d-------- C:\Program Files\RegSupreme Pro
2006-10-01 08:34 216998 --a------ C:\WINDOWS\justin_new.exe
2006-10-01 08:34 215308 --a------ C:\WINDOWS\Setup90.exe
2006-10-01 08:32 1233 --a------ C:\WINDOWS\system32\sdw2d03f.sys
2006-09-29 18:26 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-29 13:24 -------- d-------- C:\Program Files\MSN Messenger
2006-09-28 19:24 75264 --a------ C:\WINDOWS\system32\nsh17.dll
2006-09-28 13:53 111262 --a------ C:\WINDOWS\system32\justin.exe
2006-09-28 12:53 96265 --a------ C:\WINDOWS\system32\ebo_1.0.3.9.exe
2006-09-24 03:02 -------- d-------- C:\Program Files\XviD
2006-09-24 02:53 -------- d-------- C:\Program Files\GSpot
2006-09-22 00:45 -------- d-------- C:\Program Files\BitTorrent
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 23:56 -------- d-------- C:\Program Files\Yahoo!
2006-08-20 23:55 -------- dr-h----- C:\Documents and Settings\Kathy_2\Application Data\yahoo!
2006-08-20 14:39 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-15 13:35 -------- d-------- C:\Documents and Settings\Kathy_2\Application Data\AdobeUM
2006-08-08 13:58 -------- d-------- C:\Program Files\Internet Explorer
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 18:02 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Aim6"=""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\win patrol.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00 ,80,02,00,00,58,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff ,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23 ,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Completion time: Thu 10/05/2006 17:33:33.44
ComboFix.txt


aaa.exe
Logfile of aaa.exe
Scan saved at 5:44:05 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Palm\AlarmApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kathy_2\My Documents\administrator\HijackThis1991[1].exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Millsberry - Main
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\Palm\AlarmApp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?b6e9bcf2dc634dc2a91b1f887ca6cb5f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?b6e9bcf2dc634dc2a91b1f887ca6cb5f
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/def...andaonline.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37380.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab41096.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/tr...amesplayer.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/6512bd/games...ploader_v6.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by14fd.bay14.hotmail.msn.com/...x/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Thank you!!