tännekkö se piti laittaa ComboFix 08-06-16.5 - Juha Saarela 2008-06-19 23:09:45.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.421 [GMT 3:00] Running from: C:\Documents and Settings\Juha Saarela\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Juha Saarela\Desktop\CFScript.log * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM012b199f.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\dastgfjt.ini C:\WINDOWS\system32\mlJYqNFw.dll C:\WINDOWS\system32\nyhkohwt.dll C:\WINDOWS\system32\tuvWqNgg.dll C:\WINDOWS\system32\wFNqYJlm.ini C:\WINDOWS\system32\wFNqYJlm.ini2 . ---- Previous Run ------- . C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\system32\amtexhau.dll C:\WINDOWS\system32\byXQHywX.dll C:\WINDOWS\system32\efcButqr.dll C:\WINDOWS\system32\euxjhorg.dll C:\WINDOWS\system32\fgrrlser.dll C:\WINDOWS\system32\fijTEfii.ini C:\WINDOWS\system32\fijTEfii.ini2 C:\WINDOWS\system32\gfccasjk.dll C:\WINDOWS\system32\gwasxuci.dll C:\WINDOWS\system32\hgGwTnnl.dll C:\WINDOWS\system32\hgGvuTKa.dll C:\WINDOWS\system32\hjmrdlrm.dll C:\WINDOWS\system32\icuxsawg.ini C:\WINDOWS\system32\iifETjif.dll C:\WINDOWS\system32\ijjncqcm.dll C:\WINDOWS\system32\ljJbyyxU.dll C:\WINDOWS\system32\ljJdCvVP.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mlJAsPfC.dll C:\WINDOWS\system32\ndvnixpx.dll C:\WINDOWS\system32\njaoxisc.ini C:\WINDOWS\system32\oevfejqe.dll C:\WINDOWS\system32\opnlLBQg.dll C:\WINDOWS\system32\opnOFVPF.dll C:\WINDOWS\system32\pbkobcfw.dll C:\WINDOWS\system32\phlrpqcs.ini C:\WINDOWS\system32\pjaxcxyy.ini C:\WINDOWS\system32\pjfkkcur.dll C:\WINDOWS\system32\pmnlmmJb.dll C:\WINDOWS\system32\pmnoOigF.dll C:\WINDOWS\system32\qoMccCvv.dll C:\WINDOWS\system32\rqRKETmj.dll C:\WINDOWS\system32\rxxqavcn.dll C:\WINDOWS\system32\ssqOEVOE.dll C:\WINDOWS\system32\UBIhRXyb.ini C:\WINDOWS\system32\UBIhRXyb.ini2 C:\WINDOWS\system32\wnxqukec.dll C:\WINDOWS\system32\xmbkkpws.ini C:\WINDOWS\system32\xxyyaXnl.dll C:\WINDOWS\system32\xxyywTlL.dll C:\WINDOWS\system32\yaywurRK.dll C:\WINDOWS\ups.exe . ((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))) . 2008-06-19 23:05 . 2008-06-19 23:05 90,112 --a------ C:\WINDOWS\system32\jdvqugke.dll 2008-06-19 23:05 . 2008-06-19 23:05 79,360 --a------ C:\WINDOWS\system32\tjfgtsad.dll 2008-06-19 16:58 . 2008-06-19 16:59 47,392 --a------ C:\Program Files\cc_20080619_1658.reg 2008-06-19 16:31 . 2008-06-19 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner 2008-06-19 16:30 . 2008-06-19 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Registry Helper 2008-06-19 16:28 . 2008-06-19 16:28 <DIR> d-------- C:\Program Files\Registry Helper 2008-06-19 13:58 . 2008-06-19 13:58 396,288 --a------ C:\HijackThis.exe 2008-06-18 19:00 . 2008-06-18 19:00 398 --a------ C:\Program Files\cc_20080618_1900.reg 2008-06-18 18:00 . 2008-06-18 18:00 39,075 -r-hs---- C:\WINDOWS\avserv.exe 2008-06-18 12:49 . 2008-06-18 12:49 19,152 --a------ C:\Program Files\cc_20080618_1249.reg 2008-06-18 12:39 . 2008-06-18 12:39 218,808 --a------ C:\Program Files\cc_20080618_1238.reg 2008-06-18 12:33 . 2008-06-18 12:33 <DIR> d-------- C:\Program Files\CCleaner 2008-06-17 21:51 . 2008-06-19 23:16 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-17 21:51 . 2008-06-19 23:16 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-17 21:50 . 2008-06-17 21:50 <DIR> d-------- C:\Program Files\ZoneAlarmSB 2008-06-17 21:48 . 2008-06-17 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-06-17 21:48 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-06-17 21:48 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-06-17 21:48 . 2008-06-17 21:50 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-06-17 21:47 . 2008-06-17 21:47 <DIR> d-------- C:\Program Files\Zone Labs 2008-06-17 21:46 . 2008-06-17 21:46 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-06-17 19:09 . 2008-06-19 12:55 2,626 ---hs---- C:\WINDOWS\system32\lrjqbixg.ini 2008-06-17 18:57 . 2008-06-17 18:57 36,460 -r-hs---- C:\WINDOWS\acersv.exe 2008-06-17 11:53 . 2008-06-17 11:53 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-17 11:49 . 2008-06-17 11:49 5,842,088 --a------ C:\Program Files\Firefox Setup 2.0.0.14.exe 2008-06-16 19:10 . 2008-06-16 19:10 62,976 -r-hs---- C:\WINDOWS\servicean.exe 2008-06-16 16:51 . 2008-04-14 14:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-16 16:51 . 2008-04-14 14:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-16 16:22 . 2008-05-28 14:46 56,832 -r-hs---- C:\WINDOWS\winudspm.exe 2008-06-16 13:59 . 2008-06-17 18:58 2,086 ---hs---- C:\WINDOWS\system32\qpiydiio.ini 2008-06-16 13:51 . 2008-06-16 13:51 <DIR> d-------- C:\Program Files\Alwil Software 2008-06-16 13:50 . 2008-06-16 13:50 24,041,968 --a------ C:\Program Files\setupfin.exe 2008-06-14 23:25 . 2008-06-16 12:58 1,314 ---hs---- C:\WINDOWS\system32\lsqkmnnj.ini 2008-06-13 23:56 . 2008-06-14 23:21 954 ---hs---- C:\WINDOWS\system32\dedyrnge.ini 2008-06-12 21:03 . 2008-06-13 23:54 834 ---hs---- C:\WINDOWS\system32\nlecomeu.ini 2008-06-10 16:12 . 2008-06-12 20:58 774 ---hs---- C:\WINDOWS\system32\yiyncooc.ini 2008-06-08 00:35 . 2008-06-10 16:06 534 ---hs---- C:\WINDOWS\system32\nfsobrua.ini 2008-06-05 19:41 . 2008-06-08 00:30 354 ---hs---- C:\WINDOWS\system32\hbskjdmg.ini 2008-06-05 19:34 . 2008-06-05 19:34 <DIR> d--hs---- C:\FOUND.001 2008-06-04 01:21 . 2008-06-04 01:21 4,217 --a------ C:\WINDOWS\is154890.exe 2008-06-02 22:29 . 2008-06-02 22:30 97,116 --a------ C:\WINDOWS\DC5177176.zip 2008-06-02 13:51 . 2008-06-05 19:37 1,426 ---hs---- C:\WINDOWS\system32\ymfqxibw.ini 2008-06-02 13:46 . 2008-06-02 13:46 0 --a------ C:\WINDOWS\system32\pjaxcxyy.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 14:14 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-06-01 14:14 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2008-04-17 10:47 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2008-04-02 18:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2007-04-03 19:33 251 ----a-w C:\Program Files\wt3d.ini . ((((((((((((((((((((((((((((( snapshot@2008-06-19_23.00.28.71 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-19 19:56:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-19 20:16:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-19 20:17:34 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-06-17 21:50 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-06-17 21:50 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Contact Manager Alerts"="C:\Program Files\Contact Manager\Alerts.exe" [2007-09-11 17:39 10072064] "Registry Helper"="C:\Program Files\Registry Helper\LaunchRegistryHelper.exe" [2008-06-09 17:28 25912] ja hjt ------------->>>> Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:54, on 2008-06-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Contact Manager\Alerts.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Registry Helper\RegistryHelper.Exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\fcccYRhg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [BM012b199f] Rundll32.exe "C:\WINDOWS\system32\jdvqugke.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Contact Manager Alerts] C:\Program Files\Contact Manager\Alerts.exe O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe" "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?807f936eb60e4329894f01c05d48b8c8 O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?807f936eb60e4329894f01c05d48b8c8 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - Winlogon Notify: fcccYRhg - C:\WINDOWS\SYSTEM32\fcccYRhg.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 9645 bytes
Poista lisää poista sovelutuksesta ZoneAlarm Spy Blocker Poista kansio vikasiedossa. C:\Program Files\ZoneAlarmSB ============= Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne: Tallenna se nimellä CFScript.txt Sitten raahaa CFScript ComboFix.exeen kuten alla. Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. =========== scannaa hjt:llä merkkaa paina Fix checked R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [BM012b199f] Rundll32.exe "C:\WINDOWS\system32\jdvqugke.dll",s
combofix.txt no en tiiä toimiiko vai ei ku nyt vasta pystyn vastaa. netti ei toimi kunnolla jostain syystä. ei lataile sivuja ComboFix 08-06-16.5 - Juha Saarela 2008-06-21 21:49:07.5 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.358.1033.18.436 [GMT 3:00] Running from: C:\Documents and Settings\Juha Saarela\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Juha Saarela\Desktop\CFScript.txt.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM012b199f.xml C:\WINDOWS\pskt.ini . ((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))) . 2008-06-21 21:40 . 2008-06-21 21:40 <DIR> d-------- C:\WINDOWS\LastGood 2008-06-20 14:28 . 2008-06-20 14:28 <DIR> d--hs---- C:\FOUND.002 2008-06-20 10:14 . 2008-06-20 10:14 79,360 --a------ C:\WINDOWS\system32\safsycav.dll 2008-06-20 10:12 . 2008-06-20 10:12 90,112 --a------ C:\WINDOWS\system32\mauvpdrm.dll 2008-06-19 23:35 . 2008-06-19 23:35 <DIR> d-------- C:\backups 2008-06-19 23:05 . 2008-06-19 23:05 90,112 --a------ C:\WINDOWS\system32\jdvqugke.dll 2008-06-19 23:05 . 2008-06-19 23:05 79,360 --a------ C:\WINDOWS\system32\tjfgtsad.dll 2008-06-19 16:58 . 2008-06-19 16:59 47,392 --a------ C:\Program Files\cc_20080619_1658.reg 2008-06-19 16:31 . 2008-06-19 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner 2008-06-19 13:58 . 2008-06-19 13:58 396,288 --a------ C:\HijackThis.exe 2008-06-18 19:00 . 2008-06-18 19:00 398 --a------ C:\Program Files\cc_20080618_1900.reg 2008-06-18 12:49 . 2008-06-18 12:49 19,152 --a------ C:\Program Files\cc_20080618_1249.reg 2008-06-18 12:39 . 2008-06-18 12:39 218,808 --a------ C:\Program Files\cc_20080618_1238.reg 2008-06-18 12:33 . 2008-06-18 12:33 <DIR> d-------- C:\Program Files\CCleaner 2008-06-17 21:51 . 2008-06-21 21:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-17 21:51 . 2008-06-21 21:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-17 21:48 . 2008-06-17 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-06-17 21:48 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-06-17 21:48 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-06-17 21:48 . 2008-06-17 21:50 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-06-17 21:47 . 2008-06-17 21:47 <DIR> d-------- C:\Program Files\Zone Labs 2008-06-17 21:46 . 2008-06-17 21:46 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-06-17 19:09 . 2008-06-19 12:55 2,626 ---hs---- C:\WINDOWS\system32\lrjqbixg.ini 2008-06-17 11:53 . 2008-06-17 11:53 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-17 11:49 . 2008-06-17 11:49 5,842,088 --a------ C:\Program Files\Firefox Setup 2.0.0.14.exe 2008-06-16 19:10 . 2008-06-16 19:10 62,976 -r-hs---- C:\WINDOWS\servicean.exe 2008-06-16 16:51 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-16 16:51 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-16 13:59 . 2008-06-17 18:58 2,086 ---hs---- C:\WINDOWS\system32\qpiydiio.ini 2008-06-16 13:51 . 2008-06-16 13:51 <DIR> d-------- C:\Program Files\Alwil Software 2008-06-16 13:50 . 2008-06-16 13:50 24,041,968 --a------ C:\Program Files\setupfin.exe 2008-06-14 23:25 . 2008-06-16 12:58 1,314 ---hs---- C:\WINDOWS\system32\lsqkmnnj.ini 2008-06-13 23:56 . 2008-06-14 23:21 954 ---hs---- C:\WINDOWS\system32\dedyrnge.ini 2008-06-12 21:03 . 2008-06-13 23:54 834 ---hs---- C:\WINDOWS\system32\nlecomeu.ini 2008-06-10 16:12 . 2008-06-12 20:58 774 ---hs---- C:\WINDOWS\system32\yiyncooc.ini 2008-06-08 00:35 . 2008-06-10 16:06 534 ---hs---- C:\WINDOWS\system32\nfsobrua.ini 2008-06-05 19:41 . 2008-06-08 00:30 354 ---hs---- C:\WINDOWS\system32\hbskjdmg.ini 2008-06-05 19:34 . 2008-06-05 19:34 <DIR> d--hs---- C:\FOUND.001 2008-06-04 01:21 . 2008-06-04 01:21 4,217 --a------ C:\WINDOWS\is154890.exe 2008-06-02 13:51 . 2008-06-05 19:37 1,426 ---hs---- C:\WINDOWS\system32\ymfqxibw.ini 2008-06-02 13:46 . 2008-06-02 13:46 0 --a------ C:\WINDOWS\system32\pjaxcxyy.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-20 11:53 1,410,483 ------w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-06-19 17:02 867,328 ------w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-06-19 17:02 1,381,888 ------w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-06-01 14:14 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-06-01 14:14 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2008-04-17 10:47 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2008-04-02 18:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2007-04-03 19:33 251 ----a-w C:\Program Files\wt3d.ini . ((((((((((((((((((((((((((((( snapshot@2008-06-19_23.00.28.71 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-19 19:56:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-21 18:37:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-21 18:37:56 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_404.dat + 2008-06-21 18:37:40 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat + 2008-06-21 18:39:04 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_ab4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Contact Manager Alerts"="C:\Program Files\Contact Manager\Alerts.exe" [2007-09-11 17:39 10072064] "Registry Helper"="C:\Program Files\Registry Helper\LaunchRegistryHelper.exe" [ ]
ja tässä vielä hjt logi: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:07, on 2008-06-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Contact Manager\Alerts.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [BM012b199f] Rundll32.exe "C:\WINDOWS\system32\mauvpdrm.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Contact Manager Alerts] C:\Program Files\Contact Manager\Alerts.exe O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe" "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?807f936eb60e4329894f01c05d48b8c8 O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?807f936eb60e4329894f01c05d48b8c8 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 9295 bytes
