Hi, thanks for helping me
i have done the stuff as instructed but the virus are still there
there is my sdfix log
SDFix: Version 1.144Run by Forlife on Thu 02/21/2008 at 10:11 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-21 22:21:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000009
"TracesSuccessful"=dword:00000008
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 44
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
Files with Hidden Attributes:
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Thu 29 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT1.tmp"
Finished!my combo fix log
ComboFix 08-02-20.2 - Forlife 2008-02-21 22:41:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.159 [GMT 8:00]
Running from: C:\Documents and Settings\Forlife\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
.
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.
2008-02-21 22:51 . 54,156 C:\WINDOWS\QTFont.qfn
2008-02-21 22:51 . 1,409 C:\WINDOWS\QTFont.for
2008-02-21 22:49 . 2008-02-21 22:53 165,704 --ahs---- C:\WINDOWS\system32\ijjlm.ini
2008-02-21 11:11 . 2008-02-21 22:05 1,428 --a------ C:\vpwaf.dat
2008-02-20 21:16 . 2008-02-20 21:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-20 21:05 . 2008-02-21 22:37 <DIR> d-------- C:\SDFix
2008-02-20 19:58 . 2008-02-20 19:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-20 13:59 . 2008-02-20 13:59 <DIR> d-------- C:\_OTMoveIt
2008-02-19 22:09 . 2008-02-19 22:09 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-19 18:14 . 2008-02-19 18:14 8 --a------ C:\WINDOWS\system32\5ad1940c
2008-02-19 12:44 . 2008-02-19 13:32 32,768 --a------ C:\Sales by Items Converted18.xls
2008-02-15 11:40 . 2008-02-15 11:41 30,720 --a------ C:\Sales by Items Converted 14.xls
2008-02-13 11:06 . 2008-02-13 11:07 334,336 --a------ C:\WINDOWS\system32\mljji.dll
2008-01-26 10:45 . 2008-01-26 10:58 39,424 --a------ C:\Sales by Items Converted 25.xls
2008-01-22 11:15 . 2008-01-22 11:22 32,256 --a------ C:\Sales by Items Converted21.xls
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 12:59 --------- d-----w C:\Documents and Settings\Forlife\Application Data\Canon
2008-02-19 14:33 --------- d-----w C:\Program Files\AddPick
2008-02-15 03:17 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-02-12 05:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-01 04:51 --------- d-----w C:\Documents and Settings\Forlife\Application Data\ICAClient
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2006-08-12 07:33 87,752 ----a-w C:\Documents and Settings\Forlife\Application Data\GDIPFONTCACHEV1.DAT
2006-08-03 11:17 87,752 -c--a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-07-06 10:10 87,752 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44B98808-182E-4251-9096-BE86AFB2B4F1}]
2008-02-13 11:07 334336 --a------ C:\WINDOWS\system32\mljji.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 01:21 90112]
"ACU"="C:\Program Files\SMCWUSBT-G EZ Connect TM g 108 Mbps 802.11g Wireless USB 2.0 Adapter\ACU.exe" [2005-07-21 18:03 397312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-05-13 19:59 180269]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"MpsOnn"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\MpsOnn.exe" [2001-11-19 17:14 22528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-04-17 10:47 77824]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 15:56 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-11-18 20:19:14 225280]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mljji.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 15:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
--a--c--- 2002-06-03 11:38 49152 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-04-17 10:47 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
--a--c--- 2002-08-07 22:24 485376 C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a--c--- 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2004-05-13 19:59 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a--c--- 2003-03-31 18:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
R2 SmartProtection Service;SmartProtection Agent Service;C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe [2006-04-19 14:44]
R2 U3SHLPDR200;U3SHLPDR200;C:\WINDOWS\System32\Drivers\U3SHLPDR200.SYS [2007-09-03 22:39]
R3 Serport;iTegno Modem driver;C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2002-08-08 11:13]
S3 AR5523;Atheros USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-06-09 03:15]
S3 ATHFMWDL;Atheros USB Wireless Adapter Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-06-09 03:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1feb4cc0-7639-11dc-86dd-000e7fa98b28}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{389fc0a8-36c8-11dc-8682-000e7fa98b28}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c0faf5f-c894-11db-85e2-000e7fa98b28}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41fbf27b-4951-11dc-869f-000e7fa98b28}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9368c9fa-a269-11dc-8714-000e7fa98b28}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0abdde0-59de-11dc-86b2-000e7fa98b28}]
\Shell\AutoOpen\command - F:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7fd4ea8-132b-11dc-864c-0004e2f65620}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-09-12 06:21:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-21 22:51:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\mljji.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-02-21 23:00:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 15:00:35
ComboFix2.txt 2008-02-20 06:59:46
.
2008-02-14 04:42:05 --- E O F ---
and lastly my hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:20 PM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\SMCWUSBT-G EZ Connect TM g 108 Mbps 802.11g Wireless USB 2.0 Adapter\ACU.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.4life.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://go.compaq.com...DT/0409/bl8.aspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.compaq.com...DT/0409/bl7.aspR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll
O2 - BHO: (no name) - {44B98808-182E-4251-9096-BE86AFB2B4F1} - C:\WINDOWS\system32\mljji.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ACU] C:\Program Files\SMCWUSBT-G EZ Connect TM g 108 Mbps 802.11g Wireless USB 2.0 Adapter\ACU.exe -nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MpsOnn] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\MpsOnn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zon...kr.cab56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1181632953734O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://zone.msn.com/...mjolauncher.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://cdn2.zone.msn...gr.cab31267.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn...ro.cab56649.cabO16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} (FViewerLoading Class) -
http://www.flipviewe.../exe/fv373p.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -
http://zone.msn.com/...outLauncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/...ploader_v10.cabO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) -
http://us.dl1.yimg.c...ebio5_1_6_0.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E68975B3-5C0A-48C6-AB0A-7C2B71A913CA}: NameServer = 202.148.161.44,202.136.31.2
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartProtection Agent Service (SmartProtection Service) - Unknown owner - C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
--
End of file - 7608 bytes