Hidden popup??

xxarlokxx · 07-06-2008, 05:25 AM

I got another problem to my computer. Now it runs really really slow. When i open task manager. I see 2 iexplorer.exe take up like 33000k of my space. but then i normally use firefox. so i end task those 2 iexplorer.exe and they regenerate itself. So when i turn off my computer, i can clearly see there is a flash of website behind the whole background. How to remove that??? My computer is so slow that it takes like 10 minutes to turn on...

**Buzz1927** · 07-06-2008, 05:27 AM

Post a Hijackthis log.
Hijackthis Logs

xxarlokxx · 07-06-2008, 09:15 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:02 AM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\kcoin32.exe
C:\WINDOWS\system32\inf\svchosd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {0B497AE8-3F6C-440C-AB87-52ED0182464A} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
O2 - BHO: (no name) - {1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - C:\Program Files\Internet Explorer\IEXPLORE32.win
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll (file missing)
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll (file missing)
O2 - BHO: opshcbty.dll - {32596546-2036-9451-6058-658402589723} - C:\WINDOWS\system32\opshcbty.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - C:\WINDOWS\system32\nhmxdjkl.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: skqnebib.dll - {52023698-6984-8541-9654-698745012525} - C:\WINDOWS\system32\skqnebib.dll
O2 - BHO: mpwdeapi.dll - {55694105-5108-9405-3695-954187462155} - C:\WINDOWS\system32\mpwdeapi.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: pjjxfdwd.dll - {64FAE856-AD58-20CB-A025-CD4895FA6E46} - C:\WINDOWS\system32\pjjxfdwd.dll
O2 - BHO: (no name) - {74381DEC-D78B-43E4-BA5D-5244F669EBE4} - C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys
O2 - BHO: zxmsdwin.dll - {7A041F13-A111-12A3-B0CF-F99818AA68A7} - C:\WINDOWS\system32\zxmsdwin.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll
O2 - BHO: hdf453d.dll - {B629FF4F-ACDB-5C90-A098-FACB3456A26B} - C:\WINDOWS\system32\hdf453d.dll
O2 - BHO: (no name) - {E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sticker] C:\Program Files\MoRUN.net\Sticker\sticker.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [kcoin] kcoin32.exe
O4 - HKLM\..\Policies\Explorer\Run: [initnyuser] C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\wftadfi16_080702a.dll tanlt88
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379191747
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162425286125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: welldon.dll,nhmxcjkl.dll,yzztkmsn.dll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll
O21 - SSODL: midimapgj - {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll
O21 - SSODL: cliconfgzx.dll - {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll
O21 - SSODL: catsrvwl.dll - {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll
O21 - SSODL: kbdswjr.dll - {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll
O21 - SSODL: tscfgwmijxsj.dll - {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll
O21 - SSODL: msobjstl.dll - {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll
O21 - SSODL: adsntzt.dll - {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll
O21 - SSODL: bootvidgj.dll - {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll
O21 - SSODL: midimappt - {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 11794 bytes

cohen · 07-06-2008, 10:08 AM

Can you pls do the following

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Can you pls then post a fresh hijackthis log.

xxarlokxx · 07-06-2008, 11:08 AM

vfind.exe was ended

This is the combo fix log:

ComboFix 08-07-05.1 - Steven C 2008-07-06 5:46:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.136 [GMT -4:00]Running from: C:\Documents and Settings\Steven C\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\dbi100.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\IEXPLORE32.Dat
C:\Program Files\Internet Explorer\IEXPLORE32.jmp
C:\Program Files\Internet Explorer\IEXPLORE32.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.win
C:\Program Files\Internet Explorer\PLUGINS\UnixSys32.Jmp
C:\WINDOWS\system32\aitlasys.exe
C:\WINDOWS\system32\axmsawin.exe
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ciwdaapi.sys
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\etshabty.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\hdf453d.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\isdsasrv.exe
C:\WINDOWS\system32\ismhasrv.exe
C:\WINDOWS\system32\jashbbty.sys
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\kcoin32.dll
C:\WINDOWS\system32\kcoin32.exe
C:\WINDOWS\system32\lojxadwd.exe
C:\WINDOWS\system32\lpsgajba.exe
C:\WINDOWS\system32\mfdesy.dll
C:\WINDOWS\system32\MMHADPQG1097.dll
C:\WINDOWS\system32\MMHADPQG1100.dll
C:\WINDOWS\system32\MMHADPQG1101.dll
C:\WINDOWS\system32\mnmhgsrv.dll
C:\WINDOWS\system32\mpwdeapi.dll
C:\WINDOWS\system32\mtewdh.dll
C:\WINDOWS\system32\opshcbty.dll
C:\WINDOWS\system32\ozfyebyt.dll
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\simyaapi.exe
C:\WINDOWS\system32\siwdaapi.exe
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\tdggrz.dll
C:\WINDOWS\system32\toqnabib.sys
C:\WINDOWS\system32\wklsdd.dll
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\system32\ysjxbdwd.sys
C:\WINDOWS\system32\yxcschlp.dll
C:\WINDOWS\system32\zaztamsn.exe
C:\WINDOWS\system32\zgrjdx.dll
C:\WINDOWS\system32\zptlcsys.dll
C:\WINDOWS\system32\zxcsahlp.exe
C:\WINDOWS\system32\zxmsdwin.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HDV32
-------\Legacy_SEICTRL
-------\Service_Hdv32
-------\Service_seictrl

((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-03 06:10 . 2008-07-03 06:10 18,432 --a------ C:\WINDOWS\system32\dbi100.dll
2008-07-03 06:09 . 2008-07-03 06:09 19,015 --a------ C:\WINDOWS\system32\tqgs27.exe
2008-07-03 06:08 . 2008-07-03 06:08 10,420 --a------ C:\WINDOWS\system32\mxtq9.exe
2008-07-03 06:01 . 2008-07-03 06:01 30,836 --a------ C:\WINDOWS\system32\divq38.exe
2008-07-03 06:01 . 2008-07-03 06:01 19,015 --a------ C:\WINDOWS\system32\uhhn27.exe
2008-07-03 06:00 . 2008-07-03 06:00 10,420 --a------ C:\WINDOWS\system32\jqcu9.exe
2008-07-03 05:30 . 2008-07-03 05:30 <DIR> d-------- C:\WINDOWS\system32\inf
2008-07-03 05:30 . 2008-07-06 05:59 230,912 --a------ C:\WINDOWS\dcbdcatys32_080702a.dll
2008-07-03 05:30 . 2008-07-03 05:30 222,208 --ah----- C:\WINDOWS\system32\jdsaex.dll
2008-07-03 05:30 . 2008-07-03 05:30 115,472 --a------ C:\WINDOWS\system32\flje29.exe
2008-07-03 05:30 . 2008-07-03 05:30 115,472 --a------ C:\WINDOWS\system\sgcxcxxaspf080702.exe
2008-07-03 05:30 . 2008-07-03 05:30 32,256 --a------ C:\WINDOWS\wftadfi16_080702a.dll
2008-07-03 05:30 . 2008-07-06 05:59 474 --a------ C:\WINDOWS\twisys.ini
2008-07-03 05:29 . 2008-07-03 05:29 28,672 --a------ C:\WINDOWS\system32\wolko.dll
2008-07-03 05:29 . 2008-07-03 05:29 28,672 --a------ C:\WINDOWS\system32\he1low.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\ziflok.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\wcpome.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\mymusi.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\gwofw.dll
2008-07-03 02:20 . 2008-07-03 02:20 30,836 --a------ C:\WINDOWS\system32\jpri38.exe
2008-07-03 02:19 . 2008-07-03 02:19 19,015 --a------ C:\WINDOWS\system32\qadu27.exe
2008-07-03 02:18 . 2008-07-03 02:18 10,420 --a------ C:\WINDOWS\system32\iwco9.exe
2008-07-03 02:10 . 2007-06-13 06:23 1,033,216 --a------ C:\WINDOWS\eqlk.exe
2008-07-03 02:07 . 2008-07-03 02:07 30,836 --a------ C:\WINDOWS\system32\szvy38.exe
2008-07-03 02:06 . 2008-07-03 02:06 19,015 --a------ C:\WINDOWS\system32\nuuu27.exe
2008-07-03 02:05 . 2008-07-03 02:05 10,420 --a------ C:\WINDOWS\system32\ljmy9.exe
2008-07-02 11:49 . 2008-07-02 11:49 30,837 --a------ C:\WINDOWS\system32\umfd38.exe
2008-07-02 11:49 . 2008-07-02 11:49 19,021 --a------ C:\WINDOWS\system32\bsdx27.exe
2008-07-02 11:47 . 2008-07-02 11:47 10,420 --a------ C:\WINDOWS\system32\bsdk9.exe
2008-06-30 10:35 . 2008-07-03 06:09 225,792 --ah----- C:\WINDOWS\system32\sgdewg.dll
2008-06-30 10:35 . 2008-06-30 10:35 218,624 --ah----- C:\WINDOWS\system32\jfdses.dll
2008-06-30 10:35 . 2008-06-30 10:35 30,837 --a------ C:\WINDOWS\system32\wvmk38.exe
2008-06-30 10:35 . 2008-07-03 06:10 24,576 --a------ C:\WINDOWS\system32\womsoy.dll
2008-06-30 10:35 . 2008-06-30 10:35 18,488 --a------ C:\WINDOWS\system32\otbb27.exe
2008-06-30 10:35 . 2008-07-03 06:10 11,264 --a------ C:\WINDOWS\system32\womsoyk.exe
2008-06-30 10:34 . 2008-07-03 06:09 225,792 --ah----- C:\WINDOWS\system32\tdffdl.dll
2008-06-30 10:34 . 2008-07-06 05:58 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-30 10:34 . 2008-07-06 05:58 24 --a------ C:\WINDOWS\system32\ijzhatde.sys
2008-06-30 10:33 . 2008-07-03 06:08 229,376 --ah----- C:\WINDOWS\system32\pedadt.dll
2008-06-30 10:33 . 2008-06-30 10:33 10,420 --a------ C:\WINDOWS\system32\ragc9.exe
2008-06-28 06:02 . 2008-06-28 06:02 135,168 --a------ C:\zip.exe
2008-06-28 06:02 . 2008-06-28 06:02 19,286 --a------ C:\cleanup.exe
2008-06-28 06:02 . 2008-06-28 06:02 574 --a------ C:\cleanup.bat
2008-06-28 06:02 . 2008-06-28 06:02 0 --a------ C:\backup.reg
2008-06-28 02:21 . 2008-06-28 02:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 14:56 . 2008-06-25 14:56 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-25 14:49 . 2008-06-25 14:49 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-25 06:11 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-25 04:38 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-25 03:59 . 2008-07-03 02:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 03:59 . 2008-07-03 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 03:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-25 02:09 . 2008-06-25 13:31 30,968 --a------ C:\Documents and Settings\Steven C\setupg.exe
2008-06-24 12:46 . 2008-01-05 16:53 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-24 08:14 . 2008-06-24 00:10 31,048 --------- C:\Documents and Settings\Steven C\setupd.exe
2008-06-24 06:47 . 2008-06-24 06:47 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-24 06:04 . 2008-06-28 01:39 49,152 --a------ C:\WINDOWS\system32\5A634FAC.DLL
2008-06-24 01:15 . 2008-06-24 01:16 <DIR> d-------- C:\Program Files\QuickTime
2008-06-24 01:13 . 2008-06-24 01:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-22 04:15 . 2008-06-22 04:15 <DIR> d-------- C:\Downloads
2008-06-22 04:15 . 2008-06-22 04:15 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-22 04:14 . 2008-06-22 04:20 <DIR> d-------- C:\Program Files\BitComet
2008-06-06 02:05 . 2008-06-06 02:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-06 08:51 --------- d-----w C:\Program Files\Warcraft III
2008-07-02 05:35 --------- d-----w C:\Program Files\Steam
2008-06-24 05:18 --------- d-----w C:\Documents and Settings\Steven C\Application Data\Apple Computer
2008-06-24 05:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-22 08:02 --------- d-----w C:\Documents and Settings\Steven C\Application Data\uTorrent
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-21 16:47 --------- d-----w C:\Documents and Settings\Steven C\Application Data\Samsung
2008-05-21 16:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-21 06:11 --------- d-----w C:\Program Files\Samsung
2008-05-18 09:46 --------- d-----w C:\Program Files\Tales of Pirates Online
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 03:02 --------- d-----w C:\Program Files\SopCast
2008-05-06 04:16 --------- d-----w C:\Documents and Settings\Steven C\Application Data\vlc
2008-05-06 04:15 --------- d-----w C:\Program Files\VideoLAN
2008-02-01 02:35 28,080 ----a-w C:\Documents and Settings\Steven C\Application Data\GDIPFONTCACHEV1.DAT
2004-08-08 10:09 1,040 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 14:34 537,608 --sh--w C:\WINDOWS\system32\apsggjba.dll
2004-08-08 14:34 538,120 --sh--w C:\WINDOWS\system32\apzhctde.dll
2004-08-08 10:09 15,789 --sh--w C:\WINDOWS\system32\dfqnabib.exe
2004-08-08 10:09 3,120 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 10:08 520 --sh--w C:\WINDOWS\system32\gpzhatde.sys
2004-08-08 10:10 16,341 --sh--w C:\WINDOWS\system32\lpmxajkl.exe
2004-08-08 10:08 17,228 --sh--w C:\WINDOWS\system32\lpzhatde.exe
2004-08-08 14:34 534,024 --sh--w C:\WINDOWS\system32\mndshsrv.dll
2004-08-08 14:35 536,072 --sh--w C:\WINDOWS\system32\nhmxdjkl.dll
2004-08-08 14:34 536,072 --sh--w C:\WINDOWS\system32\pjjxfdwd.dll
2004-08-08 14:34 536,584 --sh--w C:\WINDOWS\system32\rijxbkin.dll
2004-08-08 10:10 520 --sh--w C:\WINDOWS\system32\rnmxajkl.sys
2004-08-08 15:48 535,048 --sh--w C:\WINDOWS\system32\skqnebib.dll
2004-08-08 10:09 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 10:08 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 10:09 16,602 --sh--w C:\WINDOWS\system32\stjxakin.exe
2004-08-08 10:08 15,129 --sh--w C:\WINDOWS\system32\tjfyabyt.exe
2004-08-08 14:33 536,584 --sh--w C:\WINDOWS\system32\yzztkmsn.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-28_ 2.52.24.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 06:45:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-06 09:58:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-07-03 10:08:19 851,744 ----a-w C:\WINDOWS\system32\adsntzt.dll
+ 2001-07-03 10:08:40 717,460 ----a-w C:\WINDOWS\system32\bootvidgj.dll
+ 2001-07-03 10:09:28 937,760 ----a-w C:\WINDOWS\system32\catsrvwl.dll
+ 2001-07-03 10:08:43 606,124 ----a-w C:\WINDOWS\system32\cliconfgzx.dll
- 2008-06-20 01:33:23 3,472 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2008-07-02 05:34:55 3,472 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2001-08-17 17:52:30 18,688 -c--a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
+ 2001-07-03 09:29:18 574,612 ----a-w C:\WINDOWS\system32\dpvvoxmh.dll
- 2001-08-23 12:00:00 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
+ 2001-08-17 17:52:30 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
+ 2008-07-03 09:30:36 32,256 ----a-w C:\WINDOWS\system32\inf\scsys16_080702.dll
+ 2008-07-03 09:30:31 115,472 ----a-w C:\WINDOWS\system32\inf\sppdcrs080702.scr
+ 2004-08-04 05:56:56 33,280 ----a-w C:\WINDOWS\system32\inf\svchosd.exe
+ 2001-07-03 10:09:45 982,304 ----a-w C:\WINDOWS\system32\kbdswjr.dll
+ 2001-07-03 09:30:03 913,184 ----a-w C:\WINDOWS\system32\ksuserfy.dll
+ 2001-06-30 14:34:09 1,072,788 ----a-w C:\WINDOWS\system32\midimapgj.dll
+ 2001-07-03 09:30:06 1,067,668 ----a-w C:\WINDOWS\system32\midimappt.dll
+ 2001-07-03 10:10:18 927,008 ----a-w C:\WINDOWS\system32\msobjstl.dll
+ 2001-07-02 15:47:46 688,788 ----a-w C:\WINDOWS\system32\rasdlgcq.dll
+ 2001-07-03 10:09:59 605,472 ----a-w C:\WINDOWS\system32\tscfgwmijxsj.dll
- 2008-05-25 10:10:05 87,397 ----a-w C:\WINDOWS\War3Unin.dat
+ 2008-07-01 03:18:34 88,451 ----a-w C:\WINDOWS\War3Unin.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25FD6584-698F-BCD2-602C-698745210352}]
2004-08-08 10:34 536584 ---hs---- C:\WINDOWS\system32\rijxbkin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D698451-2015-6358-9871-2015987452D3}]
2004-08-08 10:34 538120 ---hs---- C:\WINDOWS\system32\apzhctde.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47AC9076-C898-B098-D098-A18319080974}]
2004-08-08 10:35 536072 ---hs---- C:\WINDOWS\system32\nhmxdjkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52023698-6984-8541-9654-698745012525}]
2004-08-08 11:48 535048 ---hs---- C:\WINDOWS\system32\skqnebib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64FAE856-AD58-20CB-A025-CD4895FA6E46}]
2004-08-08 10:34 536072 ---hs---- C:\WINDOWS\system32\pjjxfdwd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74381DEC-D78B-43E4-BA5D-5244F669EBE4}]
2008-07-03 06:01 44660 --ahs---- C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD45A54-9875-698F-E56E-65102358FDF7}]
2004-08-08 10:34 537608 ---hs---- C:\WINDOWS\system32\apsggjba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87FD640A-158F-48AC-FD14-1597F14A9778}]
2004-08-08 10:34 534024 ---hs---- C:\WINDOWS\system32\mndshsrv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B490415F-65F8-B5C5-D8BA-9405FB12054B}]
2004-08-08 10:33 536584 ---hs---- C:\WINDOWS\system32\yzztkmsn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT \TINTSETP.EXE" [2002-08-28 17:39 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TIN TSETP.EXE" [2002-08-28 17:39 455168]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 18:49 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-04 22:24 185896]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48 157592]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I4V1.EXE" [2004-03-22 13:00 99840]
"EPSON Stylus CX1500 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_ S4I4V1.EXE" [2004-03-22 13:00 99840]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" [2004-08-03 23:32 208952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 13:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 15:01 88209 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Curr entversion\policies\explorer\Run]
"initnyuser"="C:\WINDOWS\system32\inf\svchosd. exe" [2004-08-04 01:56 33280]

C:\Documents and Settings\Steven C\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{B490415F-65F8-B5C5-D8BA-9405FB12054B}"= "C:\WINDOWS\system32\yzztkmsn.dll" [2004-08-08 10:33 536584]
"{7FD45A54-9875-698F-E56E-65102358FDF7}"= "C:\WINDOWS\system32\apsggjba.dll" [2004-08-08 10:34 537608]
"{3D698451-2015-6358-9871-2015987452D3}"= "C:\WINDOWS\system32\apzhctde.dll" [2004-08-08 10:34 538120]
"{74381DEC-D78B-43E4-BA5D-5244F669EBE4}"= "C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys" [2008-07-03 06:01 44660]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= "C:\WINDOWS\system32\pedadt.dll" [2008-07-03 06:08 229376]
"{4F4F0064-71E0-4f0d-0003-708476C7815F}"= "C:\WINDOWS\system32\midimapgj.dll" [2001-06-30 10:34 1072788]
"{25FD6584-698F-BCD2-602C-698745210352}"= "C:\WINDOWS\system32\rijxbkin.dll" [2004-08-08 10:34 536584]
"{87FD640A-158F-48AC-FD14-1597F14A9778}"= "C:\WINDOWS\system32\mndshsrv.dll" [2004-08-08 10:34 534024]
"{C0595A7E-2E2F-4B34-A83A-019270A0A464}"= "C:\WINDOWS\system32\tdffdl.dll" [2008-07-03 06:09 225792]
"{64FAE856-AD58-20CB-A025-CD4895FA6E46}"= "C:\WINDOWS\system32\pjjxfdwd.dll" [2004-08-08 10:34 536072]
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"= "C:\WINDOWS\system32\jfdses.dll" [2008-06-30 10:35 218624]
"{47AC9076-C898-B098-D098-A18319080974}"= "C:\WINDOWS\system32\nhmxdjkl.dll" [2004-08-08 10:35 536072]
"{52023698-6984-8541-9654-698745012525}"= "C:\WINDOWS\system32\skqnebib.dll" [2004-08-08 11:48 535048]
"{00010001-0001-0001-0001-00010001BB15}"= "C:\WINDOWS\system32\adsntzt.dll" [2001-07-03 06:08 851744]
"{00030003-0003-0003-0003-00030003BB15}"= "C:\WINDOWS\system32\bootvidgj.dll" [2001-07-03 06:08 717460]
"{00050005-0005-0005-0005-00050005BB15}"= "C:\WINDOWS\system32\cliconfgzx.dll" [2001-07-03 06:08 606124]
"{00040004-0004-0004-0004-00040004BB15}"= "C:\WINDOWS\system32\catsrvwl.dll" [2001-07-03 06:09 937760]
"{00120012-0012-0012-0012-00120012BB15}"= "C:\WINDOWS\system32\kbdswjr.dll" [2001-07-03 06:09 982304]
"{00330033-0033-0033-0033-00330033BB15}"= "C:\WINDOWS\system32\tscfgwmijxsj.dll" [2001-07-03 06:09 605472]
"{00170017-0017-0017-0017-00170017BB15}"= "C:\WINDOWS\system32\msobjstl.dll" [2001-07-03 06:10 927008]
"{4F4F0064-71E0-4f0d-0021-708476C7815F}"= "C:\WINDOWS\system32\midimappt.dll" [2001-07-03 05:30 1067668]
"{B29583D8-033A-4B9F-8553-7C5458F3FB8E}"= "C:\WINDOWS\system32\jdsaex.dll" [2008-07-03 05:30 222208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"midimapgj"= {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll [2001-06-30 10:34 1072788]
"cliconfgzx.dll"= {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll [2001-07-03 06:08 606124]
"catsrvwl.dll"= {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll [2001-07-03 06:09 937760]
"kbdswjr.dll"= {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll [2001-07-03 06:09 982304]
"tscfgwmijxsj.dll"= {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll [2001-07-03 06:09 605472]
"msobjstl.dll"= {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll [2001-07-03 06:10 927008]
"adsntzt.dll"= {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll [2001-07-03 06:08 851744]
"bootvidgj.dll"= {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll [2001-07-03 06:08 717460]
"midimappt"= {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll [2001-07-03 05:30 1067668]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=welldon.dll,nhmxcjkl.dll,yzztkmsn.d ll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ati2evxx.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\idag.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kaccore.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OllyDBG.EXE]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OllyICE.EXE]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravtool.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regtool.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwproxy.exeFYFireWall.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safebank.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinDbg.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-31 01:42 1271032 C:\Program Files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaws.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\loki2882@hotmail.com\\cou nter-strike\\hl.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Steam\\steamapps\\loki2882@hotmail.com\\day of defeat\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:Utor1
"1720:TCP"= 1720:TCP:utorrent
"1720:UDP"= 1720:UDP:utorrent1
"12535:TCP"= 12535:TCP:BitComet 12535 TCP
"12535:UDP"= 12535:UDP:BitComet 12535 UDP

S0 hjjku3xohj;hjjku3xohj;C:\WINDOWS\system32\drivers\ hjjku3xohj.sys [2004-08-04 01:56]
S0 tfj4g0kc8q;tfj4g0kc8;C:\WINDOWS\system32\DRIVERS\t fj4g0kc8q.sys [2004-08-04 01:56]
S3 epflt15;epflt15;C:\WINDOWS\system32\DRIVERS\epflt1 5.SYS [2004-10-09 16:10]
S3 esflt15;esflt15;C:\WINDOWS\system32\DRIVERS\esflt1 5.SYS [2004-11-16 19:52]
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2007-07-05 12:37]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2007-07-05 12:37]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2007-07-05 12:37]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2007-07-05 12:37]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2007-07-05 12:37]

.
- - - - ORPHANS REMOVED - - - -

BHO-{0B497AE8-3F6C-440C-AB87-52ED0182464A} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
BHO-{1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - C:\Program Files\Internet Explorer\IEXPLORE32.win
BHO-{32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll
BHO-{E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys
HKCU-Run-Sticker - C:\Program Files\MoRUN.net\Sticker\sticker.exe
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
ShellExecuteHooks-{6C648541-1025-9650-9057-6541258720C6} - (no file)
ShellExecuteHooks-{77FD640A-158F-48AC-FD14-1597F14A9777} - (no file)
ShellExecuteHooks-{6E091341-6715-2098-51F0-178367AE53E6} - (no file)
ShellExecuteHooks-{7C69034A-F45F-D34D-A33A-C33C4D324FC7} - (no file)
ShellExecuteHooks-{29109876-7619-9101-7012-901938475192} - (no file)
ShellExecuteHooks-{1A698452-C5D8-C584-C256-C264C987C5A1} - (no file)
ShellExecuteHooks-{E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys
ShellExecuteHooks-{1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - C:\Program Files\Internet Explorer\IEXPLORE32.win
ShellExecuteHooks-{0B497AE8-3F6C-440C-AB87-52ED0182464A} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
ShellExecuteHooks-{A9895933-6636-4281-BC58-EE6DE2AF96E3} - C:\WINDOWS\system32\ddserh.dll
ShellExecuteHooks-{32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll
ShellExecuteHooks-{d332093c-9d73-4868-b201-9464a1d97512} - C:\WINDOWS\system32\MMHADPQG1101.dll
Notify-WgaLogon - (no file)

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 05:59:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
************************************************** ************************
.
Completion time: 2008-07-06 6:06:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 10:06:12
ComboFix2.txt 2008-06-28 06:53:27

Pre-Run: 32,145,330,176 bytes free
Post-Run: 32,359,931,904 bytes free

403 --- E O F --- 2008-07-05 18:27:44

xxarlokxx · 07-06-2008, 11:09 AM

Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:45 AM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inf\svchosd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - C:\WINDOWS\system32\nhmxdjkl.dll
O2 - BHO: skqnebib.dll - {52023698-6984-8541-9654-698745012525} - C:\WINDOWS\system32\skqnebib.dll
O2 - BHO: pjjxfdwd.dll - {64FAE856-AD58-20CB-A025-CD4895FA6E46} - C:\WINDOWS\system32\pjjxfdwd.dll
O2 - BHO: (no name) - {74381DEC-D78B-43E4-BA5D-5244F669EBE4} - C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [initnyuser] C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\wftadfi16_080702a.dll tanlt88
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379191747
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162425286125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: welldon.dll,nhmxcjkl.dll,yzztkmsn.dll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll
O21 - SSODL: midimapgj - {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll
O21 - SSODL: cliconfgzx.dll - {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll
O21 - SSODL: catsrvwl.dll - {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll
O21 - SSODL: kbdswjr.dll - {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll
O21 - SSODL: tscfgwmijxsj.dll - {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll
O21 - SSODL: msobjstl.dll - {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll
O21 - SSODL: adsntzt.dll - {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll
O21 - SSODL: bootvidgj.dll - {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll
O21 - SSODL: midimappt - {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10088 bytes

cohen · 07-06-2008, 11:11 AM

how is your system running now???

I'll just read through your log, and be back with you soon.

xxarlokxx · 07-06-2008, 12:13 PM

i still see iexplore.exe taking 6,600k of space..but i dun use internet explorer...i use firefox..=="...
also..i sometime hear refreshing page sound..u know the clicking sound that kind of thing. But i wasnt doing anything.

cohen · 07-06-2008, 12:57 PM

Ok, i'll be with you soon, i'm just asking for some higher advice, on this one.

xxarlokxx · 07-06-2008, 02:50 PM

oh ok...thanks alot..=]

07-06-2008, 05:25 AM	#1 (permalink)
xxarlokxx Bronze Member Join Date: Jun 2008 Posts: 45	Hidden popup?? I got another problem to my computer. Now it runs really really slow. When i open task manager. I see 2 iexplorer.exe take up like 33000k of my space. but then i normally use firefox. so i end task those 2 iexplorer.exe and they regenerate itself. So when i turn off my computer, i can clearly see there is a flash of website behind the whole background. How to remove that??? My computer is so slow that it takes like 10 minutes to turn on...

07-06-2008, 05:27 AM	#2 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,104	Post a Hijackthis log. Hijackthis Logs __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

07-06-2008, 10:08 AM	#4 (permalink)
cohen Diamond Member Join Date: Jan 2008 Location: Melbourne, Australia Age: 14 Posts: 7,292	Can you pls do the following Download and Run ComboFix If you already have Combofix, please delete this copy and download it again as it's being updated regularly. Download this file from one of the three below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Then double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. Can you pls then post a fresh hijackthis log. __________________ Cohen Now has Windows Vista Home Premium Service Pack ! View My website My Computer Specs My Computer Pics E-mail + MSN Mac vs PC (Has swearing) How design a free website Where are you in the World??? Computer Forum Poll

07-06-2008, 11:11 AM	#7 (permalink)
cohen Diamond Member Join Date: Jan 2008 Location: Melbourne, Australia Age: 14 Posts: 7,292	how is your system running now??? I'll just read through your log, and be back with you soon. __________________ Cohen Now has Windows Vista Home Premium Service Pack ! View My website My Computer Specs My Computer Pics E-mail + MSN Mac vs PC (Has swearing) How design a free website Where are you in the World??? Computer Forum Poll

07-06-2008, 12:57 PM	#9 (permalink)
cohen Diamond Member Join Date: Jan 2008 Location: Melbourne, Australia Age: 14 Posts: 7,292	Ok, i'll be with you soon, i'm just asking for some higher advice, on this one. __________________ Cohen Now has Windows Vista Home Premium Service Pack ! View My website My Computer Specs My Computer Pics E-mail + MSN Mac vs PC (Has swearing) How design a free website Where are you in the World??? Computer Forum Poll

07-06-2008, 09:15 AM	#3 (permalink)
xxarlokxx Bronze Member Join Date: Jun 2008 Posts: 45	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:14:02 AM, on 7/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\kcoin32.exe C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {0B497AE8-3F6C-440C-AB87-52ED0182464A} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat O2 - BHO: (no name) - {1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - C:\Program Files\Internet Explorer\IEXPLORE32.win O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll (file missing) O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll (file missing) O2 - BHO: opshcbty.dll - {32596546-2036-9451-6058-658402589723} - C:\WINDOWS\system32\opshcbty.dll O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - C:\WINDOWS\system32\nhmxdjkl.dll O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll O2 - BHO: skqnebib.dll - {52023698-6984-8541-9654-698745012525} - C:\WINDOWS\system32\skqnebib.dll O2 - BHO: mpwdeapi.dll - {55694105-5108-9405-3695-954187462155} - C:\WINDOWS\system32\mpwdeapi.dll O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll O2 - BHO: pjjxfdwd.dll - {64FAE856-AD58-20CB-A025-CD4895FA6E46} - C:\WINDOWS\system32\pjjxfdwd.dll O2 - BHO: (no name) - {74381DEC-D78B-43E4-BA5D-5244F669EBE4} - C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys O2 - BHO: zxmsdwin.dll - {7A041F13-A111-12A3-B0CF-F99818AA68A7} - C:\WINDOWS\system32\zxmsdwin.dll O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll O2 - BHO: hdf453d.dll - {B629FF4F-ACDB-5C90-A098-FACB3456A26B} - C:\WINDOWS\system32\hdf453d.dll O2 - BHO: (no name) - {E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500" O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Sticker] C:\Program Files\MoRUN.net\Sticker\sticker.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKLM\..\Policies\Explorer\Run: [kcoin] kcoin32.exe O4 - HKLM\..\Policies\Explorer\Run: [initnyuser] C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\wftadfi16_080702a.dll tanlt88 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com...d/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379191747 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162425286125 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: welldon.dll,nhmxcjkl.dll,yzztkmsn.dll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll O21 - SSODL: midimapgj - {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll O21 - SSODL: cliconfgzx.dll - {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll O21 - SSODL: catsrvwl.dll - {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll O21 - SSODL: kbdswjr.dll - {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll O21 - SSODL: tscfgwmijxsj.dll - {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll O21 - SSODL: msobjstl.dll - {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll O21 - SSODL: adsntzt.dll - {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll O21 - SSODL: bootvidgj.dll - {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll O21 - SSODL: midimappt - {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 11794 bytes

07-06-2008, 11:09 AM	#6 (permalink)
xxarlokxx Bronze Member Join Date: Jun 2008 Posts: 45	Here is the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:07:45 AM, on 7/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - C:\WINDOWS\system32\nhmxdjkl.dll O2 - BHO: skqnebib.dll - {52023698-6984-8541-9654-698745012525} - C:\WINDOWS\system32\skqnebib.dll O2 - BHO: pjjxfdwd.dll - {64FAE856-AD58-20CB-A025-CD4895FA6E46} - C:\WINDOWS\system32\pjjxfdwd.dll O2 - BHO: (no name) - {74381DEC-D78B-43E4-BA5D-5244F669EBE4} - C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500" O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKLM\..\Policies\Explorer\Run: [initnyuser] C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\wftadfi16_080702a.dll tanlt88 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com...d/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379191747 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162425286125 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: welldon.dll,nhmxcjkl.dll,yzztkmsn.dll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll O21 - SSODL: midimapgj - {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll O21 - SSODL: cliconfgzx.dll - {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll O21 - SSODL: catsrvwl.dll - {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll O21 - SSODL: kbdswjr.dll - {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll O21 - SSODL: tscfgwmijxsj.dll - {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll O21 - SSODL: msobjstl.dll - {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll O21 - SSODL: adsntzt.dll - {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll O21 - SSODL: bootvidgj.dll - {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll O21 - SSODL: midimappt - {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 10088 bytes

07-06-2008, 12:13 PM	#8 (permalink)
xxarlokxx Bronze Member Join Date: Jun 2008 Posts: 45	i still see iexplore.exe taking 6,600k of space..but i dun use internet explorer...i use firefox..=="... also..i sometime hear refreshing page sound..u know the clicking sound that kind of thing. But i wasnt doing anything.

07-06-2008, 02:50 PM	#10 (permalink)
xxarlokxx Bronze Member Join Date: Jun 2008 Posts: 45	oh ok...thanks alot..=]

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Installed new theme, now I hear music..	jbrdbr111x	Computer Security	32	05-23-2008 10:12 PM
Hidden Folders	Downloader999	Operating Systems	6	02-21-2007 08:37 AM
can anybody help me in fixing errors......plssssss	krissonhead	Computer Security	31	05-25-2006 04:55 PM
hijackthis log\| HELP	dorkins	Computer Security	11	11-07-2005 01:07 AM
HijackThis Log and Rootkit Reveal	woody	Computer Security	3	11-03-2005 01:46 PM