Hidden popup??

X

xxarlokxx

New Member
I got another problem to my computer. Now it runs really really slow. When i open task manager. I see 2 iexplorer.exe take up like 33000k of my space. but then i normally use firefox. so i end task those 2 iexplorer.exe and they regenerate itself. So when i turn off my computer, i can clearly see there is a flash of website behind the whole background. How to remove that??? My computer is so slow that it takes like 10 minutes to turn on...
 
X

xxarlokxx

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:02 AM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\kcoin32.exe
C:\WINDOWS\system32\inf\svchosd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {0B497AE8-3F6C-440C-AB87-52ED0182464A} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
O2 - BHO: (no name) - {1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - C:\Program Files\Internet Explorer\IEXPLORE32.win
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll (file missing)
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll (file missing)
O2 - BHO: opshcbty.dll - {32596546-2036-9451-6058-658402589723} - C:\WINDOWS\system32\opshcbty.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - C:\WINDOWS\system32\nhmxdjkl.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: skqnebib.dll - {52023698-6984-8541-9654-698745012525} - C:\WINDOWS\system32\skqnebib.dll
O2 - BHO: mpwdeapi.dll - {55694105-5108-9405-3695-954187462155} - C:\WINDOWS\system32\mpwdeapi.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: pjjxfdwd.dll - {64FAE856-AD58-20CB-A025-CD4895FA6E46} - C:\WINDOWS\system32\pjjxfdwd.dll
O2 - BHO: (no name) - {74381DEC-D78B-43E4-BA5D-5244F669EBE4} - C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys
O2 - BHO: zxmsdwin.dll - {7A041F13-A111-12A3-B0CF-F99818AA68A7} - C:\WINDOWS\system32\zxmsdwin.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll
O2 - BHO: hdf453d.dll - {B629FF4F-ACDB-5C90-A098-FACB3456A26B} - C:\WINDOWS\system32\hdf453d.dll
O2 - BHO: (no name) - {E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sticker] C:\Program Files\MoRUN.net\Sticker\sticker.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [kcoin] kcoin32.exe
O4 - HKLM\..\Policies\Explorer\Run: [initnyuser] C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\wftadfi16_080702a.dll tanlt88
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379191747
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162425286125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: welldon.dll,nhmxcjkl.dll,yzztkmsn.dll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll
O21 - SSODL: midimapgj - {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll
O21 - SSODL: cliconfgzx.dll - {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll
O21 - SSODL: catsrvwl.dll - {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll
O21 - SSODL: kbdswjr.dll - {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll
O21 - SSODL: tscfgwmijxsj.dll - {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll
O21 - SSODL: msobjstl.dll - {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll
O21 - SSODL: adsntzt.dll - {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll
O21 - SSODL: bootvidgj.dll - {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll
O21 - SSODL: midimappt - {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 11794 bytes
 
cohen

cohen

New Member
Can you pls do the following

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Can you pls then post a fresh hijackthis log.
 
X

xxarlokxx

New Member
vfind.exe was ended

This is the combo fix log:

ComboFix 08-07-05.1 - Steven C 2008-07-06 5:46:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.136 [GMT -4:00]Running from: C:\Documents and Settings\Steven C\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\dbi100.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\IEXPLORE32.Dat
C:\Program Files\Internet Explorer\IEXPLORE32.jmp
C:\Program Files\Internet Explorer\IEXPLORE32.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.win
C:\Program Files\Internet Explorer\PLUGINS\UnixSys32.Jmp
C:\WINDOWS\system32\aitlasys.exe
C:\WINDOWS\system32\axmsawin.exe
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ciwdaapi.sys
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\etshabty.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\hdf453d.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\isdsasrv.exe
C:\WINDOWS\system32\ismhasrv.exe
C:\WINDOWS\system32\jashbbty.sys
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\kcoin32.dll
C:\WINDOWS\system32\kcoin32.exe
C:\WINDOWS\system32\lojxadwd.exe
C:\WINDOWS\system32\lpsgajba.exe
C:\WINDOWS\system32\mfdesy.dll
C:\WINDOWS\system32\MMHADPQG1097.dll
C:\WINDOWS\system32\MMHADPQG1100.dll
C:\WINDOWS\system32\MMHADPQG1101.dll
C:\WINDOWS\system32\mnmhgsrv.dll
C:\WINDOWS\system32\mpwdeapi.dll
C:\WINDOWS\system32\mtewdh.dll
C:\WINDOWS\system32\opshcbty.dll
C:\WINDOWS\system32\ozfyebyt.dll
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\simyaapi.exe
C:\WINDOWS\system32\siwdaapi.exe
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\tdggrz.dll
C:\WINDOWS\system32\toqnabib.sys
C:\WINDOWS\system32\wklsdd.dll
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\system32\ysjxbdwd.sys
C:\WINDOWS\system32\yxcschlp.dll
C:\WINDOWS\system32\zaztamsn.exe
C:\WINDOWS\system32\zgrjdx.dll
C:\WINDOWS\system32\zptlcsys.dll
C:\WINDOWS\system32\zxcsahlp.exe
C:\WINDOWS\system32\zxmsdwin.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HDV32
-------\Legacy_SEICTRL
-------\Service_Hdv32
-------\Service_seictrl


((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-03 06:10 . 2008-07-03 06:10 18,432 --a------ C:\WINDOWS\system32\dbi100.dll
2008-07-03 06:09 . 2008-07-03 06:09 19,015 --a------ C:\WINDOWS\system32\tqgs27.exe
2008-07-03 06:08 . 2008-07-03 06:08 10,420 --a------ C:\WINDOWS\system32\mxtq9.exe
2008-07-03 06:01 . 2008-07-03 06:01 30,836 --a------ C:\WINDOWS\system32\divq38.exe
2008-07-03 06:01 . 2008-07-03 06:01 19,015 --a------ C:\WINDOWS\system32\uhhn27.exe
2008-07-03 06:00 . 2008-07-03 06:00 10,420 --a------ C:\WINDOWS\system32\jqcu9.exe
2008-07-03 05:30 . 2008-07-03 05:30 <DIR> d-------- C:\WINDOWS\system32\inf
2008-07-03 05:30 . 2008-07-06 05:59 230,912 --a------ C:\WINDOWS\dcbdcatys32_080702a.dll
2008-07-03 05:30 . 2008-07-03 05:30 222,208 --ah----- C:\WINDOWS\system32\jdsaex.dll
2008-07-03 05:30 . 2008-07-03 05:30 115,472 --a------ C:\WINDOWS\system32\flje29.exe
2008-07-03 05:30 . 2008-07-03 05:30 115,472 --a------ C:\WINDOWS\system\sgcxcxxaspf080702.exe
2008-07-03 05:30 . 2008-07-03 05:30 32,256 --a------ C:\WINDOWS\wftadfi16_080702a.dll
2008-07-03 05:30 . 2008-07-06 05:59 474 --a------ C:\WINDOWS\twisys.ini
2008-07-03 05:29 . 2008-07-03 05:29 28,672 --a------ C:\WINDOWS\system32\wolko.dll
2008-07-03 05:29 . 2008-07-03 05:29 28,672 --a------ C:\WINDOWS\system32\he1low.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\ziflok.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\wcpome.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\mymusi.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\gwofw.dll
2008-07-03 02:20 . 2008-07-03 02:20 30,836 --a------ C:\WINDOWS\system32\jpri38.exe
2008-07-03 02:19 . 2008-07-03 02:19 19,015 --a------ C:\WINDOWS\system32\qadu27.exe
2008-07-03 02:18 . 2008-07-03 02:18 10,420 --a------ C:\WINDOWS\system32\iwco9.exe
2008-07-03 02:10 . 2007-06-13 06:23 1,033,216 --a------ C:\WINDOWS\eqlk.exe
2008-07-03 02:07 . 2008-07-03 02:07 30,836 --a------ C:\WINDOWS\system32\szvy38.exe
2008-07-03 02:06 . 2008-07-03 02:06 19,015 --a------ C:\WINDOWS\system32\nuuu27.exe
2008-07-03 02:05 . 2008-07-03 02:05 10,420 --a------ C:\WINDOWS\system32\ljmy9.exe
2008-07-02 11:49 . 2008-07-02 11:49 30,837 --a------ C:\WINDOWS\system32\umfd38.exe
2008-07-02 11:49 . 2008-07-02 11:49 19,021 --a------ C:\WINDOWS\system32\bsdx27.exe
2008-07-02 11:47 . 2008-07-02 11:47 10,420 --a------ C:\WINDOWS\system32\bsdk9.exe
2008-06-30 10:35 . 2008-07-03 06:09 225,792 --ah----- C:\WINDOWS\system32\sgdewg.dll
2008-06-30 10:35 . 2008-06-30 10:35 218,624 --ah----- C:\WINDOWS\system32\jfdses.dll
2008-06-30 10:35 . 2008-06-30 10:35 30,837 --a------ C:\WINDOWS\system32\wvmk38.exe
2008-06-30 10:35 . 2008-07-03 06:10 24,576 --a------ C:\WINDOWS\system32\womsoy.dll
2008-06-30 10:35 . 2008-06-30 10:35 18,488 --a------ C:\WINDOWS\system32\otbb27.exe
2008-06-30 10:35 . 2008-07-03 06:10 11,264 --a------ C:\WINDOWS\system32\womsoyk.exe
2008-06-30 10:34 . 2008-07-03 06:09 225,792 --ah----- C:\WINDOWS\system32\tdffdl.dll
2008-06-30 10:34 . 2008-07-06 05:58 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-30 10:34 . 2008-07-06 05:58 24 --a------ C:\WINDOWS\system32\ijzhatde.sys
2008-06-30 10:33 . 2008-07-03 06:08 229,376 --ah----- C:\WINDOWS\system32\pedadt.dll
2008-06-30 10:33 . 2008-06-30 10:33 10,420 --a------ C:\WINDOWS\system32\ragc9.exe
2008-06-28 06:02 . 2008-06-28 06:02 135,168 --a------ C:\zip.exe
2008-06-28 06:02 . 2008-06-28 06:02 19,286 --a------ C:\cleanup.exe
2008-06-28 06:02 . 2008-06-28 06:02 574 --a------ C:\cleanup.bat
2008-06-28 06:02 . 2008-06-28 06:02 0 --a------ C:\backup.reg
2008-06-28 02:21 . 2008-06-28 02:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 14:56 . 2008-06-25 14:56 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-25 14:49 . 2008-06-25 14:49 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-25 06:11 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-25 04:38 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-25 03:59 . 2008-07-03 02:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 03:59 . 2008-07-03 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 03:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-25 02:09 . 2008-06-25 13:31 30,968 --a------ C:\Documents and Settings\Steven C\setupg.exe
2008-06-24 12:46 . 2008-01-05 16:53 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-24 08:14 . 2008-06-24 00:10 31,048 --------- C:\Documents and Settings\Steven C\setupd.exe
2008-06-24 06:47 . 2008-06-24 06:47 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-24 06:04 . 2008-06-28 01:39 49,152 --a------ C:\WINDOWS\system32\5A634FAC.DLL
2008-06-24 01:15 . 2008-06-24 01:16 <DIR> d-------- C:\Program Files\QuickTime
2008-06-24 01:13 . 2008-06-24 01:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-22 04:15 . 2008-06-22 04:15 <DIR> d-------- C:\Downloads
2008-06-22 04:15 . 2008-06-22 04:15 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-22 04:14 . 2008-06-22 04:20 <DIR> d-------- C:\Program Files\BitComet
2008-06-06 02:05 . 2008-06-06 02:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 08:51 --------- d-----w C:\Program Files\Warcraft III
2008-07-02 05:35 --------- d-----w C:\Program Files\Steam
2008-06-24 05:18 --------- d-----w C:\Documents and Settings\Steven C\Application Data\Apple Computer
2008-06-24 05:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-22 08:02 --------- d-----w C:\Documents and Settings\Steven C\Application Data\uTorrent
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-21 16:47 --------- d-----w C:\Documents and Settings\Steven C\Application Data\Samsung
2008-05-21 16:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-21 06:11 --------- d-----w C:\Program Files\Samsung
2008-05-18 09:46 --------- d-----w C:\Program Files\Tales of Pirates Online
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 03:02 --------- d-----w C:\Program Files\SopCast
2008-05-06 04:16 --------- d-----w C:\Documents and Settings\Steven C\Application Data\vlc
2008-05-06 04:15 --------- d-----w C:\Program Files\VideoLAN
2008-02-01 02:35 28,080 ----a-w C:\Documents and Settings\Steven C\Application Data\GDIPFONTCACHEV1.DAT
2004-08-08 10:09 1,040 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 14:34 537,608 --sh--w C:\WINDOWS\system32\apsggjba.dll
2004-08-08 14:34 538,120 --sh--w C:\WINDOWS\system32\apzhctde.dll
2004-08-08 10:09 15,789 --sh--w C:\WINDOWS\system32\dfqnabib.exe
2004-08-08 10:09 3,120 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 10:08 520 --sh--w C:\WINDOWS\system32\gpzhatde.sys
2004-08-08 10:10 16,341 --sh--w C:\WINDOWS\system32\lpmxajkl.exe
2004-08-08 10:08 17,228 --sh--w C:\WINDOWS\system32\lpzhatde.exe
2004-08-08 14:34 534,024 --sh--w C:\WINDOWS\system32\mndshsrv.dll
2004-08-08 14:35 536,072 --sh--w C:\WINDOWS\system32\nhmxdjkl.dll
2004-08-08 14:34 536,072 --sh--w C:\WINDOWS\system32\pjjxfdwd.dll
2004-08-08 14:34 536,584 --sh--w C:\WINDOWS\system32\rijxbkin.dll
2004-08-08 10:10 520 --sh--w C:\WINDOWS\system32\rnmxajkl.sys
2004-08-08 15:48 535,048 --sh--w C:\WINDOWS\system32\skqnebib.dll
2004-08-08 10:09 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 10:08 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 10:09 16,602 --sh--w C:\WINDOWS\system32\stjxakin.exe
2004-08-08 10:08 15,129 --sh--w C:\WINDOWS\system32\tjfyabyt.exe
2004-08-08 14:33 536,584 --sh--w C:\WINDOWS\system32\yzztkmsn.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-28_ 2.52.24.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 06:45:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-06 09:58:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-07-03 10:08:19 851,744 ----a-w C:\WINDOWS\system32\adsntzt.dll
+ 2001-07-03 10:08:40 717,460 ----a-w C:\WINDOWS\system32\bootvidgj.dll
+ 2001-07-03 10:09:28 937,760 ----a-w C:\WINDOWS\system32\catsrvwl.dll
+ 2001-07-03 10:08:43 606,124 ----a-w C:\WINDOWS\system32\cliconfgzx.dll
- 2008-06-20 01:33:23 3,472 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2008-07-02 05:34:55 3,472 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2001-08-17 17:52:30 18,688 -c--a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
+ 2001-07-03 09:29:18 574,612 ----a-w C:\WINDOWS\system32\dpvvoxmh.dll
- 2001-08-23 12:00:00 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
+ 2001-08-17 17:52:30 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
+ 2008-07-03 09:30:36 32,256 ----a-w C:\WINDOWS\system32\inf\scsys16_080702.dll
+ 2008-07-03 09:30:31 115,472 ----a-w C:\WINDOWS\system32\inf\sppdcrs080702.scr
+ 2004-08-04 05:56:56 33,280 ----a-w C:\WINDOWS\system32\inf\svchosd.exe
+ 2001-07-03 10:09:45 982,304 ----a-w C:\WINDOWS\system32\kbdswjr.dll
+ 2001-07-03 09:30:03 913,184 ----a-w C:\WINDOWS\system32\ksuserfy.dll
+ 2001-06-30 14:34:09 1,072,788 ----a-w C:\WINDOWS\system32\midimapgj.dll
+ 2001-07-03 09:30:06 1,067,668 ----a-w C:\WINDOWS\system32\midimappt.dll
+ 2001-07-03 10:10:18 927,008 ----a-w C:\WINDOWS\system32\msobjstl.dll
+ 2001-07-02 15:47:46 688,788 ----a-w C:\WINDOWS\system32\rasdlgcq.dll
+ 2001-07-03 10:09:59 605,472 ----a-w C:\WINDOWS\system32\tscfgwmijxsj.dll
- 2008-05-25 10:10:05 87,397 ----a-w C:\WINDOWS\War3Unin.dat
+ 2008-07-01 03:18:34 88,451 ----a-w C:\WINDOWS\War3Unin.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25FD6584-698F-BCD2-602C-698745210352}]
2004-08-08 10:34 536584 ---hs---- C:\WINDOWS\system32\rijxbkin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D698451-2015-6358-9871-2015987452D3}]
2004-08-08 10:34 538120 ---hs---- C:\WINDOWS\system32\apzhctde.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47AC9076-C898-B098-D098-A18319080974}]
2004-08-08 10:35 536072 ---hs---- C:\WINDOWS\system32\nhmxdjkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52023698-6984-8541-9654-698745012525}]
2004-08-08 11:48 535048 ---hs---- C:\WINDOWS\system32\skqnebib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64FAE856-AD58-20CB-A025-CD4895FA6E46}]
2004-08-08 10:34 536072 ---hs---- C:\WINDOWS\system32\pjjxfdwd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74381DEC-D78B-43E4-BA5D-5244F669EBE4}]
2008-07-03 06:01 44660 --ahs---- C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD45A54-9875-698F-E56E-65102358FDF7}]
2004-08-08 10:34 537608 ---hs---- C:\WINDOWS\system32\apsggjba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87FD640A-158F-48AC-FD14-1597F14A9778}]
2004-08-08 10:34 534024 ---hs---- C:\WINDOWS\system32\mndshsrv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B490415F-65F8-B5C5-D8BA-9405FB12054B}]
2004-08-08 10:33 536584 ---hs---- C:\WINDOWS\system32\yzztkmsn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 17:39 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 17:39 455168]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 18:49 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-04 22:24 185896]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48 157592]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE" [2004-03-22 13:00 99840]
"EPSON Stylus CX1500 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE" [2004-03-22 13:00 99840]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 23:32 208952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 13:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 15:01 88209 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"initnyuser"="C:\WINDOWS\system32\inf\svchosd.exe" [2004-08-04 01:56 33280]

C:\Documents and Settings\Steven C\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B490415F-65F8-B5C5-D8BA-9405FB12054B}"= "C:\WINDOWS\system32\yzztkmsn.dll" [2004-08-08 10:33 536584]
"{7FD45A54-9875-698F-E56E-65102358FDF7}"= "C:\WINDOWS\system32\apsggjba.dll" [2004-08-08 10:34 537608]
"{3D698451-2015-6358-9871-2015987452D3}"= "C:\WINDOWS\system32\apzhctde.dll" [2004-08-08 10:34 538120]
"{74381DEC-D78B-43E4-BA5D-5244F669EBE4}"= "C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys" [2008-07-03 06:01 44660]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= "C:\WINDOWS\system32\pedadt.dll" [2008-07-03 06:08 229376]
"{4F4F0064-71E0-4f0d-0003-708476C7815F}"= "C:\WINDOWS\system32\midimapgj.dll" [2001-06-30 10:34 1072788]
"{25FD6584-698F-BCD2-602C-698745210352}"= "C:\WINDOWS\system32\rijxbkin.dll" [2004-08-08 10:34 536584]
"{87FD640A-158F-48AC-FD14-1597F14A9778}"= "C:\WINDOWS\system32\mndshsrv.dll" [2004-08-08 10:34 534024]
"{C0595A7E-2E2F-4B34-A83A-019270A0A464}"= "C:\WINDOWS\system32\tdffdl.dll" [2008-07-03 06:09 225792]
"{64FAE856-AD58-20CB-A025-CD4895FA6E46}"= "C:\WINDOWS\system32\pjjxfdwd.dll" [2004-08-08 10:34 536072]
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"= "C:\WINDOWS\system32\jfdses.dll" [2008-06-30 10:35 218624]
"{47AC9076-C898-B098-D098-A18319080974}"= "C:\WINDOWS\system32\nhmxdjkl.dll" [2004-08-08 10:35 536072]
"{52023698-6984-8541-9654-698745012525}"= "C:\WINDOWS\system32\skqnebib.dll" [2004-08-08 11:48 535048]
"{00010001-0001-0001-0001-00010001BB15}"= "C:\WINDOWS\system32\adsntzt.dll" [2001-07-03 06:08 851744]
"{00030003-0003-0003-0003-00030003BB15}"= "C:\WINDOWS\system32\bootvidgj.dll" [2001-07-03 06:08 717460]
"{00050005-0005-0005-0005-00050005BB15}"= "C:\WINDOWS\system32\cliconfgzx.dll" [2001-07-03 06:08 606124]
"{00040004-0004-0004-0004-00040004BB15}"= "C:\WINDOWS\system32\catsrvwl.dll" [2001-07-03 06:09 937760]
"{00120012-0012-0012-0012-00120012BB15}"= "C:\WINDOWS\system32\kbdswjr.dll" [2001-07-03 06:09 982304]
"{00330033-0033-0033-0033-00330033BB15}"= "C:\WINDOWS\system32\tscfgwmijxsj.dll" [2001-07-03 06:09 605472]
"{00170017-0017-0017-0017-00170017BB15}"= "C:\WINDOWS\system32\msobjstl.dll" [2001-07-03 06:10 927008]
"{4F4F0064-71E0-4f0d-0021-708476C7815F}"= "C:\WINDOWS\system32\midimappt.dll" [2001-07-03 05:30 1067668]
"{B29583D8-033A-4B9F-8553-7C5458F3FB8E}"= "C:\WINDOWS\system32\jdsaex.dll" [2008-07-03 05:30 222208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"midimapgj"= {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll [2001-06-30 10:34 1072788]
"cliconfgzx.dll"= {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll [2001-07-03 06:08 606124]
"catsrvwl.dll"= {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll [2001-07-03 06:09 937760]
"kbdswjr.dll"= {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll [2001-07-03 06:09 982304]
"tscfgwmijxsj.dll"= {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll [2001-07-03 06:09 605472]
"msobjstl.dll"= {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll [2001-07-03 06:10 927008]
"adsntzt.dll"= {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll [2001-07-03 06:08 851744]
"bootvidgj.dll"= {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll [2001-07-03 06:08 717460]
"midimappt"= {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll [2001-07-03 05:30 1067668]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=welldon.dll,nhmxcjkl.dll,yzztkmsn.dll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ati2evxx.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\idag.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kaccore.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OllyDBG.EXE]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OllyICE.EXE]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravtool.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regtool.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwproxy.exeFYFireWall.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safebank.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinDbg.exe]
Debugger=C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-31 01:42 1271032 C:\Program Files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaws.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:Utor1
"1720:TCP"= 1720:TCP:utorrent
"1720:UDP"= 1720:UDP:utorrent1
"12535:TCP"= 12535:TCP:BitComet 12535 TCP
"12535:UDP"= 12535:UDP:BitComet 12535 UDP

S0 hjjku3xohj;hjjku3xohj;C:\WINDOWS\system32\drivers\hjjku3xohj.sys [2004-08-04 01:56]
S0 tfj4g0kc8q;tfj4g0kc8;C:\WINDOWS\system32\DRIVERS\tfj4g0kc8q.sys [2004-08-04 01:56]
S3 epflt15;epflt15;C:\WINDOWS\system32\DRIVERS\epflt15.SYS [2004-10-09 16:10]
S3 esflt15;esflt15;C:\WINDOWS\system32\DRIVERS\esflt15.SYS [2004-11-16 19:52]
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2007-07-05 12:37]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2007-07-05 12:37]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2007-07-05 12:37]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2007-07-05 12:37]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2007-07-05 12:37]

.
- - - - ORPHANS REMOVED - - - -

BHO-{0B497AE8-3F6C-440C-AB87-52ED0182464A} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
BHO-{1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - C:\Program Files\Internet Explorer\IEXPLORE32.win
BHO-{32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll
BHO-{E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys
HKCU-Run-Sticker - C:\Program Files\MoRUN.net\Sticker\sticker.exe
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
ShellExecuteHooks-{6C648541-1025-9650-9057-6541258720C6} - (no file)
ShellExecuteHooks-{77FD640A-158F-48AC-FD14-1597F14A9777} - (no file)
ShellExecuteHooks-{6E091341-6715-2098-51F0-178367AE53E6} - (no file)
ShellExecuteHooks-{7C69034A-F45F-D34D-A33A-C33C4D324FC7} - (no file)
ShellExecuteHooks-{29109876-7619-9101-7012-901938475192} - (no file)
ShellExecuteHooks-{1A698452-C5D8-C584-C256-C264C987C5A1} - (no file)
ShellExecuteHooks-{E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys
ShellExecuteHooks-{1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - C:\Program Files\Internet Explorer\IEXPLORE32.win
ShellExecuteHooks-{0B497AE8-3F6C-440C-AB87-52ED0182464A} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
ShellExecuteHooks-{A9895933-6636-4281-BC58-EE6DE2AF96E3} - C:\WINDOWS\system32\ddserh.dll
ShellExecuteHooks-{32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll
ShellExecuteHooks-{d332093c-9d73-4868-b201-9464a1d97512} - C:\WINDOWS\system32\MMHADPQG1101.dll
Notify-WgaLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 05:59:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-07-06 6:06:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 10:06:12
ComboFix2.txt 2008-06-28 06:53:27

Pre-Run: 32,145,330,176 bytes free
Post-Run: 32,359,931,904 bytes free

403 --- E O F --- 2008-07-05 18:27:44
 
X

xxarlokxx

New Member
Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:45 AM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inf\svchosd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - C:\WINDOWS\system32\nhmxdjkl.dll
O2 - BHO: skqnebib.dll - {52023698-6984-8541-9654-698745012525} - C:\WINDOWS\system32\skqnebib.dll
O2 - BHO: pjjxfdwd.dll - {64FAE856-AD58-20CB-A025-CD4895FA6E46} - C:\WINDOWS\system32\pjjxfdwd.dll
O2 - BHO: (no name) - {74381DEC-D78B-43E4-BA5D-5244F669EBE4} - C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [initnyuser] C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\wftadfi16_080702a.dll tanlt88
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379191747
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162425286125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: welldon.dll,nhmxcjkl.dll,yzztkmsn.dll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll
O21 - SSODL: midimapgj - {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll
O21 - SSODL: cliconfgzx.dll - {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll
O21 - SSODL: catsrvwl.dll - {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll
O21 - SSODL: kbdswjr.dll - {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll
O21 - SSODL: tscfgwmijxsj.dll - {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll
O21 - SSODL: msobjstl.dll - {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll
O21 - SSODL: adsntzt.dll - {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll
O21 - SSODL: bootvidgj.dll - {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll
O21 - SSODL: midimappt - {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10088 bytes
 
cohen

cohen

New Member
how is your system running now???

I'll just read through your log, and be back with you soon.
 
X

xxarlokxx

New Member
i still see iexplore.exe taking 6,600k of space..but i dun use internet explorer...i use firefox..=="...
also..i sometime hear refreshing page sound..u know the clicking sound that kind of thing. But i wasnt doing anything.
 
johnb35

johnb35

Administrator
Staff member
you are still majorly infected. Wait for buzz, punk, or a mod to help you clean your system. While waiting you can try downloading, updating and running superantispyware and see how much cleaner your system is.
 
adarsh

adarsh

New Member
Yes, you are still infected with Vundo.
Please do not browse as it may increase the infections and contibute to the infections present on this system.
 
GameMaster

GameMaster

New Member
Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Files to delete:
C:\WINDOWS\system32\dbi100.dll
C:\WINDOWS\system32\tqgs27.exe
C:\WINDOWS\system32\mxtq9.exe
C:\WINDOWS\system32\divq38.exe
C:\WINDOWS\system32\uhhn27.exe
C:\WINDOWS\system32\jqcu9.exe
C:\WINDOWS\dcbdcatys32_080702a.dll
C:\WINDOWS\system32\jdsaex.dll
C:\WINDOWS\system32\flje29.exe
C:\WINDOWS\system\sgcxcxxaspf080702.exe
C:\WINDOWS\wftadfi16_080702a.dll
C:\WINDOWS\twisys.ini
C:\WINDOWS\system32\wolko.dll
C:\WINDOWS\system32\he1low.dll
C:\WINDOWS\system32\ziflok.dll
C:\WINDOWS\system32\wcpome.dll
C:\WINDOWS\system32\mymusi.dll
C:\WINDOWS\system32\gwofw.dll
C:\WINDOWS\system32\jpri38.exe
C:\WINDOWS\system32\qadu27.exe
C:\WINDOWS\system32\iwco9.exe
C:\WINDOWS\eqlk.exe
C:\WINDOWS\system32\szvy38.exe
C:\WINDOWS\system32\nuuu27.exe
C:\WINDOWS\system32\ljmy9.exe
C:\WINDOWS\system32\umfd38.exe
C:\WINDOWS\system32\bsdx27.exe
C:\WINDOWS\system32\bsdk9.exe
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\jfdses.dll
C:\WINDOWS\system32\wvmk38.exe
C:\WINDOWS\system32\womsoy.dll
C:\WINDOWS\system32\otbb27.exe
C:\WINDOWS\system32\womsoyk.exe
C:\WINDOWS\system32\tdffdl.dll
C:\WINDOWS\system32\ngjxakin.sys
C:\WINDOWS\system32\ijzhatde.sys
C:\WINDOWS\system32\pedadt.dll
C:\WINDOWS\system32\ragc9.exe
C:\Documents and Settings\Steven C\Application Data\GDIPFONTCACHEV1.DAT
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\apsggjba.dll
C:\WINDOWS\system32\apzhctde.dll
C:\WINDOWS\system32\dfqnabib.exe
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\gpzhatde.sys
C:\WINDOWS\system32\lpmxajkl.exe
C:\WINDOWS\system32\lpzhatde.exe
C:\WINDOWS\system32\mndshsrv.dll
C:\WINDOWS\system32\nhmxdjkl.dll
C:\WINDOWS\system32\pjjxfdwd.dll
C:\WINDOWS\system32\rijxbkin.dll
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\skqnebib.dll
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\stjxakin.exe
C:\WINDOWS\system32\tjfyabyt.exe
C:\WINDOWS\system32\yzztkmsn.dll
C:\WINDOWS\system32\adsntzt.dll
C:\WINDOWS\system32\bootvidgj.dll
C:\WINDOWS\system32\catsrvwl.dll
C:\WINDOWS\system32\cliconfgzx.dll
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\dpvvoxmh.dll
C:\WINDOWS\system32\inf\scsys16_080702.dll
C:\WINDOWS\system32\inf\sppdcrs080702.scr
C:\WINDOWS\system32\inf\svchosd.exe
C:\WINDOWS\system32\kbdswjr.dll
C:\WINDOWS\system32\ksuserfy.dll
C:\WINDOWS\system32\midimapgj.dll
C:\WINDOWS\system32\midimappt.dll
C:\WINDOWS\system32\msobjstl.dll
C:\WINDOWS\system32\rasdlgcq.dll
C:\WINDOWS\system32\tscfgwmijxsj.dll
C:\WINDOWS\bootstat.dat
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.
 
X

xxarlokxx

New Member
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\dbi100.dll" deleted successfully.
File "C:\WINDOWS\system32\tqgs27.exe" deleted successfully.
File "C:\WINDOWS\system32\mxtq9.exe" deleted successfully.
File "C:\WINDOWS\system32\divq38.exe" deleted successfully.
File "C:\WINDOWS\system32\uhhn27.exe" deleted successfully.
File "C:\WINDOWS\system32\jqcu9.exe" deleted successfully.
File "C:\WINDOWS\dcbdcatys32_080702a.dll" deleted successfully.
File "C:\WINDOWS\system32\jdsaex.dll" deleted successfully.
File "C:\WINDOWS\system32\flje29.exe" deleted successfully.
File "C:\WINDOWS\system\sgcxcxxaspf080702.exe" deleted successfully.
File "C:\WINDOWS\wftadfi16_080702a.dll" deleted successfully.
File "C:\WINDOWS\twisys.ini" deleted successfully.
File "C:\WINDOWS\system32\wolko.dll" deleted successfully.
File "C:\WINDOWS\system32\he1low.dll" deleted successfully.
File "C:\WINDOWS\system32\ziflok.dll" deleted successfully.
File "C:\WINDOWS\system32\wcpome.dll" deleted successfully.
File "C:\WINDOWS\system32\mymusi.dll" deleted successfully.
File "C:\WINDOWS\system32\gwofw.dll" deleted successfully.
File "C:\WINDOWS\system32\jpri38.exe" deleted successfully.
File "C:\WINDOWS\system32\qadu27.exe" deleted successfully.
File "C:\WINDOWS\system32\iwco9.exe" deleted successfully.
File "C:\WINDOWS\eqlk.exe" deleted successfully.
File "C:\WINDOWS\system32\szvy38.exe" deleted successfully.
File "C:\WINDOWS\system32\nuuu27.exe" deleted successfully.
File "C:\WINDOWS\system32\ljmy9.exe" deleted successfully.
File "C:\WINDOWS\system32\umfd38.exe" deleted successfully.
File "C:\WINDOWS\system32\bsdx27.exe" deleted successfully.
File "C:\WINDOWS\system32\bsdk9.exe" deleted successfully.
File "C:\WINDOWS\system32\sgdewg.dll" deleted successfully.
File "C:\WINDOWS\system32\jfdses.dll" deleted successfully.
File "C:\WINDOWS\system32\wvmk38.exe" deleted successfully.
File "C:\WINDOWS\system32\womsoy.dll" deleted successfully.
File "C:\WINDOWS\system32\otbb27.exe" deleted successfully.
File "C:\WINDOWS\system32\womsoyk.exe" deleted successfully.
File "C:\WINDOWS\system32\tdffdl.dll" deleted successfully.
File "C:\WINDOWS\system32\ngjxakin.sys" deleted successfully.
File "C:\WINDOWS\system32\ijzhatde.sys" deleted successfully.
File "C:\WINDOWS\system32\pedadt.dll" deleted successfully.
File "C:\WINDOWS\system32\ragc9.exe" deleted successfully.
File "C:\Documents and Settings\Steven C\Application Data\GDIPFONTCACHEV1.DAT" deleted successfully.
File "C:\WINDOWS\system32\aoqnabib.sys" deleted successfully.
File "C:\WINDOWS\system32\apsggjba.dll" deleted successfully.
File "C:\WINDOWS\system32\apzhctde.dll" deleted successfully.
File "C:\WINDOWS\system32\dfqnabib.exe" deleted successfully.
File "C:\WINDOWS\system32\erjxakin.sys" deleted successfully.
File "C:\WINDOWS\system32\gpzhatde.sys" deleted successfully.
File "C:\WINDOWS\system32\lpmxajkl.exe" deleted successfully.
File "C:\WINDOWS\system32\lpzhatde.exe" deleted successfully.
File "C:\WINDOWS\system32\mndshsrv.dll" deleted successfully.
File "C:\WINDOWS\system32\nhmxdjkl.dll" deleted successfully.
File "C:\WINDOWS\system32\pjjxfdwd.dll" deleted successfully.
File "C:\WINDOWS\system32\rijxbkin.dll" deleted successfully.
File "C:\WINDOWS\system32\rnmxajkl.sys" deleted successfully.
File "C:\WINDOWS\system32\skqnebib.dll" deleted successfully.
File "C:\WINDOWS\system32\smdsbsrv.sys" deleted successfully.
File "C:\WINDOWS\system32\snfybbyt.sys" deleted successfully.
File "C:\WINDOWS\system32\stjxakin.exe" deleted successfully.
File "C:\WINDOWS\system32\tjfyabyt.exe" deleted successfully.
File "C:\WINDOWS\system32\yzztkmsn.dll" deleted successfully.
File "C:\WINDOWS\system32\adsntzt.dll" deleted successfully.
File "C:\WINDOWS\system32\bootvidgj.dll" deleted successfully.
File "C:\WINDOWS\system32\catsrvwl.dll" deleted successfully.
File "C:\WINDOWS\system32\cliconfgzx.dll" deleted successfully.
File "C:\WINDOWS\system32\d3d9caps.dat" deleted successfully.

Error: file "C:\WINDOWS\system32\d3d9caps.dat" not found!
Deletion of file "C:\WINDOWS\system32\d3d9caps.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\dpvvoxmh.dll" deleted successfully.
File "C:\WINDOWS\system32\inf\scsys16_080702.dll" deleted successfully.
File "C:\WINDOWS\system32\inf\sppdcrs080702.scr" deleted successfully.
File "C:\WINDOWS\system32\inf\svchosd.exe" deleted successfully.
File "C:\WINDOWS\system32\kbdswjr.dll" deleted successfully.
File "C:\WINDOWS\system32\ksuserfy.dll" deleted successfully.
File "C:\WINDOWS\system32\midimapgj.dll" deleted successfully.
File "C:\WINDOWS\system32\midimappt.dll" deleted successfully.
File "C:\WINDOWS\system32\msobjstl.dll" deleted successfully.
File "C:\WINDOWS\system32\rasdlgcq.dll" deleted successfully.
File "C:\WINDOWS\system32\tscfgwmijxsj.dll" deleted successfully.
File "C:\WINDOWS\bootstat.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



So does that remove Vundo?? or its just temporary (a bit cleaner), but still heavily infected??
 
GameMaster

GameMaster

New Member
Erm...it's a lot cleaner now.
I'm sure there are some remnants so let's scan for them.

Please download VundoFix. When downloaded, install it and run. It will check for a Vundo infection ( or for what is left ).
When done, it will produce a log. Please post the log in your next reply, with the new HijackThs log.

Also, can you feel your computer feeling any better?
 
X

xxarlokxx

New Member
it does feel better....=]...
is it the same virus that i encountered be4? the one about QQ pop up?? and i asked for your help before..=P...

i'll do the vundofix now...post the log afterward...

thx alot, btw!! :D:D..

Oh, one more thing..When i run vundofix..do i click fix vundo after scanning?? or i just post the log and u look it over first??
 
X

xxarlokxx

New Member
apparently. After i done the vundo scan, it said no infected file found?
Its a bit weird, because i found on the internet its quite hard to remove vundo. And i dont get a log produced. So does that mean i dun have vundo anymore??
 
X

xxarlokxx

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:12 AM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll (file missing)
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll (file missing)
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - C:\WINDOWS\system32\nhmxdjkl.dll (file missing)
O2 - BHO: skqnebib.dll - {52023698-6984-8541-9654-698745012525} - C:\WINDOWS\system32\skqnebib.dll (file missing)
O2 - BHO: pjjxfdwd.dll - {64FAE856-AD58-20CB-A025-CD4895FA6E46} - C:\WINDOWS\system32\pjjxfdwd.dll (file missing)
O2 - BHO: (no name) - {74381DEC-D78B-43E4-BA5D-5244F669EBE4} - C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll (file missing)
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll (file missing)
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [initnyuser] C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\wftadfi16_080702a.dll tanlt88
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214379191747
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162425286125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: welldon.dll,nhmxcjkl.dll,yzztkmsn.dll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll
O21 - SSODL: midimapgj - {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll (file missing)
O21 - SSODL: cliconfgzx.dll - {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll (file missing)
O21 - SSODL: catsrvwl.dll - {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll (file missing)
O21 - SSODL: kbdswjr.dll - {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll (file missing)
O21 - SSODL: tscfgwmijxsj.dll - {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll (file missing)
O21 - SSODL: msobjstl.dll - {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll (file missing)
O21 - SSODL: adsntzt.dll - {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll (file missing)
O21 - SSODL: bootvidgj.dll - {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll (file missing)
O21 - SSODL: midimappt - {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10070 bytes
 
You must log in or register to reply here.
Top