vfind.exe was ended
This is the combo fix log:
ComboFix 08-07-05.1 - Steven C 2008-07-06 5:46:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.136 [GMT -4:00]Running from: C:\Documents and Settings\Steven C\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\dbi100.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Internet Explorer\IEXPLORE32.Dat
C:\Program Files\Internet Explorer\IEXPLORE32.jmp
C:\Program Files\Internet Explorer\IEXPLORE32.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.win
C:\Program Files\Internet Explorer\PLUGINS\UnixSys32.Jmp
C:\WINDOWS\system32\aitlasys.exe
C:\WINDOWS\system32\axmsawin.exe
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ciwdaapi.sys
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\etshabty.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\hdf453d.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\isdsasrv.exe
C:\WINDOWS\system32\ismhasrv.exe
C:\WINDOWS\system32\jashbbty.sys
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\kcoin32.dll
C:\WINDOWS\system32\kcoin32.exe
C:\WINDOWS\system32\lojxadwd.exe
C:\WINDOWS\system32\lpsgajba.exe
C:\WINDOWS\system32\mfdesy.dll
C:\WINDOWS\system32\MMHADPQG1097.dll
C:\WINDOWS\system32\MMHADPQG1100.dll
C:\WINDOWS\system32\MMHADPQG1101.dll
C:\WINDOWS\system32\mnmhgsrv.dll
C:\WINDOWS\system32\mpwdeapi.dll
C:\WINDOWS\system32\mtewdh.dll
C:\WINDOWS\system32\opshcbty.dll
C:\WINDOWS\system32\ozfyebyt.dll
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\simyaapi.exe
C:\WINDOWS\system32\siwdaapi.exe
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\tdggrz.dll
C:\WINDOWS\system32\toqnabib.sys
C:\WINDOWS\system32\wklsdd.dll
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\system32\ysjxbdwd.sys
C:\WINDOWS\system32\yxcschlp.dll
C:\WINDOWS\system32\zaztamsn.exe
C:\WINDOWS\system32\zgrjdx.dll
C:\WINDOWS\system32\zptlcsys.dll
C:\WINDOWS\system32\zxcsahlp.exe
C:\WINDOWS\system32\zxmsdwin.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HDV32
-------\Legacy_SEICTRL
-------\Service_Hdv32
-------\Service_seictrl
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.
2008-07-03 06:10 . 2008-07-03 06:10 18,432 --a------ C:\WINDOWS\system32\dbi100.dll
2008-07-03 06:09 . 2008-07-03 06:09 19,015 --a------ C:\WINDOWS\system32\tqgs27.exe
2008-07-03 06:08 . 2008-07-03 06:08 10,420 --a------ C:\WINDOWS\system32\mxtq9.exe
2008-07-03 06:01 . 2008-07-03 06:01 30,836 --a------ C:\WINDOWS\system32\divq38.exe
2008-07-03 06:01 . 2008-07-03 06:01 19,015 --a------ C:\WINDOWS\system32\uhhn27.exe
2008-07-03 06:00 . 2008-07-03 06:00 10,420 --a------ C:\WINDOWS\system32\jqcu9.exe
2008-07-03 05:30 . 2008-07-03 05:30 <DIR> d-------- C:\WINDOWS\system32\inf
2008-07-03 05:30 . 2008-07-06 05:59 230,912 --a------ C:\WINDOWS\dcbdcatys32_080702a.dll
2008-07-03 05:30 . 2008-07-03 05:30 222,208 --ah----- C:\WINDOWS\system32\jdsaex.dll
2008-07-03 05:30 . 2008-07-03 05:30 115,472 --a------ C:\WINDOWS\system32\flje29.exe
2008-07-03 05:30 . 2008-07-03 05:30 115,472 --a------ C:\WINDOWS\system\sgcxcxxaspf080702.exe
2008-07-03 05:30 . 2008-07-03 05:30 32,256 --a------ C:\WINDOWS\wftadfi16_080702a.dll
2008-07-03 05:30 . 2008-07-06 05:59 474 --a------ C:\WINDOWS\twisys.ini
2008-07-03 05:29 . 2008-07-03 05:29 28,672 --a------ C:\WINDOWS\system32\wolko.dll
2008-07-03 05:29 . 2008-07-03 05:29 28,672 --a------ C:\WINDOWS\system32\he1low.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\ziflok.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\wcpome.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\mymusi.dll
2008-07-03 05:29 . 2008-07-03 05:29 24,576 --a------ C:\WINDOWS\system32\gwofw.dll
2008-07-03 02:20 . 2008-07-03 02:20 30,836 --a------ C:\WINDOWS\system32\jpri38.exe
2008-07-03 02:19 . 2008-07-03 02:19 19,015 --a------ C:\WINDOWS\system32\qadu27.exe
2008-07-03 02:18 . 2008-07-03 02:18 10,420 --a------ C:\WINDOWS\system32\iwco9.exe
2008-07-03 02:10 . 2007-06-13 06:23 1,033,216 --a------ C:\WINDOWS\eqlk.exe
2008-07-03 02:07 . 2008-07-03 02:07 30,836 --a------ C:\WINDOWS\system32\szvy38.exe
2008-07-03 02:06 . 2008-07-03 02:06 19,015 --a------ C:\WINDOWS\system32\nuuu27.exe
2008-07-03 02:05 . 2008-07-03 02:05 10,420 --a------ C:\WINDOWS\system32\ljmy9.exe
2008-07-02 11:49 . 2008-07-02 11:49 30,837 --a------ C:\WINDOWS\system32\umfd38.exe
2008-07-02 11:49 . 2008-07-02 11:49 19,021 --a------ C:\WINDOWS\system32\bsdx27.exe
2008-07-02 11:47 . 2008-07-02 11:47 10,420 --a------ C:\WINDOWS\system32\bsdk9.exe
2008-06-30 10:35 . 2008-07-03 06:09 225,792 --ah----- C:\WINDOWS\system32\sgdewg.dll
2008-06-30 10:35 . 2008-06-30 10:35 218,624 --ah----- C:\WINDOWS\system32\jfdses.dll
2008-06-30 10:35 . 2008-06-30 10:35 30,837 --a------ C:\WINDOWS\system32\wvmk38.exe
2008-06-30 10:35 . 2008-07-03 06:10 24,576 --a------ C:\WINDOWS\system32\womsoy.dll
2008-06-30 10:35 . 2008-06-30 10:35 18,488 --a------ C:\WINDOWS\system32\otbb27.exe
2008-06-30 10:35 . 2008-07-03 06:10 11,264 --a------ C:\WINDOWS\system32\womsoyk.exe
2008-06-30 10:34 . 2008-07-03 06:09 225,792 --ah----- C:\WINDOWS\system32\tdffdl.dll
2008-06-30 10:34 . 2008-07-06 05:58 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-30 10:34 . 2008-07-06 05:58 24 --a------ C:\WINDOWS\system32\ijzhatde.sys
2008-06-30 10:33 . 2008-07-03 06:08 229,376 --ah----- C:\WINDOWS\system32\pedadt.dll
2008-06-30 10:33 . 2008-06-30 10:33 10,420 --a------ C:\WINDOWS\system32\ragc9.exe
2008-06-28 06:02 . 2008-06-28 06:02 135,168 --a------ C:\zip.exe
2008-06-28 06:02 . 2008-06-28 06:02 19,286 --a------ C:\cleanup.exe
2008-06-28 06:02 . 2008-06-28 06:02 574 --a------ C:\cleanup.bat
2008-06-28 06:02 . 2008-06-28 06:02 0 --a------ C:\backup.reg
2008-06-28 02:21 . 2008-06-28 02:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 14:56 . 2008-06-25 14:56 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-25 14:49 . 2008-06-25 14:49 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-25 06:11 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-25 04:38 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-25 03:59 . 2008-07-03 02:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 03:59 . 2008-07-03 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 03:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-25 02:09 . 2008-06-25 13:31 30,968 --a------ C:\Documents and Settings\Steven C\setupg.exe
2008-06-24 12:46 . 2008-01-05 16:53 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-24 08:14 . 2008-06-24 00:10 31,048 --------- C:\Documents and Settings\Steven C\setupd.exe
2008-06-24 06:47 . 2008-06-24 06:47 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-24 06:04 . 2008-06-28 01:39 49,152 --a------ C:\WINDOWS\system32\5A634FAC.DLL
2008-06-24 01:15 . 2008-06-24 01:16 <DIR> d-------- C:\Program Files\QuickTime
2008-06-24 01:13 . 2008-06-24 01:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-22 04:15 . 2008-06-22 04:15 <DIR> d-------- C:\Downloads
2008-06-22 04:15 . 2008-06-22 04:15 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-22 04:14 . 2008-06-22 04:20 <DIR> d-------- C:\Program Files\BitComet
2008-06-06 02:05 . 2008-06-06 02:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 08:51 --------- d-----w C:\Program Files\Warcraft III
2008-07-02 05:35 --------- d-----w C:\Program Files\Steam
2008-06-24 05:18 --------- d-----w C:\Documents and Settings\Steven C\Application Data\Apple Computer
2008-06-24 05:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-22 08:02 --------- d-----w C:\Documents and Settings\Steven C\Application Data\uTorrent
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-21 16:47 --------- d-----w C:\Documents and Settings\Steven C\Application Data\Samsung
2008-05-21 16:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-21 06:11 --------- d-----w C:\Program Files\Samsung
2008-05-18 09:46 --------- d-----w C:\Program Files\Tales of Pirates Online
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 03:02 --------- d-----w C:\Program Files\SopCast
2008-05-06 04:16 --------- d-----w C:\Documents and Settings\Steven C\Application Data\vlc
2008-05-06 04:15 --------- d-----w C:\Program Files\VideoLAN
2008-02-01 02:35 28,080 ----a-w C:\Documents and Settings\Steven C\Application Data\GDIPFONTCACHEV1.DAT
2004-08-08 10:09 1,040 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 14:34 537,608 --sh--w C:\WINDOWS\system32\apsggjba.dll
2004-08-08 14:34 538,120 --sh--w C:\WINDOWS\system32\apzhctde.dll
2004-08-08 10:09 15,789 --sh--w C:\WINDOWS\system32\dfqnabib.exe
2004-08-08 10:09 3,120 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 10:08 520 --sh--w C:\WINDOWS\system32\gpzhatde.sys
2004-08-08 10:10 16,341 --sh--w C:\WINDOWS\system32\lpmxajkl.exe
2004-08-08 10:08 17,228 --sh--w C:\WINDOWS\system32\lpzhatde.exe
2004-08-08 14:34 534,024 --sh--w C:\WINDOWS\system32\mndshsrv.dll
2004-08-08 14:35 536,072 --sh--w C:\WINDOWS\system32\nhmxdjkl.dll
2004-08-08 14:34 536,072 --sh--w C:\WINDOWS\system32\pjjxfdwd.dll
2004-08-08 14:34 536,584 --sh--w C:\WINDOWS\system32\rijxbkin.dll
2004-08-08 10:10 520 --sh--w C:\WINDOWS\system32\rnmxajkl.sys
2004-08-08 15:48 535,048 --sh--w C:\WINDOWS\system32\skqnebib.dll
2004-08-08 10:09 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 10:08 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 10:09 16,602 --sh--w C:\WINDOWS\system32\stjxakin.exe
2004-08-08 10:08 15,129 --sh--w C:\WINDOWS\system32\tjfyabyt.exe
2004-08-08 14:33 536,584 --sh--w C:\WINDOWS\system32\yzztkmsn.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-28_ 2.52.24.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 06:45:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-06 09:58:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-07-03 10:08:19 851,744 ----a-w C:\WINDOWS\system32\adsntzt.dll
+ 2001-07-03 10:08:40 717,460 ----a-w C:\WINDOWS\system32\bootvidgj.dll
+ 2001-07-03 10:09:28 937,760 ----a-w C:\WINDOWS\system32\catsrvwl.dll
+ 2001-07-03 10:08:43 606,124 ----a-w C:\WINDOWS\system32\cliconfgzx.dll
- 2008-06-20 01:33:23 3,472 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2008-07-02 05:34:55 3,472 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2001-08-17 17:52:30 18,688 -c--a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
+ 2001-07-03 09:29:18 574,612 ----a-w C:\WINDOWS\system32\dpvvoxmh.dll
- 2001-08-23 12:00:00 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
+ 2001-08-17 17:52:30 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
+ 2008-07-03 09:30:36 32,256 ----a-w C:\WINDOWS\system32\inf\scsys16_080702.dll
+ 2008-07-03 09:30:31 115,472 ----a-w C:\WINDOWS\system32\inf\sppdcrs080702.scr
+ 2004-08-04 05:56:56 33,280 ----a-w C:\WINDOWS\system32\inf\svchosd.exe
+ 2001-07-03 10:09:45 982,304 ----a-w C:\WINDOWS\system32\kbdswjr.dll
+ 2001-07-03 09:30:03 913,184 ----a-w C:\WINDOWS\system32\ksuserfy.dll
+ 2001-06-30 14:34:09 1,072,788 ----a-w C:\WINDOWS\system32\midimapgj.dll
+ 2001-07-03 09:30:06 1,067,668 ----a-w C:\WINDOWS\system32\midimappt.dll
+ 2001-07-03 10:10:18 927,008 ----a-w C:\WINDOWS\system32\msobjstl.dll
+ 2001-07-02 15:47:46 688,788 ----a-w C:\WINDOWS\system32\rasdlgcq.dll
+ 2001-07-03 10:09:59 605,472 ----a-w C:\WINDOWS\system32\tscfgwmijxsj.dll
- 2008-05-25 10:10:05 87,397 ----a-w C:\WINDOWS\War3Unin.dat
+ 2008-07-01 03:18:34 88,451 ----a-w C:\WINDOWS\War3Unin.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25FD6584-698F-BCD2-602C-698745210352}]
2004-08-08 10:34 536584 ---hs---- C:\WINDOWS\system32\rijxbkin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D698451-2015-6358-9871-2015987452D3}]
2004-08-08 10:34 538120 ---hs---- C:\WINDOWS\system32\apzhctde.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47AC9076-C898-B098-D098-A18319080974}]
2004-08-08 10:35 536072 ---hs---- C:\WINDOWS\system32\nhmxdjkl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52023698-6984-8541-9654-698745012525}]
2004-08-08 11:48 535048 ---hs---- C:\WINDOWS\system32\skqnebib.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64FAE856-AD58-20CB-A025-CD4895FA6E46}]
2004-08-08 10:34 536072 ---hs---- C:\WINDOWS\system32\pjjxfdwd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74381DEC-D78B-43E4-BA5D-5244F669EBE4}]
2008-07-03 06:01 44660 --ahs---- C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD45A54-9875-698F-E56E-65102358FDF7}]
2004-08-08 10:34 537608 ---hs---- C:\WINDOWS\system32\apsggjba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87FD640A-158F-48AC-FD14-1597F14A9778}]
2004-08-08 10:34 534024 ---hs---- C:\WINDOWS\system32\mndshsrv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B490415F-65F8-B5C5-D8BA-9405FB12054B}]
2004-08-08 10:33 536584 ---hs---- C:\WINDOWS\system32\yzztkmsn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 17:39 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 17:39 455168]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 18:49 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-04 22:24 185896]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48 157592]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE" [2004-03-22 13:00 99840]
"EPSON Stylus CX1500 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V1.EXE" [2004-03-22 13:00 99840]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 23:32 208952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 13:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 15:01 88209 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"initnyuser"="C:\WINDOWS\system32\inf\svchosd.exe" [2004-08-04 01:56 33280]
C:\Documents and Settings\Steven C\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B490415F-65F8-B5C5-D8BA-9405FB12054B}"= "C:\WINDOWS\system32\yzztkmsn.dll" [2004-08-08 10:33 536584]
"{7FD45A54-9875-698F-E56E-65102358FDF7}"= "C:\WINDOWS\system32\apsggjba.dll" [2004-08-08 10:34 537608]
"{3D698451-2015-6358-9871-2015987452D3}"= "C:\WINDOWS\system32\apzhctde.dll" [2004-08-08 10:34 538120]
"{74381DEC-D78B-43E4-BA5D-5244F669EBE4}"= "C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys" [2008-07-03 06:01 44660]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= "C:\WINDOWS\system32\pedadt.dll" [2008-07-03 06:08 229376]
"{4F4F0064-71E0-4f0d-0003-708476C7815F}"= "C:\WINDOWS\system32\midimapgj.dll" [2001-06-30 10:34 1072788]
"{25FD6584-698F-BCD2-602C-698745210352}"= "C:\WINDOWS\system32\rijxbkin.dll" [2004-08-08 10:34 536584]
"{87FD640A-158F-48AC-FD14-1597F14A9778}"= "C:\WINDOWS\system32\mndshsrv.dll" [2004-08-08 10:34 534024]
"{C0595A7E-2E2F-4B34-A83A-019270A0A464}"= "C:\WINDOWS\system32\tdffdl.dll" [2008-07-03 06:09 225792]
"{64FAE856-AD58-20CB-A025-CD4895FA6E46}"= "C:\WINDOWS\system32\pjjxfdwd.dll" [2004-08-08 10:34 536072]
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"= "C:\WINDOWS\system32\jfdses.dll" [2008-06-30 10:35 218624]
"{47AC9076-C898-B098-D098-A18319080974}"= "C:\WINDOWS\system32\nhmxdjkl.dll" [2004-08-08 10:35 536072]
"{52023698-6984-8541-9654-698745012525}"= "C:\WINDOWS\system32\skqnebib.dll" [2004-08-08 11:48 535048]
"{00010001-0001-0001-0001-00010001BB15}"= "C:\WINDOWS\system32\adsntzt.dll" [2001-07-03 06:08 851744]
"{00030003-0003-0003-0003-00030003BB15}"= "C:\WINDOWS\system32\bootvidgj.dll" [2001-07-03 06:08 717460]
"{00050005-0005-0005-0005-00050005BB15}"= "C:\WINDOWS\system32\cliconfgzx.dll" [2001-07-03 06:08 606124]
"{00040004-0004-0004-0004-00040004BB15}"= "C:\WINDOWS\system32\catsrvwl.dll" [2001-07-03 06:09 937760]
"{00120012-0012-0012-0012-00120012BB15}"= "C:\WINDOWS\system32\kbdswjr.dll" [2001-07-03 06:09 982304]
"{00330033-0033-0033-0033-00330033BB15}"= "C:\WINDOWS\system32\tscfgwmijxsj.dll" [2001-07-03 06:09 605472]
"{00170017-0017-0017-0017-00170017BB15}"= "C:\WINDOWS\system32\msobjstl.dll" [2001-07-03 06:10 927008]
"{4F4F0064-71E0-4f0d-0021-708476C7815F}"= "C:\WINDOWS\system32\midimappt.dll" [2001-07-03 05:30 1067668]
"{B29583D8-033A-4B9F-8553-7C5458F3FB8E}"= "C:\WINDOWS\system32\jdsaex.dll" [2008-07-03 05:30 222208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"midimapgj"= {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll [2001-06-30 10:34 1072788]
"cliconfgzx.dll"= {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll [2001-07-03 06:08 606124]
"catsrvwl.dll"= {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll [2001-07-03 06:09 937760]
"kbdswjr.dll"= {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll [2001-07-03 06:09 982304]
"tscfgwmijxsj.dll"= {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll [2001-07-03 06:09 605472]
"msobjstl.dll"= {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll [2001-07-03 06:10 927008]
"adsntzt.dll"= {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll [2001-07-03 06:08 851744]
"bootvidgj.dll"= {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll [2001-07-03 06:08 717460]
"midimappt"= {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll [2001-07-03 05:30 1067668]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=welldon.dll,nhmxcjkl.dll,yzztkmsn.dll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ati2evxx.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\idag.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kaccore.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OllyDBG.EXE]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OllyICE.EXE]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravtool.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regtool.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwproxy.exeFYFireWall.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safebank.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinDbg.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-31 01:42 1271032 C:\Program Files\Steam\Steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaws.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\
[email protected]\\counter-strike\\hl.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Steam\\steamapps\\
[email protected]\\day of defeat\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:Utor1
"1720:TCP"= 1720:TCP:utorrent
"1720:UDP"= 1720:UDP:utorrent1
"12535:TCP"= 12535:TCP:BitComet 12535 TCP
"12535:UDP"= 12535:UDP:BitComet 12535 UDP
S0 hjjku3xohj;hjjku3xohj;C:\WINDOWS\system32\drivers\hjjku3xohj.sys [2004-08-04 01:56]
S0 tfj4g0kc8q;tfj4g0kc8;C:\WINDOWS\system32\DRIVERS\tfj4g0kc8q.sys [2004-08-04 01:56]
S3 epflt15;epflt15;C:\WINDOWS\system32\DRIVERS\epflt15.SYS [2004-10-09 16:10]
S3 esflt15;esflt15;C:\WINDOWS\system32\DRIVERS\esflt15.SYS [2004-11-16 19:52]
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2007-07-05 12:37]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2007-07-05 12:37]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2007-07-05 12:37]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2007-07-05 12:37]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2007-07-05 12:37]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0B497AE8-3F6C-440C-AB87-52ED0182464A} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
BHO-{1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - C:\Program Files\Internet Explorer\IEXPLORE32.win
BHO-{32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll
BHO-{E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys
HKCU-Run-Sticker - C:\Program Files\MoRUN.net\Sticker\sticker.exe
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
ShellExecuteHooks-{6C648541-1025-9650-9057-6541258720C6} - (no file)
ShellExecuteHooks-{77FD640A-158F-48AC-FD14-1597F14A9777} - (no file)
ShellExecuteHooks-{6E091341-6715-2098-51F0-178367AE53E6} - (no file)
ShellExecuteHooks-{7C69034A-F45F-D34D-A33A-C33C4D324FC7} - (no file)
ShellExecuteHooks-{29109876-7619-9101-7012-901938475192} - (no file)
ShellExecuteHooks-{1A698452-C5D8-C584-C256-C264C987C5A1} - (no file)
ShellExecuteHooks-{E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys
ShellExecuteHooks-{1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} - C:\Program Files\Internet Explorer\IEXPLORE32.win
ShellExecuteHooks-{0B497AE8-3F6C-440C-AB87-52ED0182464A} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
ShellExecuteHooks-{A9895933-6636-4281-BC58-EE6DE2AF96E3} - C:\WINDOWS\system32\ddserh.dll
ShellExecuteHooks-{32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll
ShellExecuteHooks-{d332093c-9d73-4868-b201-9464a1d97512} - C:\WINDOWS\system32\MMHADPQG1101.dll
Notify-WgaLogon - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-07-06 05:59:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-07-06 6:06:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 10:06:12
ComboFix2.txt 2008-06-28 06:53:27
Pre-Run: 32,145,330,176 bytes free
Post-Run: 32,359,931,904 bytes free
403 --- E O F --- 2008-07-05 18:27:44