Go Back   Yahoo Booters And Yahoo Tools > Technology related > VipraSys Lab
Reload this Page My Hijack scan log

VipraSys Lab Have you been infected by a program found anywhere on the internet ? Did you find any program which you think is possibly infected but not sure, post it here and get a solution from our dedicated members.



Welcome to the VipraSys forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features such as download links. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, Register Now by clicking here!

Post New Thread  Reply
Page 1 of 4 1 234 >
 
LinkBack Thread Tools Display Modes
Old 06-25-2008, 05:12 AM   #1 (permalink)
x~Ju$t_@_9iRl~x
 
black widow's Avatar
 
Join Date: Mar 2008
Location: On Earth
Posts: 202

Thanks: 638
Thanked 169 Times in 82 Posts
Reputation: 20
black widow is on a distinguished road
Talking My Hijack scan log
Before, i got trouble with disabled task manager. It said, "Your task manager is disabled by server admin"
I have run a scan with Noob-Killer, and now my task manager is restored.

However, I still need to know about another dangerous files that might still threatening in my system, so I scan it with Hijack.

Here's the result :

Quote:
Logfile of HijackThis v1.99.1
Scan saved at 11:59:04 AM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hide The IP\HideTheIP.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\yudi\Application Data\Adobe\rundtl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\yudi\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Only registered users can see links. ]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only registered users can see links. ]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [Only registered users can see links. ]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - C:\WINDOWS\system32\tisqatyu.dll
O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - C:\WINDOWS\system32\ijdyapaw.dll
O2 - BHO: erxybloe.dll - {20909876-4567-3908-4056-909834565102} - C:\WINDOWS\system32\erxybloe.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - C:\WINDOWS\system32\lassaplo.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll
O2 - BHO: akjsckaq.dll - {3A908760-8000-4000-A000-9000322145A3} - C:\WINDOWS\system32\akjsckaq.dll (file missing)
O2 - BHO: lijzclit.dll - {3C954872-1230-6541-9548-6541025884C3} - C:\WINDOWS\system32\lijzclit.dll
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll
O2 - BHO: akjsdkaq.dll - {4A908760-8000-4000-A000-9000322145A4} - C:\WINDOWS\system32\akjsdkaq.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - C:\WINDOWS\system32\pjjxedwd.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - C:\WINDOWS\system32\tysqbkol.dll
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - C:\WINDOWS\system32\pqzfajke.dll
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - C:\WINDOWS\system32\apsgfjba.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: mndsgsrv.dll - {77FD640A-158F-48AC-FD14-1597F14A9777} - C:\WINDOWS\system32\mndsgsrv.dll
O2 - BHO: arjreler.dll - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - C:\WINDOWS\system32\arjreler.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: s2da2f323.dll - {A629FF4F-ACDB-5C90-A098-FACB3456A26A} - C:\WINDOWS\system32\s2da2f323.dll
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Hide-The-IP] "C:\Program Files\Hide The IP\HideTheIP.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mdp] rundll32.exe C:\DOCUME~1\yudi\APPLIC~1\Adobe\mdp.dll,InitSys
O4 - HKCU\..\Run: [AdobeManager] "C:\Documents and Settings\yudi\Application Data\Adobe\rundtl.exe" -sys
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZCxdm451YYID
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [Only registered users can see links. ]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2BF628A-42B8-4B2A-8794-A55B01EB3E3F}: NameServer = 202.134.0.155
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: jkjkll.dll,ghjyer.dll,ilkyu.dll,yukevg.dll,ghkrg.d ll,tuker.dll,ujkwet.dll,asfjthj.dll,hmsdvf.dll,jrh hh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,losdf.dll,ker gt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,q rhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll ,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzi jj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dl l,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.d ll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnai t.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fgt hde.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dl l,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,rthkyuk.dl l,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,x dhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll, fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dl l,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy. dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.d ll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfthe r.dll,
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll
O21 - SSODL: mstimewd - {00180018-0018-0018-0018-00180018BB15} - C:\WINDOWS\system32\mstimewd.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
black widow is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 06-25-2008, 06:17 AM   #2 (permalink)
Punisher@Viprasys™
 
Punisher's Avatar
 
Join Date: Jul 2007
Location: www.viprasys.com
Posts: 8,876

Thanks: 322
Thanked 3,548 Times in 2,227 Posts
Reputation: 102881
Punisher has a reputation beyond reputePunisher has a reputation beyond reputePunisher has a reputation beyond reputePunisher has a reputation beyond reputePunisher has a reputation beyond reputePunisher has a reputation beyond reputePunisher has a reputation beyond reputePunisher has a reputation beyond reputePunisher has a reputation beyond reputePunisher has a reputation beyond reputePunisher has a reputation beyond repute
Default Re: My Hijack scan log
download this prog reboot your pc press f8 and start your pc in safe mode

it's totaly need in safe mode any scan without in safe mode is just loose of time

after run in safe mode use combofix 1 just follow the menu and let finish

then open sdfix, create a new folder with the same name in drive C:
just open that new folder with the same name sdfix and open the exe RUNTHIS and follow the menu

after make all the the procedure above, post here a new hijackthis scan
and also the notpad the 2 prog generate when finish


[Only registered users can see links. ]

[Only registered users can see links. ]


how to run safe mode>> reboot your pc in the 1 image after reboot press
f8 after if u dont see a menu in black with all option and u see
a blue window just press enter and press again f8 now from the black menu
choose safe mode without conection and press enter now use the prog...
Punisher is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to Punisher For This Useful Post:
black widow (06-25-2008)
Old 06-25-2008, 09:14 AM   #3 (permalink)
x~Ju$t_@_9iRl~x
 
black widow's Avatar
 
Join Date: Mar 2008
Location: On Earth
Posts: 202

Thanks: 638
Thanked 169 Times in 82 Posts
Reputation: 20
black widow is on a distinguished road
Default Re: My Hijack scan log
Here's the Combofix scan result :

Quote:
ComboFix 08-06-20.4 - yudi 2008-06-25 13:36:50.1 - NTFSx86 MINIMAL
Running from: Cocuments and SettingsyudiMy DocumentsComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Cocuments and SettingsyudiApplication DataAdobemdp.dll
Cocuments and SettingsyudiApplication DataAdoberundtl.exe
C:Program FilesHelper
C:Program FilesHelper1201247262.dll.vir
C:WINDOWSAcroIEHelper.dll
C:WINDOWSAppPatchAcXtrnel.dll
C:WINDOWSAppPatchJview.dll
C:WINDOWSktd32.atm
C:WINDOWSlinkinfo.dll
C:WINDOWSservices.exe
C:WINDOWSsystemsservice.exe
C:WINDOWSsystem32aitlasys.exe
C:WINDOWSsystem32asfjthj.dll
C:WINDOWSsystem32cedafb.dll
C:WINDOWSsystem32cgsqatyu.sys
C:WINDOWSsystem32ddserh.dll
C:WINDOWSsystem32driverscdralw.sys
C:WINDOWSsystem32driversnpf.sys
C:WINDOWSsystem32ergfwe.dll
C:WINDOWSsystem32fassaplo.sys
C:WINDOWSsystem32fservice.exe
C:WINDOWSsystem32fsrgeb.dll
C:WINDOWSsystem32fstlbsys.sys
C:WINDOWSsystem32gajzalit.sys
C:WINDOWSsystem32ghjyer.dll
C:WINDOWSsystem32ghwxattb.exe
C:WINDOWSsystem32gjbhr.dll
C:WINDOWSsystem32gpsgajba.sys
C:WINDOWSsystem32hgfhk.cfg
C:WINDOWSsystem32hgfhk.dll
C:WINDOWSsystem32hhrdxd.dll
C:WINDOWSsystem32hjk.dll
C:WINDOWSsystem32ijsgajba.sys
C:WINDOWSsystem32isdsasrv.exe
C:WINDOWSsystem32ismhasrv.exe
C:WINDOWSsystem32jkjkll.dll
C:WINDOWSsystem32lariytrz.cfg
C:WINDOWSsystem32lariytrz.dll
C:WINDOWSsystem32lassaplo.dll
C:WINDOWSsystem32lijzclit.dll
C:WINDOWSsystem32lojxadwd.exe
C:WINDOWSsystem32lpsgajba.exe
C:WINDOWSsystem32mkjsakaq.exe
C:WINDOWSsystem32Mlkf.dll
C:WINDOWSsystem32mnmhgsrv.dll
C:WINDOWSsystem32newxbttb.sys
C:WINDOWSsystem32njritc.cfg
C:WINDOWSsystem32njritc.dll
C:WINDOWSsystem32nsinet.exe
C:WINDOWSsystem32onjzalit.exe
C:WINDOWSsystem32oqrthc.cfg
C:WINDOWSsystem32oqrthc.dll
C:WINDOWSsystem32oswxdttb.dll
C:WINDOWSsystem32ozfyebyt.dll
C:WINDOWSsystem32packet.dll
C:WINDOWSsystem32pjjxedwd.dll
C:WINDOWSsystem32pmjhbhlp.sys
C:WINDOWSsystem32posqatyu.exe
C:WINDOWSsystem32pthreadVC.dll
C:WINDOWSsystem32ptjhehlp.dll
C:WINDOWSsystem32reginv.dll
C:WINDOWSsystem32s2da2f323.dll
C:WINDOWSsystem32sdjsakaq.sys
C:WINDOWSsystem32sergy.dll
C:WINDOWSsystem32simyaapi.exe
C:WINDOWSsystem32smmhbsrv.sys
C:WINDOWSsystem32spjhahlp.exe
C:WINDOWSsystem32spmybapi.sys
C:WINDOWSsystem32sqjsakaq.sys
C:WINDOWSsystem32tdggrz.dll
C:WINDOWSsystem32tfsdmz.dll
C:WINDOWSsystem32tisqatyu.dll
C:WINDOWSsystem32tiwxattb.sys
C:WINDOWSsystem32ujkwet.dll
C:WINDOWSsystem32wanpacket.dll
C:WINDOWSsystem32winkey.dll
C:WINDOWSsystem32wpcap.dll
C:WINDOWSsystem32wymxajkl.sys
C:WINDOWSsystem32wyrsdj.dll
C:WINDOWSsystem32xfztbmsn.sys
C:WINDOWSsystem32xzcsbhlp.sys
C:WINDOWSsystem32ysjxbdwd.sys
C:WINDOWSsystem32yxcschlp.dll
C:WINDOWSsystem32zaztamsn.exe
C:WINDOWSsystem32zdbdb.cfg
C:WINDOWSsystem32zdbdb.dll
C:WINDOWSsystem32zptlcsys.dll
C:WINDOWSsystem32zxcsahlp.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_CDRALW
-------Legacy_NPF
-------Service_cdralw
-------Service_NPF


((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-25 13:26 . 2008-06-25 13:26 <DIR> d-------- C:SDFIX
2008-06-25 12:54 . 2008-06-25 12:54 18,048 --a------ C:WINDOWSsystem32driverseth8023.sys
2008-06-25 11:56 . 2008-06-25 11:56 <DIR> d-------- C:WINDOWSLastGood.Tmp
2008-06-25 10:48 . 2008-06-25 10:48 28,672 --a------ C:WINDOWSsystem32qflxs.dll
2008-06-25 10:48 . 2008-06-25 10:48 24,576 --a------ C:WINDOWSsystem32womsoy.dll
2008-06-25 10:47 . 2008-06-25 10:47 24,576 --a------ C:WINDOWSsystem32hellodon.dll
2008-06-25 10:12 . 2008-06-25 10:12 <DIR> d-------- Cocuments and SettingsAll UsersApplication DataYahoo! Companion
2008-06-25 09:43 . 2008-06-25 09:43 24,576 --a------ C:WINDOWSsystem32yitalle.dll
2008-06-25 09:43 . 2008-06-25 09:43 10,240 --a------ C:WINDOWSsystem32yitallek.exe
2008-06-24 21:38 . 2008-06-24 21:38 268 --ah----- C:sqmdata14.sqm
2008-06-24 21:38 . 2008-06-24 21:38 244 --ah----- C:sqmnoopt14.sqm
2008-06-24 17:34 . 2008-06-24 18:54 24,576 --a------ C:WINDOWSsystem32woasick.dll
2008-06-24 17:32 . 2008-06-24 17:50 28,672 --a------ C:WINDOWSsystem32verptw.dll
2008-06-24 17:32 . 2008-06-24 17:50 24,576 --a------ C:WINDOWSsystem32quaryfy.dll
2008-06-24 17:31 . 2008-06-25 09:43 229,376 --ah----- C:WINDOWSsystem32pedadt.dll
2008-06-24 17:31 . 2008-06-24 17:49 24,576 --a------ C:WINDOWSsystem32msbod.dll
2008-06-24 17:30 . 2008-06-24 17:48 218,624 --ah----- C:WINDOWSsystem32jfdses.dll
2008-06-24 17:30 . 2008-06-24 17:48 28,672 --a------ C:WINDOWSsystem32wpuplder.dll
2008-06-24 17:30 . 2008-06-24 17:47 11,776 --a------ C:WINDOWSsystem32wpuplderk.exe
2008-06-24 17:30 . 2003-06-25 11:49 171 --a------ C:WINDOWSsystem32winsYs.reg
2008-06-24 16:44 . 2008-06-24 16:46 <DIR> d-------- C:Program FilesCCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-25 05:29 90,752 --sha-w C:WINDOWSsystem32driversfidbox.idx
2008-06-25 05:29 6,617,888 --sha-w C:WINDOWSsystem32driversfidbox.dat
2008-06-25 05:29 23,504 --sha-w C:WINDOWSsystem32driversfidbox2.idx
2008-06-25 05:29 228,128 --sha-w C:WINDOWSsystem32driversfidbox2.dat
2008-06-25 02:54 --------- d-----w Cocuments and SettingsAll UsersApplication DataKaspersky Lab
2008-06-24 11:39 --------- d-----w C:Program FilesZakFromAnotherPlanet
2008-06-24 09:18 --------- d-----w C:Program FilesSpyware Terminator
2008-06-24 09:02 --------- d-----w C:Program FilesSamurize
2008-06-24 09:02 --------- d-----w C:Program FilesReal
2008-06-24 09:00 --------- d-----w C:Program FilesNet Tools
2008-06-24 08:59 --------- d-----w C:Program FilesCommon FilesInstallShield
2008-06-24 08:58 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-06-24 08:58 --------- d-----w Cocuments and SettingsyudiApplication DataCOWON
2008-06-24 08:44 --------- d-----w C:Program FilesYahoo!
2008-06-24 08:27 --------- d-----w C:Program FilesOpera
2008-06-24 08:20 --------- d-----w C:Program FilesJava
2008-05-08 12:28 202,752 ----a-w C:WINDOWSsystem32driversrmcast.sys
2008-04-20 04:52 66,048 ----a-w C:WINDOWSPpluginCd.dll
2008-04-20 04:52 34,739 ----a-w C:WINDOWSwinp9.exe
2008-04-20 04:52 10,585 ----a-w C:WINDOWSPplugin4.exe
2008-04-20 04:46 17,331 ----a-w C:WINDOWSPplugin10xa.exe
2008-04-19 18:32 27,136 ----a-w C:WINDOWSPplugin8.exe
2008-04-19 18:31 57,344 ----a-w C:WINDOWSeimsn.exe
2008-02-21 03:41 108,648 ----a-w Cocuments and SettingsyudiApplication DataGDIPFONTCACHEV1.DAT
2004-08-08 02:48 16,734 --sh--w C:WINDOWSsystem32agxyaloe.exe
2004-08-08 01:42 536,072 --sh--w C:WINDOWSsystem32akjsdkaq.dll
2004-08-08 01:43 537,608 --sh--w C:WINDOWSsystem32apsggjba.dll
2004-08-08 09:49 535,560 --sh--w C:WINDOWSsystem32arjreler.dll
2004-08-08 01:43 16,497 --sh--w C:WINDOWSsystem32dazfajke.exe
2004-08-08 01:42 16,582 --sh--w C:WINDOWSsystem32dsdyapaw.exe
2004-08-08 01:43 1,560 --sh--w C:WINDOWSsystem32dtzfajke.sys
2004-08-08 09:52 536,584 --sh--w C:WINDOWSsystem32erxybloe.dll
2007-04-16 15:52 8,704 --sha-w C:WINDOWSsystem32hmsdvf.dll
2004-08-08 02:48 1,560 --sh--w C:WINDOWSsystem32igxyaloe.sys
2004-08-08 09:49 536,584 --sh--w C:WINDOWSsystem32ijdyapaw.dll
2004-08-08 01:42 520 --sh--w C:WINDOWSsystem32iujraler.sys
2004-08-08 01:43 16,317 --sh--w C:WINDOWSsystem32lpmxajkl.exe
2004-08-08 01:42 16,530 --sh--w C:WINDOWSsystem32mkjraler.exe
2004-08-08 09:51 534,024 --sh--w C:WINDOWSsystem32mndsgsrv.dll
2004-08-08 09:50 536,072 --sh--w C:WINDOWSsystem32nhmxcjkl.dll
2004-08-08 09:49 536,072 --sh--w C:WINDOWSsystem32pqzfajke.dll
2004-08-08 01:42 16,421 --sh--w C:WINDOWSsystem32pusqakol.exe
2004-08-08 01:42 1,560 --sh--w C:WINDOWSsystem32pzdyapaw.sys
2004-08-08 01:43 520 --sh--w C:WINDOWSsystem32rnmxajkl.sys
2004-08-08 01:42 1,560 --sh--w C:WINDOWSsystem32sbsqakol.sys
2004-08-08 03:49 520 --sh--w C:WINDOWSsystem32smdsbsrv.sys
2004-08-08 01:42 520 --sh--w C:WINDOWSsystem32snfybbyt.sys
2004-08-08 01:42 15,044 --sh--w C:WINDOWSsystem32tjfyabyt.exe
2007-04-16 15:52 9,216 --sha-w C:WINDOWSsystem32tuker.dll
2004-08-08 09:49 535,560 --sh--w C:WINDOWSsystem32tysqbkol.dll
2004-08-08 09:48 536,584 --sh--w C:WINDOWSsystem32yzztkmsn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{1A698452-C5D8-C584-C256-C264C987C5A1}]
2004-08-08 17:49 536584 ---hs---- C:WINDOWSsystem32ijdyapaw.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{20909876-4567-3908-4056-909834565102}]
2004-08-08 17:52 536584 ---hs---- C:WINDOWSsystem32erxybloe.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{4A908760-8000-4000-A000-9000322145A4}]
2004-08-08 09:42 536072 ---hs---- C:WINDOWSsystem32akjsdkaq.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{5D098345-6785-1098-5413-678067AE03D5}]
2004-08-08 17:49 535560 ---hs---- C:WINDOWSsystem32tysqbkol.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{60A345CD-ABCD-EFAB-CDEF-ABCD01020306}]
2004-08-08 17:49 536072 ---hs---- C:WINDOWSsystem32pqzfajke.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6FD45A54-9875-698F-E56E-65102358FDF6}]
C:WINDOWSsystem32apsgfjba.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{77FD640A-158F-48AC-FD14-1597F14A9777}]
2004-08-08 17:51 534024 ---hs---- C:WINDOWSsystem32mndsgsrv.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{7C69034A-F45F-D34D-A33A-C33C4D324FC7}]
2004-08-08 17:49 535560 ---hs---- C:WINDOWSsystem32arjreler.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{7FD45A54-9875-698F-E56E-65102358FDF7}]
2004-08-08 09:43 537608 ---hs---- C:WINDOWSsystem32apsggjba.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{97421D0D-E07F-40DF-8F07-99597B9585AD}]
2008-06-24 15:50 45056 --a------ C:WINDOWSDownloaded Program FilesThunderAdvise.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{B490415F-65F8-B5C5-D8BA-9405FB12054B}]
2004-08-08 17:48 536584 ---hs---- C:WINDOWSsystem32yzztkmsn.dll

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVe rsionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 15:56 15360]
"Skype"="C:Program FilesSkypePhoneSkype.exe" [2006-12-11 20:41 25343016]
"MsnMsgr"="C:Program FilesMSN MessengerMsnMsgr.Exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:Program FilesYahoo!MessengerYahooMessenger.exe" [2007-11-06 19:51 3810544]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRun]
"nwiz"="nwiz.exe" [2002-02-01 17:46 303104 C:WINDOWSsystem32nwiz.exe]
"SynTPLpr"="C:Program FilesSynapticsSynTPSynTPLpr.exe" [2001-08-02 12:52 94208]
"SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [2001-08-02 12:51 352256]
"LTSMMSG"="LTSMMSG.exe" [2001-08-02 15:28 45056 C:WINDOWSLTSMMSG.exe]
"Wbutton"="C:Program FilesLaunch ManagerWbutton.exe" [2002-05-17 17:27 258048]
"LaunchAp"="C:Program FilesLaunch ManagerLaunchAp.exe" [2001-06-26 10:22 20480]
"PowerKey"="C:Program FilesLaunch ManagerPowerKey.exe" [2000-11-06 15:29 98304]
"HotkeyApp"="C:Program FilesLaunch ManagerHotkeyApp.exe" [2002-05-01 14:27 86016]
"CtrlVol"="C:Program FilesLaunch ManagerCtrlVol.exe" [2001-10-18 14:42 163840]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck. exe" [2001-07-09 11:50 155648]
"InCD"="C:Program FilesAheadInCDInCD.exe" [2005-01-27 23:17 1381376]
"BigDogPath"="C:WINDOWSVM_STI.EXE" [2004-12-15 19:01 40960]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_05binjusched.exe" [2008-02-22 04:25 144784]
"Hide-The-IP"="C:Program FilesHide The IPHideTheIP.exe" [2007-03-02 00:14 2406400]
"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2008-03-25 05:56 185896]

Cocuments and SettingsAll UsersStart MenuProgramsStartup
Microsoft Office.lnk - C:Program FilesMicrosoft OfficeOffice10OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentve rsionpoliciessystem]
"Fast ID Maker"= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentv ersionpoliciesexplorerrun]
"DirectX For Microsoft® Windows"= C:WINDOWSsystem32fservice.exe

[hkey_local_machinesoftwaremicrosoftwindowscurrentv ersionexplorershellexecutehooks]
"{B490415F-65F8-B5C5-D8BA-9405FB12054B}"= C:WINDOWSsystem32yzztkmsn.dll [2004-08-08 17:48 536584]
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"= C:WINDOWSsystem32jfdses.dll [2008-06-24 17:48 218624]
"{45AADFAA-DD36-42AB-83AD-0521BBF58C24}"= C:WINDOWSsystem32zgrjdx.dll [2003-06-25 09:42 218624]
"{5D098345-6785-1098-5413-678067AE03D5}"= C:WINDOWSsystem32tysqbkol.dll [2004-08-08 17:49 535560]
"{6FD45A54-9875-698F-E56E-65102358FDF6}"= C:WINDOWSsystem32apsgfjba.dll [ ]
"{1A698452-C5D8-C584-C256-C264C987C5A1}"= C:WINDOWSsystem32ijdyapaw.dll [2004-08-08 17:49 536584]
"{7C69034A-F45F-D34D-A33A-C33C4D324FC7}"= C:WINDOWSsystem32arjreler.dll [2004-08-08 17:49 535560]
"{60A345CD-ABCD-EFAB-CDEF-ABCD01020306}"= C:WINDOWSsystem32pqzfajke.dll [2004-08-08 17:49 536072]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:WINDOWSsystem32ddserh.dll [ ]
"{00180018-0018-0018-0018-00180018BB15}"= C:WINDOWSsystem32mstimewd.dll [2001-06-24 17:51 585364]
"{77FD640A-158F-48AC-FD14-1597F14A9777}"= C:WINDOWSsystem32mndsgsrv.dll [2004-08-08 17:51 534024]
"{20909876-4567-3908-4056-909834565102}"= C:WINDOWSsystem32erxybloe.dll [2004-08-08 17:52 536584]
"{4A908760-8000-4000-A000-9000322145A4}"= C:WINDOWSsystem32akjsdkaq.dll [2004-08-08 09:42 536072]
"{7FD45A54-9875-698F-E56E-65102358FDF7}"= C:WINDOWSsystem32apsggjba.dll [2004-08-08 09:43 537608]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= C:WINDOWSsystem32pedadt.dll [2008-06-25 09:43 229376]
"{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}"= C:WINDOWSsystem32wyrsdj.dll [ ]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionShellServiceObjectDelayLoad]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:WINDOWSDownloaded Program FilesThunderAdvise.dll [2008-06-24 15:50 45056]
"JavaView"= {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:WINDOWSAppPatchJview.dll [ ]
"mstimewd"= {00180018-0018-0018-0018-00180018BB15} - C:WINDOWSsystem32mstimewd.dll [2001-06-24 17:51 585364]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWB]
C:Program FilesStardockObject DesktopThemeManagerfastload.dll 2001-12-20 23:34 24576 C:Program FilesStardockObject DesktopThemeManagerfastload.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=hmsdvf.dll,asfjthj.dll,asefry.dll,s dvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,fgjderg.d ll,swegfuj.dll,mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dg er.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hre rgh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll, gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxn b.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll, thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.d ll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh .dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgm m.dll,oqrthc.dll,sdrfh.dll,jyjlt.dll,ijatnaw.dll,s ehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,f jnbv.dll,jrhhh.dll,setrhes.dll,cdxbfxdb.dll,xfgnxf n.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbf bd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,gh thhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dl l,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll, ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll ,ghjkdr.dll,hfther.dll,

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"VIDC.3iv2"= C:PROGRA~1K-LITE~1codecs3IVXVF~1.DLL
"VIDC.VP60"= C:PROGRA~1K-LITE~1codecsvp6vfw.dll
"VIDC.VP61"= C:PROGRA~1K-LITE~1codecsvp6vfw.dll
"VIDC.VP62"= C:PROGRA~1K-LITE~1codecsvp6vfw.dll
"VIDC.VP70"= C:PROGRA~1K-LITE~1codecsvp7vfw.dll
"VIDC.VP31"= C:PROGRA~1K-LITE~1codecsvp31vfw.dll
"VIDC.FFDS"= C:PROGRA~1K-LITE~1ffdshowff_vfw.dll
"msacm.ac3acm"= C:PROGRA~1K-LITE~1codecsac3acm.acm
"msacm.l3fhg"= C:PROGRA~1K-LITE~1codecsl3codecp.acm

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolse curityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicys tandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicys tandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"C:Program FilesMSN Messengermsnmsgr.exe"=
"C:Program FilesMSN Messengerlivecall.exe"=
"C:Program FilesYahoo!MessengerYahooMessenger.exe"=
"C:Program FilesRealRealPlayerrealplay.exe"=
"C:Program FilesSkypePhoneSkype.exe"=

R0 ALiAGP;ALi AGP Bus Filter Driver;C:WINDOWSsystem32DRIVERSALiAGP.sys [2001-08-31 17:49]
R1 Wbutton;Wbutton;C:WINDOWSsystem32driversWbutton.sy s [2001-08-23 10:43]
S1 dmiproxy;dmiproxy;C:WINDOWSsystem32driversdmiproxy .sys [2001-10-24 17:08]
S1 Hotkey;Hotkey;C:WINDOWSsystem32driversHotkey.sys [2001-06-26 10:18]
S1 mmkmd;mmkmd;C:WINDOWSsystem32driversmmkmd.sys [2002-01-14 16:36]
S1 nbmkmd;nbmkmd;C:WINDOWSsystem32driversnbmkmd.sys [2001-10-24 17:08]
S2 UxTuneUp;TuneUp Theme Extension;C:WINDOWSSystem32svchost.exe [2004-08-04 15:56]
S3 ALiIRDA;ALi Infrared Device Driver;C:WINDOWSsystem32DRIVERSalifir.sys [2001-08-17 13:49]
S3 eth8023;eth8023;C:WINDOWSsystem32driverseth8023.sy s [2008-06-25 12:54]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 14:58]
S3 LucentSoftModem;Lucent Technologies Soft Modem;C:WINDOWSsystem32DRIVERSLTSM.sys [2001-08-02 15:28]
S3 POWERKEY;POWERKEY;C:Program FilesLaunch ManagerPOWERKEY.sys [2000-12-19 18:29]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:WINDOWSSystem32TuneUpDefragService.exe [2008-04-07 23:21]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentve rsionexplorermountpoints2{03297280-ce6f-11dc-a5d6-0000e27ffcc2}]
ShellAutoRuncommand - E:SSCVIIHOST.exe
ShellOpencommand - E:SSCVIIHOST.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentve rsionexplorermountpoints2{fe11243c-0ad2-11dd-a67e-0000e27ffcc2}]
Shellautocommand - Thumbs.com
ShellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.com

.
Contents of the 'Scheduled Tasks' folder
"2008-06-25 05:00:04 C:WINDOWSTasks1-Click Maintenance.job"
- C:Program FilesTuneUp Utilities 2008OneClickStarter.exe
"2008-01-04 09:09:56 C:WINDOWSTasksSymantec NetDetect.job"
- C:Program FilesSymantecLiveUpdateNDETECT.EXE
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Only registered users can see links. ]
Rootkit scan 2008-06-25 13:45:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-25 13:53:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-25 05:53:22

Pre-Run: 13,319,196,672 bytes free
Post-Run: 13,261,184,512 bytes free

324 --- E O F --- 2008-06-24 19:07:58
black widow is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 06-25-2008, 09:16 AM   #4 (permalink)
x~Ju$t_@_9iRl~x
 
black widow's Avatar
 
Join Date: Mar 2008
Location: On Earth
Posts: 202

Thanks: 638
Thanked 169 Times in 82 Posts
Reputation: 20
black widow is on a distinguished road
Default Re: My Hijack scan log
here's the SDFIX scan result :

Quote:
SDFix: Version 1.196
Run by yudi on Wed 06/25/2008 at 02:07 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:SDFIXSDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:Program FilesFiles-Securesecure.db1 - Deleted
C:Program FilesFiles-Securesecure.db2 - Deleted
C:Program FilesFiles-Securesecure.db3 - Deleted
C:Program FilesFiles-Securesecure.db4 - Deleted
C:Program FilesFiles-Securesecure.db5 - Deleted
C:Program FilesFiles-Securesecure.exe - Deleted
C:Program FilesFiles-SecureUninstall.exe - Deleted



Folder C:Program FilesFiles-Secure - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Only registered users can see links. ]
Rootkit scan 2008-06-25 14:30:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLs"=str(2):"hmsdvf.dll,asfjthj.dll,asef ry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,f gjderg.dll,swegfuj.dll,mhgdfg.dll,sdvfrr.dll,vhsdf g.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger .dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,f ngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger. dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serg hjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll, xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll ,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.d ll,mgmgmm.dll,oqrthc.dll,sdrfh.dll,jyjlt.dll,ijatn aw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,db fb.dll,fjnbv.dll,jrhhh.dll,setrhes.dll,cdxbfxdb.dl l,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd. dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektv m.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lar iytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,df hsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rg ghjj.dll,ghjkdr.dll,hfther.dll,"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicess haredaccessparametersfirewallpolicystandardprofile authorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Pro gram Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealP layer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicess haredaccessparametersfirewallpolicydomainprofileau thorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:SDFIXSDFixbackupsbackups.zip

Files with Hidden Attributes :

Thu 6 May 1999 94,292 A.SH. --- "C:COMMAND.COM"
Sun 8 Aug 2004 16,734 ..SH. --- "C:WINDOWSsystem32agxyaloe.exe"
Sun 8 Aug 2004 536,072 ..SH. --- "C:WINDOWSsystem32akjsdkaq.dll"
Sun 8 Aug 2004 537,608 ..SH. --- "C:WINDOWSsystem32apsggjba.dll"
Sun 8 Aug 2004 535,560 ..SH. --- "C:WINDOWSsystem32arjreler.dll"
Sun 8 Aug 2004 16,497 ..SH. --- "C:WINDOWSsystem32dazfajke.exe"
Sun 8 Aug 2004 16,582 ..SH. --- "C:WINDOWSsystem32dsdyapaw.exe"
Sun 8 Aug 2004 1,560 ..SH. --- "C:WINDOWSsystem32dtzfajke.sys"
Sun 8 Aug 2004 536,584 ..SH. --- "C:WINDOWSsystem32erxybloe.dll"
Mon 16 Apr 2007 8,704 A.SH. --- "C:WINDOWSsystem32hmsdvf.dll"
Sun 8 Aug 2004 1,560 ..SH. --- "C:WINDOWSsystem32igxyaloe.sys"
Sun 8 Aug 2004 536,584 ..SH. --- "C:WINDOWSsystem32ijdyapaw.dll"
Sun 8 Aug 2004 520 ..SH. --- "C:WINDOWSsystem32iujraler.sys"
Tue 24 Jun 2008 218,624 A..H. --- "C:WINDOWSsystem32jfdses.dll"
Sun 8 Aug 2004 16,317 ..SH. --- "C:WINDOWSsystem32lpmxajkl.exe"
Sun 8 Aug 2004 16,530 ..SH. --- "C:WINDOWSsystem32mkjraler.exe"
Sun 8 Aug 2004 534,024 ..SH. --- "C:WINDOWSsystem32mndsgsrv.dll"
Sun 8 Aug 2004 536,072 ..SH. --- "C:WINDOWSsystem32nhmxcjkl.dll"
Wed 25 Jun 2008 229,376 A..H. --- "C:WINDOWSsystem32pedadt.dll"
Sun 8 Aug 2004 536,072 ..SH. --- "C:WINDOWSsystem32pqzfajke.dll"
Sun 8 Aug 2004 16,421 ..SH. --- "C:WINDOWSsystem32pusqakol.exe"
Sun 8 Aug 2004 1,560 ..SH. --- "C:WINDOWSsystem32pzdyapaw.sys"
Sun 8 Aug 2004 520 ..SH. --- "C:WINDOWSsystem32rnmxajkl.sys"
Sun 8 Aug 2004 1,560 ..SH. --- "C:WINDOWSsystem32sbsqakol.sys"
Sun 8 Aug 2004 520 ..SH. --- "C:WINDOWSsystem32smdsbsrv.sys"
Sun 8 Aug 2004 520 ..SH. --- "C:WINDOWSsystem32snfybbyt.sys"
Sun 8 Aug 2004 15,044 ..SH. --- "C:WINDOWSsystem32tjfyabyt.exe"
Mon 16 Apr 2007 9,216 A.SH. --- "C:WINDOWSsystem32tuker.dll"
Sun 8 Aug 2004 535,560 ..SH. --- "C:WINDOWSsystem32tysqbkol.dll"
Sun 8 Aug 2004 536,584 ..SH. --- "C:WINDOWSsystem32yzztkmsn.dll"
Wed 25 Jun 2003 218,624 A..H. --- "C:WINDOWSsystem32zgrjdx.dll"
Sat 8 Mar 2008 0 A.SH. --- "Cocuments and SettingsAll UsersDRMCacheIndiv01.tmp"

Finished!
black widow is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 06-25-2008, 09:18 AM   #5 (permalink)
x~Ju$t_@_9iRl~x
 
black widow's Avatar
 
Join Date: Mar 2008
Location: On Earth
Posts: 202

Thanks: 638
Thanked 169 Times in 82 Posts
Reputation: 20
black widow is on a distinguished road
Default Re: My Hijack scan log
And here's the last Hijackthis scan result :

Quote:
Logfile of HijackThis v1.99.1
Scan saved at 3:50:50 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [Only registered users can see links. ]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [Only registered users can see links. ]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = [Only registered users can see links. ]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = [Only registered users can see links. ]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = [Only registered users can see links. ]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [Only registered users can see links. ]
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - C:WINDOWSsystem32ijdyapaw.dll
O2 - BHO: erxybloe.dll - {20909876-4567-3908-4056-909834565102} - C:WINDOWSsystem32erxybloe.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: akjsdkaq.dll - {4A908760-8000-4000-A000-9000322145A4} - C:WINDOWSsystem32akjsdkaq.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - C:WINDOWSsystem32tysqbkol.dll
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - C:WINDOWSsystem32pqzfajke.dll
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - C:WINDOWSsystem32apsgfjba.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: mndsgsrv.dll - {77FD640A-158F-48AC-FD14-1597F14A9777} - C:WINDOWSsystem32mndsgsrv.dll
O2 - BHO: arjreler.dll - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - C:WINDOWSsystem32arjreler.dll
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:WINDOWSsystem32apsggjba.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:WINDOWSDownloaded Program FilesThunderAdvise.dll
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:WINDOWSsystem32yzztkmsn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM..Run: [Wbutton] "C:Program FilesLaunch ManagerWbutton.exe"
O4 - HKLM..Run: [LaunchAp] C:Program FilesLaunch ManagerLaunchAp.exe
O4 - HKLM..Run: [PowerKey] "C:Program FilesLaunch ManagerPowerKey.exe"
O4 - HKLM..Run: [HotkeyApp] C:Program FilesLaunch ManagerHotkeyApp.exe
O4 - HKLM..Run: [CtrlVol] C:Program FilesLaunch ManagerCtrlVol.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM..Run: [BigDogPath] C:WINDOWSVM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [Hide-The-IP] "C:Program FilesHide The IPHideTheIP.exe" /startup
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZCxdm451YYID
O8 - Extra context menu item: Add to Windows &Live Favorites - [Only registered users can see links. ]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Internet Security 7.0SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:Program FilesAutoCAD 2002AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:Program FilesAutoCAD 2002InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:Program FilesAutoCAD 2002InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:Program FilesAutoCAD 2002AcPreview.ocx
O17 - HKLMSystemCCSServicesTcpip..{C2BF628A-42B8-4B2A-8794-A55B01EB3E3F}: NameServer = 202.134.0.155
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: hmsdvf.dll,asfjthj.dll,asefry.dll,sdvj.dll,asfhjy. dll,hjukrt.dll,dhdhvv.dll,fgjderg.dll,swegfuj.dll, mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dger.dll,hjdrg.dl l,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn. dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnf n.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dl l,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcv xb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dn teh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll, gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dl l,sdrfh.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjf g.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,jrhhh. dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll ,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dl l,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe. dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kdu y.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs .dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hft her.dll,
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WB - C:Program FilesStardockObject DesktopThemeManagerfastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:WINDOWSDownloaded Program FilesThunderAdvise.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:WINDOWSAppPatchJview.dll
O21 - SSODL: mstimewd - {00180018-0018-0018-0018-00180018BB15} - C:WINDOWSsystem32mstimewd.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe" -r (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program FilesAheadInCDInCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:Program FilesAheadInCDInCDsrv.exe
O23 - Service: LckFldService - Unknown owner - C:WINDOWSsystem32LckFldService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
black widow is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 06-25-2008, 10:05 AM   #6 (permalink)
F**** Off
 
Join Date: Jun 2007
Location: In Ur F****** P****
Posts: 1,110

Thanks: 328
Thanked 703 Times in 364 Posts
Reputation: 21627
-leecher- has a reputation beyond repute-leecher- has a reputation beyond repute-leecher- has a reputation beyond repute-leecher- has a reputation beyond repute-leecher- has a reputation beyond repute-leecher- has a reputation beyond repute-leecher- has a reputation beyond repute-leecher- has a reputation beyond repute-leecher- has a reputation beyond repute-leecher- has a reputation beyond repute-leecher- has a reputation beyond repute
Default Re: My Hijack scan log
1st of all u need to upgrade hijachthis scanner .. update it .... then
Reboot your computer into safe mode.
Run HijackThis again, and place a check mark next to the following entries

O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - C:WINDOWSsystem32ijdyapaw.dll
O2 - BHO: erxybloe.dll - {20909876-4567-3908-4056-909834565102} - C:WINDOWSsystem32erxybloe.dll
O2 - BHO: akjsdkaq.dll - {4A908760-8000-4000-A000-9000322145A4} - C:WINDOWSsystem32akjsdkaq.dll
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - C:WINDOWSsystem32tysqbkol.dll
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - C:WINDOWSsystem32pqzfajke.dll
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - C:WINDOWSsystem32apsgfjba.dll (file missing)
O2 - BHO: mndsgsrv.dll - {77FD640A-158F-48AC-FD14-1597F14A9777} - C:WINDOWSsystem32mndsgsrv.dll
O2 - BHO: arjreler.dll - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - C:WINDOWSsystem32arjreler.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:WINDOWSDownloaded Program FilesThunderAdvise.dll
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:WINDOWSsystem32yzztkmsn.dll
O4 - HKLM..Run: [LTSMMSG] LTSMMSG.exe
(Description: Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too. Removing this entry will free up some system resources. )

O4 - HKLM..Run: [TkBellExe] \"C:Program FilesCommon FilesRealUpdate_OBrealsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)



O8 - Extra context menu item: &Search - ?p=ZCxdm451YYID
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:Program FilesAutoCAD 2002InstFred.ocx
O17 - HKLMSystemCCSServicesTcpip..{C2BF628A-42B8-4B2A-8794-A55B01EB3E3F}: NameServer = 202.134.0.155
O20 - AppInit_DLLs: hmsdvf.dll,asfjthj.dll,asefry.dll,sdvj.dll,asfhjy. dll,hjukrt.dll,dhdhvv.dll,fgjderg.dll,swegfuj.dll, mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dger.dll,hjdrg.dl l,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn. dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnf n.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dl l,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcv xb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dn teh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll, gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dl l,sdrfh.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjf g.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,jrhhh. dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll ,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dl l,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe. dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kdu y.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs .dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hft her.dll,
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WB - C:Program FilesStardockObject DesktopThemeManagerfastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:WINDOWSDownloaded Program FilesThunderAdvise.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program FilesAheadInCDInCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:Program FilesAheadInCDInCDsrv.exe
O23 - Service: LckFldService - Unknown owner - C:WINDOWSsystem32LckFldService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

The following 04 entires which are start up items ... also suspicious

O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [PowerKey] "C:Program FilesLaunch ManagerPowerKey.exe"
O4 - HKLM..Run: [HotkeyApp] C:Program FilesLaunch ManagerHotkeyApp.exe
O4 - HKLM..Run: [CtrlVol] C:Program FilesLaunch ManagerCtrlVol.exe
O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM..Run: [BigDogPath] C:WINDOWSVM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

And i am not sure how come the scan result came up like this
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesHijackThis.exe

it should b like

Quote:
C:WINDOWSSystem32smss.exe
Quote:
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAheadInCDInCDsrv.exe
C:WINDOWSSystem32svchost.exe


anywayz just update ur hijackthis scanner....do another scan.... delete the entires i mentioned xcept the 04 entires.... run sdfix n combifix again...then do another hijackthis scan and just post hijack scan result plz

gudluck

Note: request to admin to hv a look on the 04 entries ty
Last edited by -leecher- : 06-25-2008 at 10:08 AM.
-leecher- is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to -leecher- For This Useful Post:
black widow (06-25-2008)
Old 06-25-2008, 02:52 PM   #7 (permalink)
~~Special-Ones~~
 
~~ViT~~'s Avatar
 
Join Date: Feb 2007
Location: In the middle of nothing... in the middle of everything ...
Posts: 14,760

Thanks: 560
Thanked 31,033 Times in 6,647 Posts
Reputation: 109103
~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute
Default Re: My Hijack scan log
dont put or result inside quote or code

just cope and paste here the result u have alredy delete alot if garbage

but or last hijackthis is just garbage and u cant delte anything with that result

so plz a new one just copy and paste
~~ViT~~ is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to ~~ViT~~ For This Useful Post:
black widow (06-25-2008)
Old 06-25-2008, 04:43 PM   #8 (permalink)
x~Ju$t_@_9iRl~x
 
black widow's Avatar
 
Join Date: