Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans


  • This topic is locked This topic is locked
9 replies to this topic

#1 Chris157

Chris157

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 28 June 2008 - 12:19 PM

Hello.

My AVG has been detecting a lot of trojans and they keep coming back even when I click heal.

Thanks in advance.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-28 12:54:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
119: 2008-06-28 16:55:14 UTC - RP360 - Deckard's System Scanner Restore Point
118: 2008-06-28 16:45:27 UTC - RP359 - Installed Java™ 6 Update 6
117: 2008-06-28 01:32:57 UTC - RP358 - Software Distribution Service 3.0
116: 2008-06-28 01:23:22 UTC - RP357 - Restore Operation
115: 2008-06-28 00:31:22 UTC - RP356 - Restore Operation


-- First Restore Point --
1: 2008-03-29 21:31:15 UTC - RP242 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:40 PM, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\HJT\Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: jkhxaklo.dll - {14698742-2059-3025-9058-954023874141} - C:\WINDOWS\system32\jkhxaklo.dll (file missing)
O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - C:\WINDOWS\system32\ijdyapaw.dll (file missing)
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll (file missing)
O2 - BHO: zywlcime.dll - {37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73} - C:\WINDOWS\system32\zywlcime.dll (file missing)
O2 - BHO: tisqctyu.dll - {38093456-9012-4568-9076-908765467183} - C:\WINDOWS\system32\tisqctyu.dll (file missing)
O2 - BHO: ietzcpaq.dll - {39109876-7619-9101-7012-901938475193} - C:\WINDOWS\system32\ietzcpaq.dll (file missing)
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll
O2 - BHO: zycbdime.dll - {4A698102-5904-AFD0-20DF-CD1A65829CA4} - C:\WINDOWS\system32\zycbdime.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll (file missing)
O2 - BHO: mpwdeapi.dll - {55694105-5108-9405-3695-954187462155} - C:\WINDOWS\system32\mpwdeapi.dll (file missing)
O2 - BHO: nhmxejkl.dll - {57AC9076-C898-B098-D098-A18319080975} - C:\WINDOWS\system32\nhmxejkl.dll (file missing)
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: akjsekaq.dll - {5A908760-8000-4000-A000-9000322145A5} - C:\WINDOWS\system32\akjsekaq.dll (file missing)
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - C:\WINDOWS\system32\tysqbkol.dll
O2 - BHO: oohxebyt.dll - {6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6} - C:\WINDOWS\system32\oohxebyt.dll
O2 - BHO: mndhfdwd.dll - {6C648541-1025-9650-9057-6541258720C6} - C:\WINDOWS\system32\mndhfdwd.dll
O2 - BHO: zywmgime.dll - {7319A1F1-9410-9654-3201-345FFA349137} - C:\WINDOWS\system32\zywmgime.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: zxmsdwin.dll - {7A041F13-A111-12A3-B0CF-F99818AA68A7} - C:\WINDOWS\system32\zxmsdwin.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll
O2 - BHO: ypcqghlp.dll - {80AF1289-F140-A140-D012-C1458759FC08} - C:\WINDOWS\system32\ypcqghlp.dll
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll (file missing)
O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll (file missing)
O2 - BHO: ypdjgbmp.dll - {91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll (file missing)
O2 - BHO: arjrgler.dll - {9C69034A-F45F-D34D-A33A-C33C4D324FC9} - C:\WINDOWS\system32\arjrgler.dll (file missing)
O2 - BHO: zyzxjime.dll - {AA59145F-315D-BC23-AC1F-145DF81A34AA} - C:\WINDOWS\system32\zyzxjime.dll
O2 - BHO: yzztlmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztlmsn.dll (file missing)
O2 - BHO: yzztlmsn.dll - {C490415F-65F8-B5C5-D8BA-9405FB12054C} - C:\WINDOWS\system32\yzztlmsn.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184898450781
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spgame.com/infogame/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: yzztlmsn.dll,arjrgler.dll,akjsekaq.dll,nhmxejkl.dll,ietzcpaq.dll,tisqctyu.dll
O21 - SSODL: kmuqtdhc.dll - {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll (file missing)
O21 - SSODL: wasoyvkv.dll - {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll (file missing)
O21 - SSODL: iaegivjo.dll - {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 13258 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 npkcusb - c:\documents and settings\owner\desktop\ms\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S3 IOIDDEV - c:\program files\survivalproject\config\ioid.sys (file missing)
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 XDva075 - c:\windows\system32\xdva075.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-28 11:25:25 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-23 16:48:36 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 12:36:19 0 d-------- C:\HJT
2008-06-27 23:25:21 1033216 --a------ C:\WINDOWS\ijwu.exe
2008-06-27 21:32:32 24 --a------ C:\WINDOWS\system32\pzwlaime.sys
2008-06-27 21:23:59 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-27 20:42:36 0 --a------ C:\Documents and Settings\Owner\cir
2008-06-27 20:18:59 0 d-------- C:\ComboFix(2)
2008-06-26 21:44:11 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-26 21:44:04 24 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-06-26 21:44:00 24 --a------ C:\WINDOWS\system32\toqnabib.sys
2008-06-26 21:43:49 24 --a------ C:\WINDOWS\system32\pzwmaime.sys
2008-06-26 21:43:41 24 --a------ C:\WINDOWS\system32\wymxajkl.sys
2008-06-26 21:43:34 24 --a------ C:\WINDOWS\system32\sqjsakaq.sys
2008-06-26 21:43:14 24 --a------ C:\WINDOWS\system32\ijzhatde.sys
2008-06-26 21:42:58 24 --a------ C:\WINDOWS\system32\ijsgajba.sys
2008-06-26 21:42:41 24 --a------ C:\WINDOWS\system32\ciwdaapi.sys
2008-06-26 15:36:19 0 d-------- C:\f6bf0c656ee573c2fc5748f78e7a06
2008-06-25 19:34:39 5640192 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-06-25 19:34:38 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-24 22:36:52 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-24 15:54:37 0 d-------- C:\Program Files\Microsoft Games
2008-06-24 13:20:42 0 d-------- C:\Documents and Settings\Owner\WINDOWS
2008-06-20 22:00:42 0 d-------- C:\Program Files\IGZones
2008-06-20 21:42:30 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-20 11:08:32 0 d-------- C:\Program Files\AnalogX
2008-06-19 21:21:21 0 d-------- C:\Program Files\PowerISO
2008-06-12 15:50:17 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-12 02:28:49 56108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
2008-06-10 23:15:40 0 d-------- C:\Program Files\iTunes
2008-06-07 13:25:58 0 d-------- C:\Program Files\Apple Software Update
2008-05-31 13:42:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-31 13:41:02 0 d-------- C:\Program Files\Bonjour
2008-05-31 13:40:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-31 13:38:56 0 d-------- C:\Program Files\Common Files\Apple
2008-05-31 13:38:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-06-28 12:52:26 0 d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-06-28 12:47:41 0 d-------- C:\Program Files\Java
2008-06-28 11:22:39 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-06-27 21:40:22 0 d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-27 21:24:11 0 d-------- C:\Program Files\WarRock
2008-06-27 19:13:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-23 20:11:17 0 d-------- C:\Program Files\iPod
2008-06-20 21:42:51 0 d-------- C:\Program Files\Google
2008-06-19 23:33:52 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-07 10:44:24 0 d-------- C:\Program Files\Trinity Entertainment
2008-06-01 22:25:58 811 --a------ C:\WINDOWS\checkip.dat
2008-05-31 13:40:51 0 d-------- C:\Program Files\QuickTime
2008-05-31 13:38:56 0 d-------- C:\Program Files\Common Files
2008-05-26 15:46:19 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-05-26 15:46:12 0 d-------- C:\Program Files\DVDVideoSoft
2008-05-26 15:45:00 0 d-------- C:\Program Files\AVS4YOU
2008-05-26 15:44:49 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-05-26 15:41:53 0 d-------- C:\Documents and Settings\Owner\Application Data\AVS4YOU
2008-05-26 15:20:06 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-26 15:20:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-05-07 20:34:59 0 d-------- C:\Program Files\Image-Line
2008-05-07 20:34:05 0 d-------- C:\Program Files\VstPlugins
2008-04-06 23:02:55 73728 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2008-04-06 23:02:54 159744 --a------ C:\WINDOWS\system32\kdfmgr.exe <Not Verified; Kings Information & Network; k-Defense Manager>
2008-04-06 23:02:54 47104 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14698742-2059-3025-9058-954023874141}]
C:\WINDOWS\system32\jkhxaklo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A698452-C5D8-C584-C256-C264C987C5A1}]
C:\WINDOWS\system32\ijdyapaw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25FD6584-698F-BCD2-602C-698745210352}]
07/08/2004 09:33 PM 536584 ---hs---- C:\WINDOWS\system32\rijxbkin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35671234-7890-ABCD-CDEF-567801237653}]
C:\WINDOWS\system32\yxcschlp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}]
C:\WINDOWS\system32\zywlcime.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38093456-9012-4568-9076-908765467183}]
C:\WINDOWS\system32\tisqctyu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39109876-7619-9101-7012-901938475193}]
C:\WINDOWS\system32\ietzcpaq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D698451-2015-6358-9871-2015987452D3}]
07/08/2004 09:31 PM 538120 ---hs---- C:\WINDOWS\system32\apzhctde.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A698102-5904-AFD0-20DF-CD1A65829CA4}]
07/08/2004 09:31 PM 537608 ---hs---- C:\WINDOWS\system32\zycbdime.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50940F85-F015-14F1-A05F-F69858AC6D05}]
07/08/2004 09:31 PM 536072 ---hs---- C:\WINDOWS\system32\zptlcsys.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{528DF602-9541-A985-210A-984A698C6F25}]
C:\WINDOWS\system32\ptjhehlp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55694105-5108-9405-3695-954187462155}]
C:\WINDOWS\system32\mpwdeapi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57AC9076-C898-B098-D098-A18319080975}]
C:\WINDOWS\system32\nhmxejkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A069845-2036-6084-9054-6087502480A5}]
07/08/2004 09:33 PM 534024 ---hs---- C:\WINDOWS\system32\ozfyebyt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A908760-8000-4000-A000-9000322145A5}]
C:\WINDOWS\system32\akjsekaq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D098345-6785-1098-5413-678067AE03D5}]
07/08/2004 09:32 PM 535560 ---hs---- C:\WINDOWS\system32\tysqbkol.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6}]
07/08/2004 09:30 PM 537608 ---hs---- C:\WINDOWS\system32\oohxebyt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C648541-1025-9650-9057-6541258720C6}]
07/08/2004 09:30 PM 537096 ---hs---- C:\WINDOWS\system32\mndhfdwd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7319A1F1-9410-9654-3201-345FFA349137}]
07/08/2004 09:32 PM 538120 ---hs---- C:\WINDOWS\system32\zywmgime.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A041F13-A111-12A3-B0CF-F99818AA68A7}]
07/08/2004 09:30 PM 536584 ---hs---- C:\WINDOWS\system32\zxmsdwin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8D1401-A58D-A81C-CD24-A5915C4517C7}]
07/08/2004 09:30 PM 539144 ---hs---- C:\WINDOWS\system32\mnmhgsrv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD45A54-9875-698F-E56E-65102358FDF7}]
07/08/2004 09:31 PM 537608 ---hs---- C:\WINDOWS\system32\apsggjba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80AF1289-F140-A140-D012-C1458759FC08}]
07/08/2004 09:32 PM 539144 ---hs---- C:\WINDOWS\system32\ypcqghlp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87FD640A-158F-48AC-FD14-1597F14A9778}]
C:\WINDOWS\system32\mndshsrv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91698482-6555-3666-1222-954784129019}]
C:\WINDOWS\system32\zxptejpg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91954FAC-1023-154F-895A-1458258AD819}]
C:\WINDOWS\system32\ypdjgbmp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C69034A-F45F-D34D-A33A-C33C4D324FC9}]
C:\WINDOWS\system32\arjrgler.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA59145F-315D-BC23-AC1F-145DF81A34AA}]
07/08/2004 09:31 PM 537608 ---hs---- C:\WINDOWS\system32\zyzxjime.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B490415F-65F8-B5C5-D8BA-9405FB12054B}]
C:\WINDOWS\system32\yzztlmsn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C490415F-65F8-B5C5-D8BA-9405FB12054C}]
C:\WINDOWS\system32\yzztlmsn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [14/10/2004 02:42 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/04/2005 02:22 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/04/2005 02:19 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/04/2005 02:23 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [02/02/2005 04:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 08:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 08:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [22/08/2007 10:07 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 11:37 PM]
"Logitech Utility"="Logi_MwX.Exe" [17/12/2003 10:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [27/06/2008 09:32 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [16/06/2008 04:52 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:00 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [08/05/2008 02:52 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7C8D1401-A58D-A81C-CD24-A5915C4517C7}"= C:\WINDOWS\system32\mnmhgsrv.dll [07/08/2004 09:30 PM 539144]
"{6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6}"= C:\WINDOWS\system32\oohxebyt.dll [07/08/2004 09:30 PM 537608]
"{55694105-5108-9405-3695-954187462155}"= C:\WINDOWS\system32\mpwdeapi.dll [ ]
"{C490415F-65F8-B5C5-D8BA-9405FB12054C}"= C:\WINDOWS\system32\yzztlmsn.dll [ ]
"{B490415F-65F8-B5C5-D8BA-9405FB12054B}"= C:\WINDOWS\system32\yzztlmsn.dll [ ]
"{6C648541-1025-9650-9057-6541258720C6}"= C:\WINDOWS\system32\mndhfdwd.dll [07/08/2004 09:30 PM 537096]
"{00150015-0015-0015-0015-00150015BB15}"= C:\WINDOWS\system32\iaegivjo.dll [ ]
"{7A041F13-A111-12A3-B0CF-F99818AA68A7}"= C:\WINDOWS\system32\zxmsdwin.dll [07/08/2004 09:30 PM 536584]
"{7FD45A54-9875-698F-E56E-65102358FDF7}"= C:\WINDOWS\system32\apsggjba.dll [07/08/2004 09:31 PM 537608]
"{87FD640A-158F-48AC-FD14-1597F14A9778}"= C:\WINDOWS\system32\mndshsrv.dll [ ]
"{91954FAC-1023-154F-895A-1458258AD819}"= C:\WINDOWS\system32\ypdjgbmp.dll [ ]
"{528DF602-9541-A985-210A-984A698C6F25}"= C:\WINDOWS\system32\ptjhehlp.dll [ ]
"{1A698452-C5D8-C584-C256-C264C987C5A1}"= C:\WINDOWS\system32\ijdyapaw.dll [ ]
"{3D698451-2015-6358-9871-2015987452D3}"= C:\WINDOWS\system32\apzhctde.dll [07/08/2004 09:31 PM 538120]
"{4A698102-5904-AFD0-20DF-CD1A65829CA4}"= C:\WINDOWS\system32\zycbdime.dll [07/08/2004 09:31 PM 537608]
"{AA59145F-315D-BC23-AC1F-145DF81A34AA}"= C:\WINDOWS\system32\zyzxjime.dll [07/08/2004 09:31 PM 537608]
"{50940F85-F015-14F1-A05F-F69858AC6D05}"= C:\WINDOWS\system32\zptlcsys.dll [07/08/2004 09:31 PM 536072]
"{9C69034A-F45F-D34D-A33A-C33C4D324FC9}"= C:\WINDOWS\system32\arjrgler.dll [ ]
"{5A908760-8000-4000-A000-9000322145A5}"= C:\WINDOWS\system32\akjsekaq.dll [ ]
"{5D098345-6785-1098-5413-678067AE03D5}"= C:\WINDOWS\system32\tysqbkol.dll [07/08/2004 09:32 PM 535560]
"{57AC9076-C898-B098-D098-A18319080975}"= C:\WINDOWS\system32\nhmxejkl.dll [ ]
"{35671234-7890-ABCD-CDEF-567801237653}"= C:\WINDOWS\system32\yxcschlp.dll [ ]
"{7319A1F1-9410-9654-3201-345FFA349137}"= C:\WINDOWS\system32\zywmgime.dll [07/08/2004 09:32 PM 538120]
"{91698482-6555-3666-1222-954784129019}"= C:\WINDOWS\system32\zxptejpg.dll [ ]
"{80AF1289-F140-A140-D012-C1458759FC08}"= C:\WINDOWS\system32\ypcqghlp.dll [07/08/2004 09:32 PM 539144]
"{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}"= C:\WINDOWS\system32\zywlcime.dll [ ]
"{39109876-7619-9101-7012-901938475193}"= C:\WINDOWS\system32\ietzcpaq.dll [ ]
"{14698742-2059-3025-9058-954023874141}"= C:\WINDOWS\system32\jkhxaklo.dll [ ]
"{25FD6584-698F-BCD2-602C-698745210352}"= C:\WINDOWS\system32\rijxbkin.dll [07/08/2004 09:33 PM 536584]
"{5A069845-2036-6084-9054-6087502480A5}"= C:\WINDOWS\system32\ozfyebyt.dll [07/08/2004 09:33 PM 534024]
"{38093456-9012-4568-9076-908765467183}"= C:\WINDOWS\system32\tisqctyu.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kmuqtdhc.dll"= {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll [ ]
"wasoyvkv.dll"= {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll [ ]
"iaegivjo.dll"= {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=yzztlmsn.dll,arjrgler.dll,akjsekaq.dll,nhmxejkl.dll,ietzcpaq.dll,tisqctyu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32d97bfc-9cf1-11dc-be77-00167615e523}]
AutoRun\command- E:\ONSPCLCK.exe




-- End of Deckard's System Scanner: finished at 2008-06-28 12:59:27 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.53GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 502.98 MiB / 178.58 MiB
Pagefile Memory (total/avail): 1229.88 MiB / 693.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.3 MiB

C: is Fixed (NTFS) - 74.5 GiB total, 38.79 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.5 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.526 v7.5.526 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\KartRider\\NMService.exe"="C:\\Nexon\\KartRider\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nst2.tmp\\utorrent.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nst2.tmp\\utorrent.exe:*:Enabled:Torrent"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nsi10.tmp\\utorrent.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\nsi10.tmp\\utorrent.exe:*:Enabled:Torrent"
"C:\\AeriaGames\\12Sky\\TwelveSky.exe"="C:\\AeriaGames\\12Sky\\TwelveSky.exe:*:Enabled:TwelveSky"
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"="C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\MythWar_en\\update.exe"="C:\\Program Files\\MythWar_en\\update.exe:*:Enabled:update Microsoft "
"C:\\ijji\\ENGLISH\\u_gbound.exe"="C:\\ijji\\ENGLISH\\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\ijji\\ENGLISH\\u_gunz.exe"="C:\\ijji\\ENGLISH\\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Trinity Entertainment\\Trinity GunZ\\Trinity.exe"="C:\\Program Files\\Trinity Entertainment\\Trinity GunZ\\Trinity.exe:*:Enabled:Trinity"
"C:\\Documents and Settings\\Owner\\Desktop\\Trinity GunZ\\Trinity.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Trinity GunZ\\Trinity.exe:*:Enabled:Trinity"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\ijji\\ENGLISH\\u_sf.exe"="C:\\ijji\\ENGLISH\\u_sf.exe:*:Enabled:<ijji Downloader>"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX01.219\\empires2.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX01.219\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\Documents and Settings\\Owner\\Desktop\\Age of Empires II Conquerors\\age2_x1.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Age of Empires II Conquerors\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL2007
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\DELL2007
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~2.0_0\bin;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=DELL2007
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
12Sky --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4235A9E5-EEFF-42E7-BEC9-9D421DD10ECB}\setup.exe" -l0x9 -removeonly
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AnalogX Vocal Remover --> C:\Program Files\AnalogX\VocalRemover\vremu.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Fraps --> "C:\Fraps\uninstall.exe"
Free YouTube to Mp3 Converter version 3.1 --> "C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Gunbound Revolution --> "c:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
HijackThis 2.0.2 --> "C:\HJT\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Defense8 Control - Ű --> regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\kdfense8.ocx"
LimeWire 4.14.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Outspark Launcher --> C:\Program Files\Outspark\Launcher\uninstall.exe
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Trinity GunZ --> C:\Program Files\Trinity Entertainment\Uninstall.exe
ubroadcast player 1060 --> C:\Program Files\ubroadcast player\uninst.exe
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2470 / Error
Event Submitted/Written: 06/28/2008 00:21:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application u_gunz.exe, version 1.0.0.9, faulting module neobit.dll, version 1.0.5.4, fault address 0x0003cd04.
Processing media-specific event for [u_gunz.exe!ws!]

Event Record #/Type2461 / Success
Event Submitted/Written: 06/28/2008 11:24:19 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2452 / Error
Event Submitted/Written: 06/27/2008 10:57:51 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application u_gunz.exe, version 1.0.0.9, faulting module neobit.dll, version 1.0.5.4, fault address 0x0003cd04.
Processing media-specific event for [u_gunz.exe!ws!]

Event Record #/Type2444 / Success
Event Submitted/Written: 06/27/2008 09:31:42 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2438 / Warning
Event Submitted/Written: 06/27/2008 09:18:33 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21841 / Warning
Event Submitted/Written: 06/28/2008 00:58:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL200727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL200727 can't undo changes that you allow.

For more information please see the following:
%DELL2007275

Scan ID: {1D65D27D-76EA-4144-A4C5-A67BCF7D4019}

User: DELL2007\Owner

Name: %DELL2007271

ID: %DELL2007272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL2007276

Alert Type: %DELL2007278

Detection Type: 1.1.1593.02

Event Record #/Type21840 / Warning
Event Submitted/Written: 06/28/2008 00:58:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL200727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL200727 can't undo changes that you allow.

For more information please see the following:
%DELL2007275

Scan ID: {8BBE5BA6-464B-4E35-ABCA-5EB56CC3C75C}

User: DELL2007\Owner

Name: %DELL2007271

ID: %DELL2007272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL2007276

Alert Type: %DELL2007278

Detection Type: 1.1.1593.02

Event Record #/Type21839 / Warning
Event Submitted/Written: 06/28/2008 00:58:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL200727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL200727 can't undo changes that you allow.

For more information please see the following:
%DELL2007275

Scan ID: {F26F920A-5EF9-4D66-9FC0-2817482A7A61}

User: DELL2007\Owner

Name: %DELL2007271

ID: %DELL2007272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL2007276

Alert Type: %DELL2007278

Detection Type: 1.1.1593.02

Event Record #/Type21838 / Warning
Event Submitted/Written: 06/28/2008 00:57:59 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL200727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL200727 can't undo changes that you allow.

For more information please see the following:
%DELL2007275

Scan ID: {C06DF95B-855F-48B8-A3A4-5C4EE998B3C4}

User: DELL2007\Owner

Name: %DELL2007271

ID: %DELL2007272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL2007276

Alert Type: %DELL2007278

Detection Type: 1.1.1593.02

Event Record #/Type21837 / Warning
Event Submitted/Written: 06/28/2008 00:57:59 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL200727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL200727 can't undo changes that you allow.

For more information please see the following:
%DELL2007275

Scan ID: {A334D827-ADD1-4F49-AC58-1591ED34D93C}

User: DELL2007\Owner

Name: %DELL2007271

ID: %DELL2007272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL2007276

Alert Type: %DELL2007278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-06-28 12:59:27 ------------

BC AdBot (Login to Remove)

 


m

#2 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 28 June 2008 - 04:22 PM

Hi, welcome to BC. :thumbsup:

Please download Malwarebytes' Anti-Malware and save it to your Desktop.
Alternate download location
Alternate download location

Double-click mbam-setup.exe to install the application.
  • Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.



Next


Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. Also, please be sure to disable real-time protection on your applications as it says there.

Post the log from ComboFix when you've accomplished that, along with the MBAM log, and a new HijackThis log.

#3 Chris157

Chris157
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 28 June 2008 - 11:50 PM

Thanks for replying :thumbsup:.

Malwarebytes' Anti-Malware 1.19
Database version: 901
Windows 5.1.2600 Service Pack 2

12:09:22 AM 29/06/2008
mbam-log-6-29-2008 (00-09-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134070
Time elapsed: 1 hour(s), 0 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 26
Registry Values Infected: 13
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 83

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tysqbkol.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mnmhgsrv.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ypcqghlp.dll (Trojan.vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\zxmsdwin.dll (Trojan.vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\zywmgime.dll (Trojan.vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5d098345-6785-1098-5413-678067ae03d5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d098345-6785-1098-5413-678067ae03d5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{14698742-2059-3025-9058-954023874141} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14698742-2059-3025-9058-954023874141} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{80af1289-f140-a140-d012-c1458759fc08} (Trojan.vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80af1289-f140-a140-d012-c1458759fc08} (Trojan.vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7a041f13-a111-12a3-b0cf-f99818aa68a7} (Trojan.vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a041f13-a111-12a3-b0cf-f99818aa68a7} (Trojan.vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7319a1f1-9410-9654-3201-345ffa349137} (Trojan.vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7319a1f1-9410-9654-3201-345ffa349137} (Trojan.vundo) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5d098345-6785-1098-5413-678067ae03d5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14698742-2059-3025-9058-954023874141} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{80af1289-f140-a140-d012-c1458759fc08} (Trojan.vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7a041f13-a111-12a3-b0cf-f99818aa68a7} (Trojan.vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7319a1f1-9410-9654-3201-345ffa349137} (Trojan.vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tysqbkol.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mnmhgsrv.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\QooBox\Quarantine\C\WINDOWS\system32\aitlasys.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\axmsawin.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\axptajpg.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\azwmaime.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\azzxaime.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\isdsasrv.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ismhasrv.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jbhxabyt.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lpsgajba.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mkjsakaq.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pldhadwd.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\posqatyu.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\siwdaapi.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\spjhahlp.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\zaztamsn.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\zxcsahlp.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP352\A0673402.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP352\A0673408.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP352\A0673423.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP352\A0673425.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP352\A0674412.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP352\A0674418.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP352\A0674433.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP352\A0674435.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0675405.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0675413.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0675429.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0675431.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0676402.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0676406.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0676412.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0676420.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0676427.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0676429.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0677399.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0677404.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0677410.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0677418.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0677426.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0677428.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0680398.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0680403.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0680409.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0680417.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0680429.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0681401.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0681405.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0681411.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0681419.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP353\A0681428.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP355\A0681556.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP355\A0681573.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP357\A0685589.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP357\A0685592.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP357\A0685597.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP357\A0685724.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP357\A0685734.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP357\A0685759.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP357\A0685762.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP357\A0685763.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP358\A0687718.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP358\A0687722.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP358\A0687728.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP358\A0687736.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP358\A0687745.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP358\A0688728.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP358\A0688732.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP358\A0688738.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP358\A0688746.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFA65081-EADB-46A0-B7B3-5B6E3203CC4D}\RP358\A0688755.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azcbaime.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jbhxabyt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pldhadwd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pusqakol.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zsdjabmp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siwdaapi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ismhasrv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypcqghlp.dll (Trojan.vundo) -> Delete on reboot.
C:\WINDOWS\system32\zxmsdwin.dll (Trojan.vundo) -> Delete on reboot.
C:\WINDOWS\system32\zywmgime.dll (Trojan.vundo) -> Delete on reboot.




ComboFix 08-06-20.4 - Owner 2008-06-29 0:32:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.164 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\WINDOWS\system32\aitlasys.exe
C:\WINDOWS\system32\axmsawin.exe
C:\WINDOWS\system32\axptajpg.exe
C:\WINDOWS\system32\azwmaime.exe
C:\WINDOWS\system32\azzxaime.exe
C:\WINDOWS\system32\cgsqatyu.sys
C:\WINDOWS\system32\ciwdaapi.sys
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fxwmbime.sys
C:\WINDOWS\system32\fxzxbime.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\fzptbjpg.sys
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\gsdhadwd.sys
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\isdsasrv.exe
C:\WINDOWS\system32\lpsgajba.exe
C:\WINDOWS\system32\mkjsakaq.exe
C:\WINDOWS\system32\pmjhbhlp.sys
C:\WINDOWS\system32\posqatyu.exe
C:\WINDOWS\system32\pzwmaime.sys
C:\WINDOWS\system32\sdjsakaq.sys
C:\WINDOWS\system32\skqncbib.dll
C:\WINDOWS\system32\smhxbbyt.sys
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spjhahlp.exe
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\sqjsakaq.sys
C:\WINDOWS\system32\toqnabib.sys
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\system32\zaztamsn.exe
C:\WINDOWS\system32\zxcsahlp.exe
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\WINDOWS\system32\aitlasys.exe
C:\WINDOWS\system32\axmsawin.exe
C:\WINDOWS\system32\axptajpg.exe
C:\WINDOWS\system32\azwmaime.exe
C:\WINDOWS\system32\azzxaime.exe
C:\WINDOWS\system32\cgsqatyu.sys
C:\WINDOWS\system32\ciwdaapi.sys
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fxwmbime.sys
C:\WINDOWS\system32\fxzxbime.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\fzptbjpg.sys
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\gsdhadwd.sys
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\isdsasrv.exe
C:\WINDOWS\system32\ismhasrv.exe
C:\WINDOWS\system32\jbhxabyt.exe
C:\WINDOWS\system32\lpsgajba.exe
C:\WINDOWS\system32\mkjsakaq.exe
C:\WINDOWS\system32\pldhadwd.exe
C:\WINDOWS\system32\pmjhbhlp.sys
C:\WINDOWS\system32\posqatyu.exe
C:\WINDOWS\system32\pzwmaime.sys
C:\WINDOWS\system32\sdjsakaq.sys
C:\WINDOWS\system32\siwdaapi.exe
C:\WINDOWS\system32\smhxbbyt.sys
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spjhahlp.exe
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\sqjsakaq.sys
C:\WINDOWS\system32\toqnabib.sys
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\system32\zaztamsn.exe
C:\WINDOWS\system32\zxcsahlp.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 22:59 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 22:59 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 12:54 . 2008-06-28 12:54 <DIR> d-------- C:\Deckard
2008-06-28 12:36 . 2008-06-28 12:57 <DIR> d-------- C:\HJT
2008-06-27 21:32 . 2008-06-28 11:22 24 --a------ C:\WINDOWS\system32\pzwlaime.sys
2008-06-27 21:23 . 2008-06-27 21:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-27 20:18 . 2008-06-27 21:23 <DIR> d-------- C:\ComboFix(2)
2008-06-26 21:44 . 2008-06-28 11:22 24 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-06-26 21:44 . 2008-06-28 11:22 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-26 21:43 . 2008-06-28 11:22 24 --a------ C:\WINDOWS\system32\ijzhatde.sys
2008-06-26 15:36 . 2008-06-27 21:25 <DIR> d-------- C:\f6bf0c656ee573c2fc5748f78e7a06
2008-06-24 22:36 . 2008-06-24 22:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-24 15:54 . 2008-06-24 15:54 <DIR> d-------- C:\Program Files\Microsoft Games
2008-06-24 13:20 . 2008-06-24 13:20 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2008-06-22 23:04 . 2008-06-22 23:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-22 23:04 . 2008-06-22 23:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-20 22:00 . 2008-06-20 22:09 <DIR> d-------- C:\Program Files\IGZones
2008-06-20 21:42 . 2008-06-20 21:50 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-20 11:08 . 2008-06-20 11:08 <DIR> d-------- C:\Program Files\AnalogX
2008-06-20 10:53 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-20 10:53 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-19 21:21 . 2008-06-19 21:21 <DIR> d-------- C:\Program Files\PowerISO
2008-06-18 12:27 . 2008-06-19 16:05 13,717 --a------ C:\Owner000000.ERR
2008-06-12 15:50 . 2008-06-12 15:50 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-12 02:28 . 2008-06-12 02:28 56,108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-10 23:15 . 2008-06-23 20:23 <DIR> d-------- C:\Program Files\iTunes
2008-06-07 13:25 . 2008-06-07 13:26 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-31 13:42 . 2008-06-04 00:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-31 13:41 . 2008-05-31 13:41 <DIR> d-------- C:\Program Files\Bonjour
2008-05-31 13:40 . 2008-06-06 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-31 13:38 . 2008-05-31 13:38 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-31 13:38 . 2008-05-31 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 04:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-06-29 04:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-06-28 16:47 --------- d-----w C:\Program Files\Java
2008-06-28 16:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-28 01:40 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-28 01:24 --------- d-----w C:\Program Files\WarRock
2008-06-27 23:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 00:11 --------- d-----w C:\Program Files\iPod
2008-06-23 22:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-23 22:32 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-21 01:42 --------- d-----w C:\Program Files\Google
2008-06-20 03:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-17 23:28 710,064 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2008-06-12 19:08 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-07 14:44 --------- d-----w C:\Program Files\Trinity Entertainment
2008-05-31 17:40 --------- d-----w C:\Program Files\QuickTime
2008-05-26 19:46 --------- d-----w C:\Program Files\DVDVideoSoft
2008-05-26 19:46 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-05-26 19:45 --------- d-----w C:\Program Files\AVS4YOU
2008-05-26 19:44 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-26 19:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVS4YOU
2008-05-26 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 00:34 --------- d-----w C:\Program Files\VstPlugins
2008-05-08 00:34 --------- d-----w C:\Program Files\Image-Line
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-07 03:02 73,728 ----a-w C:\WINDOWS\system32\kdfapi.dll
2008-04-07 03:02 47,104 ----a-w C:\WINDOWS\system32\Kdfhok.dll
2008-04-07 03:02 159,744 ----a-w C:\WINDOWS\system32\kdfmgr.exe
2004-08-08 18:03 520 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 15:25 17,252 --sh--w C:\WINDOWS\system32\azwlaime.exe
2004-08-08 15:25 16,255 --sh--w C:\WINDOWS\system32\dehxaklo.exe
2004-08-08 01:43 15,873 --sh--w C:\WINDOWS\system32\dfqnabib.exe
2004-08-08 15:25 16,604 --sh--w C:\WINDOWS\system32\dsdyapaw.exe
2004-08-08 15:26 2,080 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 15:25 2,080 --sh--w C:\WINDOWS\system32\fxcbbime.sys
2004-08-08 15:25 1,560 --sh--w C:\WINDOWS\system32\fxwlbime.sys
2004-08-08 15:25 520 --sh--w C:\WINDOWS\system32\gpzhatde.sys
2004-08-08 15:25 1,040 --sh--w C:\WINDOWS\system32\iujraler.sys
2004-08-08 15:25 16,324 --sh--w C:\WINDOWS\system32\lpmxajkl.exe
2004-08-08 15:25 17,252 --sh--w C:\WINDOWS\system32\lpzhatde.exe
2004-08-08 15:25 16,787 --sh--w C:\WINDOWS\system32\mkjraler.exe
2004-08-08 15:26 1,040 --sh--w C:\WINDOWS\system32\nttzapaq.sys
2004-08-08 15:26 15,252 --sh--w C:\WINDOWS\system32\oltzapaq.exe
2004-08-08 15:25 2,080 --sh--w C:\WINDOWS\system32\pzdyapaw.sys
2004-08-08 15:25 1,040 --sh--w C:\WINDOWS\system32\rnmxajkl.sys
2004-08-08 15:25 2,080 --sh--w C:\WINDOWS\system32\sbsqakol.sys
2004-08-08 15:24 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 15:26 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 15:26 16,701 --sh--w C:\WINDOWS\system32\stjxakin.exe
2004-08-08 15:26 15,682 --sh--w C:\WINDOWS\system32\tjfyabyt.exe
2004-08-08 15:25 2,080 --sh--w C:\WINDOWS\system32\vlhxaklo.sys
2004-08-08 15:25 1,040 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
2004-08-08 15:24 2,080 --sh--w C:\WINDOWS\system32\xsdjbbmp.sys
2004-08-08 15:25 19,359 --sh--w C:\WINDOWS\system32\zscqahlp.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A698452-C5D8-C584-C256-C264C987C5A1}]
C:\WINDOWS\system32\ijdyapaw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25FD6584-698F-BCD2-602C-698745210352}]
C:\WINDOWS\system32\rijxbkin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}]
C:\WINDOWS\system32\zywlcime.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38093456-9012-4568-9076-908765467183}]
C:\WINDOWS\system32\tisqctyu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39109876-7619-9101-7012-901938475193}]
C:\WINDOWS\system32\ietzcpaq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D698451-2015-6358-9871-2015987452D3}]
C:\WINDOWS\system32\apzhctde.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57AC9076-C898-B098-D098-A18319080975}]
C:\WINDOWS\system32\nhmxejkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A069845-2036-6084-9054-6087502480A5}]
C:\WINDOWS\system32\ozfyebyt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A908760-8000-4000-A000-9000322145A5}]
C:\WINDOWS\system32\akjsekaq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6}]
C:\WINDOWS\system32\oohxebyt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C648541-1025-9650-9057-6541258720C6}]
C:\WINDOWS\system32\mndhfdwd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD45A54-9875-698F-E56E-65102358FDF7}]
C:\WINDOWS\system32\apsggjba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87FD640A-158F-48AC-FD14-1597F14A9778}]
C:\WINDOWS\system32\mndshsrv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91954FAC-1023-154F-895A-1458258AD819}]
C:\WINDOWS\system32\ypdjgbmp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C69034A-F45F-D34D-A33A-C33C4D324FC9}]
C:\WINDOWS\system32\arjrgler.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B490415F-65F8-B5C5-D8BA-9405FB12054B}]
C:\WINDOWS\system32\yzztlmsn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C490415F-65F8-B5C5-D8BA-9405FB12054C}]
C:\WINDOWS\system32\yzztlmsn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 14:52 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23 114688]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 04:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 08:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 10:07 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 21:32 580096]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 04:52 167936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-22 21:07 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6}"= C:\WINDOWS\system32\oohxebyt.dll [ ]
"{C490415F-65F8-B5C5-D8BA-9405FB12054C}"= C:\WINDOWS\system32\yzztlmsn.dll [ ]
"{B490415F-65F8-B5C5-D8BA-9405FB12054B}"= C:\WINDOWS\system32\yzztlmsn.dll [ ]
"{6C648541-1025-9650-9057-6541258720C6}"= C:\WINDOWS\system32\mndhfdwd.dll [ ]
"{00150015-0015-0015-0015-00150015BB15}"= C:\WINDOWS\system32\iaegivjo.dll [ ]
"{7FD45A54-9875-698F-E56E-65102358FDF7}"= C:\WINDOWS\system32\apsggjba.dll [ ]
"{87FD640A-158F-48AC-FD14-1597F14A9778}"= C:\WINDOWS\system32\mndshsrv.dll [ ]
"{91954FAC-1023-154F-895A-1458258AD819}"= C:\WINDOWS\system32\ypdjgbmp.dll [ ]
"{1A698452-C5D8-C584-C256-C264C987C5A1}"= C:\WINDOWS\system32\ijdyapaw.dll [ ]
"{3D698451-2015-6358-9871-2015987452D3}"= C:\WINDOWS\system32\apzhctde.dll [ ]
"{9C69034A-F45F-D34D-A33A-C33C4D324FC9}"= C:\WINDOWS\system32\arjrgler.dll [ ]
"{5A908760-8000-4000-A000-9000322145A5}"= C:\WINDOWS\system32\akjsekaq.dll [ ]
"{57AC9076-C898-B098-D098-A18319080975}"= C:\WINDOWS\system32\nhmxejkl.dll [ ]
"{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}"= C:\WINDOWS\system32\zywlcime.dll [ ]
"{39109876-7619-9101-7012-901938475193}"= C:\WINDOWS\system32\ietzcpaq.dll [ ]
"{25FD6584-698F-BCD2-602C-698745210352}"= C:\WINDOWS\system32\rijxbkin.dll [ ]
"{5A069845-2036-6084-9054-6087502480A5}"= C:\WINDOWS\system32\ozfyebyt.dll [ ]
"{38093456-9012-4568-9076-908765467183}"= C:\WINDOWS\system32\tisqctyu.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kmuqtdhc.dll"= {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll [ ]
"wasoyvkv.dll"= {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll [ ]
"iaegivjo.dll"= {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll [ ]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Nexon\\KartRider\\NMService.exe"=
"C:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\ijji\\ENGLISH\\u_gbound.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Trinity Entertainment\\Trinity GunZ\\Trinity.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Trinity GunZ\\Trinity.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\ijji\\ENGLISH\\u_sf.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Age of Empires II Conquerors\\age2_x1.exe"=

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 10:50]
S3 IOIDDEV;IOIDDEV;C:\Program Files\SurvivalProject\config\ioid.sys []
S3 XDva075;XDva075;C:\WINDOWS\system32\XDva075.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32d97bfc-9cf1-11dc-be77-00167615e523}]
\Shell\AutoRun\command - E:\ONSPCLCK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 20:48:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-29 04:40:28 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 00:37:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-29 0:46:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 04:46:03

Pre-Run: 41,278,586,880 bytes free
Post-Run: 41,453,973,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

346 --- E O F --- 2008-06-28 01:33:21







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:28 AM, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - C:\WINDOWS\system32\ijdyapaw.dll (file missing)
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll (file missing)
O2 - BHO: zywlcime.dll - {37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73} - C:\WINDOWS\system32\zywlcime.dll (file missing)
O2 - BHO: tisqctyu.dll - {38093456-9012-4568-9076-908765467183} - C:\WINDOWS\system32\tisqctyu.dll (file missing)
O2 - BHO: ietzcpaq.dll - {39109876-7619-9101-7012-901938475193} - C:\WINDOWS\system32\ietzcpaq.dll (file missing)
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll (file missing)
O2 - BHO: nhmxejkl.dll - {57AC9076-C898-B098-D098-A18319080975} - C:\WINDOWS\system32\nhmxejkl.dll (file missing)
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll (file missing)
O2 - BHO: akjsekaq.dll - {5A908760-8000-4000-A000-9000322145A5} - C:\WINDOWS\system32\akjsekaq.dll (file missing)
O2 - BHO: oohxebyt.dll - {6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6} - C:\WINDOWS\system32\oohxebyt.dll (file missing)
O2 - BHO: mndhfdwd.dll - {6C648541-1025-9650-9057-6541258720C6} - C:\WINDOWS\system32\mndhfdwd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll (file missing)
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll (file missing)
O2 - BHO: ypdjgbmp.dll - {91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll (file missing)
O2 - BHO: arjrgler.dll - {9C69034A-F45F-D34D-A33A-C33C4D324FC9} - C:\WINDOWS\system32\arjrgler.dll (file missing)
O2 - BHO: yzztlmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztlmsn.dll (file missing)
O2 - BHO: yzztlmsn.dll - {C490415F-65F8-B5C5-D8BA-9405FB12054C} - C:\WINDOWS\system32\yzztlmsn.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184898450781
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spgame.com/infogame/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O21 - SSODL: kmuqtdhc.dll - {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll (file missing)
O21 - SSODL: wasoyvkv.dll - {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll (file missing)
O21 - SSODL: iaegivjo.dll - {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 11383 bytes

#4 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 29 June 2008 - 10:31 AM

Ok, I see you already had a version of ComboFix and ran it. Please delete all copies of ComboFix you have and then download the newest version from the link below and run it the same as before.
http://download.bleepingcomputer.com/sUBs/+/ComboFix.exe

Please post the log from ComboFix and a new HijackThis log in your next response.

#5 Chris157

Chris157
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 30 June 2008 - 08:23 PM

ComboFix 08-06-27.5 - Owner 2008-06-30 21:06:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.193 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 22:59 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 22:59 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 12:54 . 2008-06-28 12:54 <DIR> d-------- C:\Deckard
2008-06-28 12:36 . 2008-06-29 00:49 <DIR> d-------- C:\HJT
2008-06-27 21:32 . 2008-06-28 11:22 24 --a------ C:\WINDOWS\system32\pzwlaime.sys
2008-06-27 21:23 . 2008-06-27 21:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-26 21:44 . 2008-06-28 11:22 24 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-06-26 21:44 . 2008-06-28 11:22 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-26 21:43 . 2008-06-28 11:22 24 --a------ C:\WINDOWS\system32\ijzhatde.sys
2008-06-26 15:36 . 2008-06-27 21:25 <DIR> d-------- C:\f6bf0c656ee573c2fc5748f78e7a06
2008-06-24 22:36 . 2008-06-24 22:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-24 15:54 . 2008-06-24 15:54 <DIR> d-------- C:\Program Files\Microsoft Games
2008-06-24 13:20 . 2008-06-24 13:20 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2008-06-22 23:04 . 2008-06-22 23:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-22 23:04 . 2008-06-22 23:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-20 22:00 . 2008-06-20 22:09 <DIR> d-------- C:\Program Files\IGZones
2008-06-20 21:42 . 2008-06-20 21:50 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-20 11:08 . 2008-06-20 11:08 <DIR> d-------- C:\Program Files\AnalogX
2008-06-20 10:53 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-20 10:53 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-19 21:21 . 2008-06-19 21:21 <DIR> d-------- C:\Program Files\PowerISO
2008-06-18 12:27 . 2008-06-19 16:05 13,717 --a------ C:\Owner000000.ERR
2008-06-12 15:50 . 2008-06-12 15:50 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-12 02:28 . 2008-06-12 02:28 56,108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-10 23:15 . 2008-06-23 20:23 <DIR> d-------- C:\Program Files\iTunes
2008-06-07 13:25 . 2008-06-07 13:26 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 01:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-07-01 00:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-06-28 16:47 --------- d-----w C:\Program Files\Java
2008-06-28 16:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-28 01:40 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-28 01:24 --------- d-----w C:\Program Files\WarRock
2008-06-27 23:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 00:11 --------- d-----w C:\Program Files\iPod
2008-06-23 22:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-23 22:32 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-21 01:42 --------- d-----w C:\Program Files\Google
2008-06-20 03:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-17 23:28 710,064 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2008-06-12 19:08 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-07 14:44 --------- d-----w C:\Program Files\Trinity Entertainment
2008-06-06 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-04 04:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-31 17:41 --------- d-----w C:\Program Files\Bonjour
2008-05-31 17:40 --------- d-----w C:\Program Files\QuickTime
2008-05-31 17:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-31 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-26 19:46 --------- d-----w C:\Program Files\DVDVideoSoft
2008-05-26 19:46 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-05-26 19:45 --------- d-----w C:\Program Files\AVS4YOU
2008-05-26 19:44 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-26 19:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVS4YOU
2008-05-26 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 00:34 --------- d-----w C:\Program Files\VstPlugins
2008-05-08 00:34 --------- d-----w C:\Program Files\Image-Line
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-07 03:02 73,728 ----a-w C:\WINDOWS\system32\kdfapi.dll
2008-04-07 03:02 47,104 ----a-w C:\WINDOWS\system32\Kdfhok.dll
2008-04-07 03:02 159,744 ----a-w C:\WINDOWS\system32\kdfmgr.exe
2004-08-08 18:03 520 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 15:26 2,080 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 15:25 2,080 --sh--w C:\WINDOWS\system32\fxcbbime.sys
2004-08-08 15:25 1,560 --sh--w C:\WINDOWS\system32\fxwlbime.sys
2004-08-08 15:25 520 --sh--w C:\WINDOWS\system32\gpzhatde.sys
2004-08-08 15:25 1,040 --sh--w C:\WINDOWS\system32\iujraler.sys
2004-08-08 15:26 1,040 --sh--w C:\WINDOWS\system32\nttzapaq.sys
2004-08-08 15:26 15,252 --sh--w C:\WINDOWS\system32\oltzapaq.exe
2004-08-08 15:25 2,080 --sh--w C:\WINDOWS\system32\pzdyapaw.sys
2004-08-08 15:25 1,040 --sh--w C:\WINDOWS\system32\rnmxajkl.sys
2004-08-08 15:25 2,080 --sh--w C:\WINDOWS\system32\sbsqakol.sys
2004-08-08 15:24 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 15:26 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 15:26 16,701 --sh--w C:\WINDOWS\system32\stjxakin.exe
2004-08-08 15:26 15,682 --sh--w C:\WINDOWS\system32\tjfyabyt.exe
2004-08-08 15:25 2,080 --sh--w C:\WINDOWS\system32\vlhxaklo.sys
2004-08-08 15:25 1,040 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
2004-08-08 15:24 2,080 --sh--w C:\WINDOWS\system32\xsdjbbmp.sys
2004-08-08 15:25 19,359 --sh--w C:\WINDOWS\system32\zscqahlp.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_ 0.45.45.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 04:37:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 00:31:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 14:52 289088]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23 114688]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 04:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 08:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 10:07 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 21:32 580096]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 04:52 167936]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-22 21:07 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Nexon\\KartRider\\NMService.exe"=
"C:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\ijji\\ENGLISH\\u_gbound.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Trinity Entertainment\\Trinity GunZ\\Trinity.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\ijji\\ENGLISH\\u_sf.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Age of Empires II Conquerors\\age2_x1.exe"=

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 10:50]
S3 IOIDDEV;IOIDDEV;C:\Program Files\SurvivalProject\config\ioid.sys []
S3 XDva075;XDva075;C:\WINDOWS\system32\XDva075.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32d97bfc-9cf1-11dc-be77-00167615e523}]
\Shell\AutoRun\command - E:\ONSPCLCK.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 20:48:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-01 00:34:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{1A698452-C5D8-C584-C256-C264C987C5A1} - C:\WINDOWS\system32\ijdyapaw.dll
BHO-{25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
BHO-{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73} - C:\WINDOWS\system32\zywlcime.dll
BHO-{38093456-9012-4568-9076-908765467183} - C:\WINDOWS\system32\tisqctyu.dll
BHO-{39109876-7619-9101-7012-901938475193} - C:\WINDOWS\system32\ietzcpaq.dll
BHO-{3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll
BHO-{57AC9076-C898-B098-D098-A18319080975} - C:\WINDOWS\system32\nhmxejkl.dll
BHO-{5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
BHO-{5A908760-8000-4000-A000-9000322145A5} - C:\WINDOWS\system32\akjsekaq.dll
BHO-{6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6} - C:\WINDOWS\system32\oohxebyt.dll
BHO-{6C648541-1025-9650-9057-6541258720C6} - C:\WINDOWS\system32\mndhfdwd.dll
BHO-{7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll
BHO-{87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll
BHO-{91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll
BHO-{9C69034A-F45F-D34D-A33A-C33C4D324FC9} - C:\WINDOWS\system32\arjrgler.dll
BHO-{B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztlmsn.dll
BHO-{C490415F-65F8-B5C5-D8BA-9405FB12054C} - C:\WINDOWS\system32\yzztlmsn.dll
ShellExecuteHooks-{6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6} - C:\WINDOWS\system32\oohxebyt.dll
ShellExecuteHooks-{C490415F-65F8-B5C5-D8BA-9405FB12054C} - C:\WINDOWS\system32\yzztlmsn.dll
ShellExecuteHooks-{B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztlmsn.dll
ShellExecuteHooks-{6C648541-1025-9650-9057-6541258720C6} - C:\WINDOWS\system32\mndhfdwd.dll
ShellExecuteHooks-{00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll
ShellExecuteHooks-{7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll
ShellExecuteHooks-{87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll
ShellExecuteHooks-{91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll
ShellExecuteHooks-{1A698452-C5D8-C584-C256-C264C987C5A1} - C:\WINDOWS\system32\ijdyapaw.dll
ShellExecuteHooks-{3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll
ShellExecuteHooks-{9C69034A-F45F-D34D-A33A-C33C4D324FC9} - C:\WINDOWS\system32\arjrgler.dll
ShellExecuteHooks-{5A908760-8000-4000-A000-9000322145A5} - C:\WINDOWS\system32\akjsekaq.dll
ShellExecuteHooks-{57AC9076-C898-B098-D098-A18319080975} - C:\WINDOWS\system32\nhmxejkl.dll
ShellExecuteHooks-{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73} - C:\WINDOWS\system32\zywlcime.dll
ShellExecuteHooks-{39109876-7619-9101-7012-901938475193} - C:\WINDOWS\system32\ietzcpaq.dll
ShellExecuteHooks-{25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
ShellExecuteHooks-{5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
ShellExecuteHooks-{38093456-9012-4568-9076-908765467183} - C:\WINDOWS\system32\tisqctyu.dll
SSODL-kmuqtdhc.dll-{00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll
SSODL-wasoyvkv.dll-{00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll
SSODL-iaegivjo.dll-{00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\iaegivjo.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 21:09:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\TMP0000003B5BA82953A439A5A3 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-06-30 21:14:22
ComboFix-quarantined-files.txt 2008-07-01 01:14:20

Pre-Run: 41,263,087,616 bytes free
Post-Run: 41,437,753,344 bytes free

221 --- E O F --- 2008-06-30 05:04:10







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:01 PM, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184898450781
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spgame.com/infogame/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 9126 bytes

#6 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 05 July 2008 - 08:40 AM

Hi again. First, please delete the copy of ComboFix you have. Then, download a new copy from here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

After completing that,

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quote box below into it:

File::
C:\WINDOWS\system32\pzwlaime.sys
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\ngjxakin.sys
C:\WINDOWS\system32\ijzhatde.sys
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\fxcbbime.sys
C:\WINDOWS\system32\fxwlbime.sys
C:\WINDOWS\system32\gpzhatde.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\nttzapaq.sys
C:\WINDOWS\system32\oltzapaq.exe
C:\WINDOWS\system32\pzdyapaw.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\sbsqakol.sys
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\stjxakin.exe
C:\WINDOWS\system32\tjfyabyt.exe
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\xscqbhlp.sys
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\zscqahlp.exe
Folder::
C:\f6bf0c656ee573c2fc5748f78e7a06


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next response, please be sure to include the logs from ComboFix and the Kaspersky scan.

#7 Chris157

Chris157
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 10 July 2008 - 07:45 PM

Sorry for the late reply.

ComboFix 08-07-07.3 - Owner 2008-07-08 18:05:43.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\fxcbbime.sys
C:\WINDOWS\system32\fxwlbime.sys
C:\WINDOWS\system32\gpzhatde.sys
C:\WINDOWS\system32\ijzhatde.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\ngjxakin.sys
C:\WINDOWS\system32\nttzapaq.sys
C:\WINDOWS\system32\oltzapaq.exe
C:\WINDOWS\system32\pzdyapaw.sys
C:\WINDOWS\system32\pzwlaime.sys
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\sbsqakol.sys
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\stjxakin.exe
C:\WINDOWS\system32\tjfyabyt.exe
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\xscqbhlp.sys
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\zscqahlp.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\f6bf0c656ee573c2fc5748f78e7a06
C:\f6bf0c656ee573c2fc5748f78e7a06\$shtdwn$.req
C:\f6bf0c656ee573c2fc5748f78e7a06\mpasbase.vdm
C:\f6bf0c656ee573c2fc5748f78e7a06\mpasdlta.vdm
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\fxcbbime.sys
C:\WINDOWS\system32\fxwlbime.sys
C:\WINDOWS\system32\gpzhatde.sys
C:\WINDOWS\system32\ijzhatde.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\ngjxakin.sys
C:\WINDOWS\system32\nttzapaq.sys
C:\WINDOWS\system32\pzdyapaw.sys
C:\WINDOWS\system32\pzwlaime.sys
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\sbsqakol.sys
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\xscqbhlp.sys
C:\WINDOWS\system32\xsdjbbmp.sys

.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-06 13:14 . 2008-07-06 13:15 <DIR> d-------- C:\Program Files\QuickTime
2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 22:59 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 22:59 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 12:54 . 2008-06-28 12:54 <DIR> d-------- C:\Deckard
2008-06-28 12:36 . 2008-06-30 21:22 <DIR> d-------- C:\HJT
2008-06-27 21:23 . 2008-06-27 21:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-24 22:36 . 2008-06-24 22:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-24 15:54 . 2008-06-24 15:54 <DIR> d-------- C:\Program Files\Microsoft Games
2008-06-24 13:20 . 2008-06-24 13:20 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2008-06-20 22:00 . 2008-06-20 22:09 <DIR> d-------- C:\Program Files\IGZones
2008-06-20 21:42 . 2008-06-20 21:50 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-20 11:08 . 2008-06-20 11:08 <DIR> d-------- C:\Program Files\AnalogX
2008-06-20 10:53 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-20 10:53 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-19 21:21 . 2008-06-19 21:21 <DIR> d-------- C:\Program Files\PowerISO
2008-06-18 12:27 . 2008-06-19 16:05 13,717 --a------ C:\Owner000000.ERR
2008-06-12 15:50 . 2008-06-12 15:50 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-12 02:28 . 2008-06-12 02:28 56,108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-10 23:15 . 2008-07-06 13:16 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 22:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-07-08 19:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-07-07 01:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 17:16 --------- d-----w C:\Program Files\iPod
2008-07-06 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-06 16:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 16:47 --------- d-----w C:\Program Files\Java
2008-06-28 01:40 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-28 01:24 --------- d-----w C:\Program Files\WarRock
2008-06-23 22:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-23 22:32 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-21 01:42 --------- d-----w C:\Program Files\Google
2008-06-20 03:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-17 23:28 710,064 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2008-06-12 19:08 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-07 17:26 --------- d-----w C:\Program Files\Apple Software Update
2008-06-07 14:44 --------- d-----w C:\Program Files\Trinity Entertainment
2008-06-04 04:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-31 17:41 --------- d-----w C:\Program Files\Bonjour
2008-05-31 17:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-31 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-26 19:46 --------- d-----w C:\Program Files\DVDVideoSoft
2008-05-26 19:46 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-05-26 19:45 --------- d-----w C:\Program Files\AVS4YOU
2008-05-26 19:44 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-26 19:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVS4YOU
2008-05-26 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 00:34 --------- d-----w C:\Program Files\VstPlugins
2008-05-08 00:34 --------- d-----w C:\Program Files\Image-Line
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_ 0.45.45.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 04:37:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 19:39:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-06 17:17:16 102,400 ----a-r C:\WINDOWS\Installer\{9F70BF98-003C-491D-81FC-FF9792206AF0}\iTunesIco.exe
+ 2008-01-29 16:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 16:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 14:52 289088]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23 114688]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 04:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 08:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 10:07 185632]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 21:32 580096]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 04:52 167936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-22 21:07 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Nexon\\KartRider\\NMService.exe"=
"C:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\ijji\\ENGLISH\\u_gbound.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\ijji\\ENGLISH\\u_sf.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Age of Empires II Conquerors\\age2_x1.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 10:50]
S3 IOIDDEV;IOIDDEV;C:\Program Files\SurvivalProject\config\ioid.sys []
S3 XDva075;XDva075;C:\WINDOWS\system32\XDva075.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32d97bfc-9cf1-11dc-be77-00167615e523}]
\Shell\AutoRun\command - E:\ONSPCLCK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-07 20:48:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-08 20:01:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 18:09:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\Edited email out\SharingMetadata\Working\database_2208_6B76_86B_47BD\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-07-08 18:14:56
ComboFix-quarantined-files.txt 2008-07-08 22:14:53
ComboFix2.txt 2008-07-01 01:14:24

Pre-Run: 37,995,536,384 bytes free
Post-Run: 38,599,520,256 bytes free

208 --- E O F --- 2008-07-06 22:47:06








ComboFix 08-07-07.3 - Owner 2008-07-08 18:05:43.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\fxcbbime.sys
C:\WINDOWS\system32\fxwlbime.sys
C:\WINDOWS\system32\gpzhatde.sys
C:\WINDOWS\system32\ijzhatde.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\ngjxakin.sys
C:\WINDOWS\system32\nttzapaq.sys
C:\WINDOWS\system32\oltzapaq.exe
C:\WINDOWS\system32\pzdyapaw.sys
C:\WINDOWS\system32\pzwlaime.sys
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\sbsqakol.sys
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\stjxakin.exe
C:\WINDOWS\system32\tjfyabyt.exe
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\xscqbhlp.sys
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\zscqahlp.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\f6bf0c656ee573c2fc5748f78e7a06
C:\f6bf0c656ee573c2fc5748f78e7a06\$shtdwn$.req
C:\f6bf0c656ee573c2fc5748f78e7a06\mpasbase.vdm
C:\f6bf0c656ee573c2fc5748f78e7a06\mpasdlta.vdm
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\fxcbbime.sys
C:\WINDOWS\system32\fxwlbime.sys
C:\WINDOWS\system32\gpzhatde.sys
C:\WINDOWS\system32\ijzhatde.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\ngjxakin.sys
C:\WINDOWS\system32\nttzapaq.sys
C:\WINDOWS\system32\pzdyapaw.sys
C:\WINDOWS\system32\pzwlaime.sys
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\sbsqakol.sys
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\xscqbhlp.sys
C:\WINDOWS\system32\xsdjbbmp.sys

.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-06 13:14 . 2008-07-06 13:15 <DIR> d-------- C:\Program Files\QuickTime
2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-28 22:59 . 2008-06-28 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 22:59 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 22:59 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 12:54 . 2008-06-28 12:54 <DIR> d-------- C:\Deckard
2008-06-28 12:36 . 2008-06-30 21:22 <DIR> d-------- C:\HJT
2008-06-27 21:23 . 2008-06-27 21:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-24 22:36 . 2008-06-24 22:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-24 15:54 . 2008-06-24 15:54 <DIR> d-------- C:\Program Files\Microsoft Games
2008-06-24 13:20 . 2008-06-24 13:20 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2008-06-20 22:00 . 2008-06-20 22:09 <DIR> d-------- C:\Program Files\IGZones
2008-06-20 21:42 . 2008-06-20 21:50 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-20 11:08 . 2008-06-20 11:08 <DIR> d-------- C:\Program Files\AnalogX
2008-06-20 10:53 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-20 10:53 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-19 21:21 . 2008-06-19 21:21 <DIR> d-------- C:\Program Files\PowerISO
2008-06-18 12:27 . 2008-06-19 16:05 13,717 --a------ C:\Owner000000.ERR
2008-06-12 15:50 . 2008-06-12 15:50 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-12 02:28 . 2008-06-12 02:28 56,108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-10 23:15 . 2008-07-06 13:16 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 22:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-07-08 19:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-07-07 01:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 17:16 --------- d-----w C:\Program Files\iPod
2008-07-06 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-06 16:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 16:47 --------- d-----w C:\Program Files\Java
2008-06-28 01:40 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-28 01:24 --------- d-----w C:\Program Files\WarRock
2008-06-23 22:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-23 22:32 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-21 01:42 --------- d-----w C:\Program Files\Google
2008-06-20 03:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-17 23:28 710,064 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2008-06-12 19:08 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-07 17:26 --------- d-----w C:\Program Files\Apple Software Update
2008-06-07 14:44 --------- d-----w C:\Program Files\Trinity Entertainment
2008-06-04 04:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-31 17:41 --------- d-----w C:\Program Files\Bonjour
2008-05-31 17:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-31 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-26 19:46 --------- d-----w C:\Program Files\DVDVideoSoft
2008-05-26 19:46 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-05-26 19:45 --------- d-----w C:\Program Files\AVS4YOU
2008-05-26 19:44 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-26 19:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVS4YOU
2008-05-26 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 00:34 --------- d-----w C:\Program Files\VstPlugins
2008-05-08 00:34 --------- d-----w C:\Program Files\Image-Line
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_ 0.45.45.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 04:37:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 19:39:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-06 17:17:16 102,400 ----a-r C:\WINDOWS\Installer\{9F70BF98-003C-491D-81FC-FF9792206AF0}\iTunesIco.exe
+ 2008-01-29 16:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 16:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 14:52 289088]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23 114688]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 04:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 08:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 10:07 185632]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 21:32 580096]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 04:52 167936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-22 21:07 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Nexon\\KartRider\\NMService.exe"=
"C:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\ijji\\ENGLISH\\u_gbound.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\ijji\\ENGLISH\\u_sf.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Age of Empires II Conquerors\\age2_x1.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 10:50]
S3 IOIDDEV;IOIDDEV;C:\Program Files\SurvivalProject\config\ioid.sys []
S3 XDva075;XDva075;C:\WINDOWS\system32\XDva075.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32d97bfc-9cf1-11dc-be77-00167615e523}]
\Shell\AutoRun\command - E:\ONSPCLCK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-07 20:48:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-08 20:01:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 18:09:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\Edited email out\SharingMetadata\Working\database_2208_6B76_86B_47BD\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-07-08 18:14:56
ComboFix-quarantined-files.txt 2008-07-08 22:14:53
ComboFix2.txt 2008-07-01 01:14:24

Pre-Run: 37,995,536,384 bytes free
Post-Run: 38,599,520,256 bytes free

208 --- E O F --- 2008-07-06 22:47:06

Thanks.

Edited by drex23, 12 July 2008 - 09:12 PM.


#8 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 16 July 2008 - 05:08 PM

Hi again, sorry I meant to reply here before I now realized I didn't. Did you do the Kaspersky scan and how are things now? You can post the log from Kaspersky and a new DSS (Deckard's System Scanner) log for me to review.

Edited by drex23, 16 July 2008 - 05:08 PM.


#9 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 23 July 2008 - 11:08 AM

Still with me Chris157?

#10 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 25 July 2008 - 11:23 AM

As there is no more feedback, this topic is closed.

If you need this topic reopened due to continuation of your original problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin your own topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users