HJT Log
 
  Tweaks.com
 Home    Members    Calendar    Who's On    
Search
    Main Site
 


Home » Windows & System Security » HiJack This Logs » HJT Log

24 posts, Page 1 of 3
123»»»

HJT LogExpand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
Dirtbikenick
Posted 2/24/2008 4:49 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 7/11/2008 1:27 AM
Posts: 36, Visits: 55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:13 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\xhhslfey.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\AOL\1179188616\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1179188616\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D2933202228B284662E901F3D293314D6ECF32257895769ABCF75D7551F765142DAF48BD87822212329A38506CAC59B6
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\kwintmdq.exe CHD003
O4 - HKLM\..\Run: [{B5-54-43-3D-ZN}] C:\WINDOWS\system32\lsdsrngp.exe CHD003
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [a41b5492] rundll32.exe "C:\WINDOWS\system32\nvtigsoa.dll",b
O4 - HKLM\..\Run: [BMa728670e] Rundll32.exe "C:\WINDOWS\system32\dyunvwas.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lsdsrngp.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\kwintmdq.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm860YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185413384984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185413364796
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\xhhslfey.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9823 bytes




So what do I need to do?

:: Dirtbikenick
Post #234947
RichieUK
Posted 2/25/2008 2:33 AM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,169, Visits: 54,734
Welcome

Click Start/Control Panel/Add or Remove Programs and remove MyWebSearch,then restart your pc.

If you have previously downloaded ComboFix,please delete that version now.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK:
"%userprofile%\desktop\combofix.exe" /killall
Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

__________________________________________________


ASAP & UNITE member since 2006





Firefox 3
Post #234958
Dirtbikenick
Posted 2/26/2008 10:25 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 7/11/2008 1:27 AM
Posts: 36, Visits: 55
Here is the combofix log


ComboFix 08-02-25.3 - Owner 2008-02-26 19:27:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.54 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\desktop\combofix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\Ashley!!\Application Data\CROSOF~1.NET
C:\Documents and Settings\Ashley!!\Application Data\TSKS~1
C:\Documents and Settings\Ashley!!\Application Data\WinAntiSpyware 2006
C:\Documents and Settings\Ashley!!\Application Data\WinAntiSpyware 2006\Logs\update.log
C:\Documents and Settings\Ashley!!\err.log
C:\Documents and Settings\Ashley!!\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Ashley!!\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Ashley!!\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Ashley!!\Start Menu\Programs\Startup\ta_start.lnk
C:\Documents and Settings\Ashley!!\Start Menu\Programs\Startup\think-adz.lnk
C:\Documents and Settings\Owner\Application Data\DriveCleaner Freeware
C:\Documents and Settings\Owner\Application Data\DriveCleaner Freeware\Logs\update.log
C:\Documents and Settings\Owner\err.log
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\think-adz.lnk
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\racle~1\F?nts\
C:\Program Files\Common Files\racle~1\spoolsv.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\0041376F.dat
C:\Program Files\mcroso~1.net
C:\Program Files\MyWebSearch
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\ttx.exe
C:\Program Files\Uninstall Fun Web Products.dll
C:\Program Files\winantispyware 2006 free
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_browser helper objects\#data
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\msettings.ini
C:\WINDOWS\scurit~1
C:\WINDOWS\system32\aaukmxfm.exe
C:\WINDOWS\system32\acuabmji.dll
C:\WINDOWS\system32\adixbekj.dll
C:\WINDOWS\system32\adleaxqq.dll
C:\WINDOWS\system32\aghgtcaa.dll
C:\WINDOWS\system32\agkwpuba.dll
C:\WINDOWS\system32\ahdhbkqq.dll
C:\WINDOWS\system32\ailfqeki.dll
C:\WINDOWS\system32\aknrftbn.dll
C:\WINDOWS\system32\amfgmwxr.ini
C:\WINDOWS\system32\amjxscpy.exe
C:\WINDOWS\system32\aosgitvn.ini
C:\WINDOWS\system32\apjtsmzd.dll
C:\WINDOWS\system32\aqysnbdt.ini
C:\WINDOWS\system32\atdfylgg.exe
C:\WINDOWS\system32\auksmcdj.exe
C:\WINDOWS\system32\axdjfrud.dll
C:\WINDOWS\system32\aypeuqyc.exe
C:\WINDOWS\system32\bbpfntrj.dll
C:\WINDOWS\system32\bdcvofcw.ini
C:\WINDOWS\system32\belafsca.dll
C:\WINDOWS\system32\bfwiahje.exe
C:\WINDOWS\system32\bghbwmhe.ini
C:\WINDOWS\system32\bhdrxavi.dll
C:\WINDOWS\system32\bhefbulb.ini
C:\WINDOWS\system32\bhlhermy.dll
C:\WINDOWS\system32\bijgyeuj.dll
C:\WINDOWS\system32\bjrbjjfs.exe
C:\WINDOWS\system32\blpjvjhl.ini
C:\WINDOWS\system32\bncnbnxc.dll
C:\WINDOWS\system32\bnenqwlw.dll
C:\WINDOWS\system32\bnnapucu.dll
C:\WINDOWS\system32\bnqnydjd.exe
C:\WINDOWS\system32\bqikjyck.dll
C:\WINDOWS\system32\buwynbeo.dll
C:\WINDOWS\system32\bwekknfi.dll
C:\WINDOWS\system32\byrhxwgu.dll
C:\WINDOWS\system32\byvmlrqs.ini
C:\WINDOWS\system32\cdnfolwa.dll
C:\WINDOWS\system32\ceclydnh.ini
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\cfhkj.tmp
C:\WINDOWS\system32\cncmtkkk.exe
C:\WINDOWS\system32\cnghynff.exe
C:\WINDOWS\system32\cnyesibf.dll
C:\WINDOWS\system32\cqebvnar.ini
C:\WINDOWS\system32\cqkwfxxs.exe
C:\WINDOWS\system32\crfrlpyt.exe
C:\WINDOWS\system32\crwkjasv.ini
C:\WINDOWS\system32\cspuwkoo.ini
C:\WINDOWS\system32\ctdkbnev.ini
C:\WINDOWS\system32\cunbifvt.dll
C:\WINDOWS\system32\cwnofxby.exe
C:\WINDOWS\system32\cwykqjes.ini
C:\WINDOWS\system32\cxnbncnb.ini
C:\WINDOWS\system32\dcigqinb.dll
C:\WINDOWS\system32\dcncmqid.ini
C:\WINDOWS\system32\deoakswl.ini
C:\WINDOWS\system32\dethkkqe.dll
C:\WINDOWS\system32\deucnylr.dll
C:\WINDOWS\system32\dhdoxbyb.ini
C:\WINDOWS\system32\dhotcjpb.exe
C:\WINDOWS\system32\dhylatnu.dll
C:\WINDOWS\system32\diqmcncd.dll
C:\WINDOWS\system32\dktsapnh.ini
C:\WINDOWS\system32\dkvnwoax.ini
C:\WINDOWS\system32\dlbanjar.exe
C:\WINDOWS\system32\dmmxljla.ini
C:\WINDOWS\system32\dnaetxgw.dll
C:\WINDOWS\system32\dpsjfivl.ini
C:\WINDOWS\system32\dqrtcyyl.ini
C:\WINDOWS\system32\dvkmndfu.ini
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\dyblydwi.ini
C:\WINDOWS\system32\dymtumox.dll
C:\WINDOWS\system32\dypopmmw.dll
C:\WINDOWS\system32\dyunvwas.dll
C:\WINDOWS\system32\eajcschv.exe
C:\WINDOWS\system32\ecmebhhy.dll
C:\WINDOWS\system32\ecmldumu.exe
C:\WINDOWS\system32\ecvvrslk.ini
C:\WINDOWS\system32\edjpwbhm.dll
C:\WINDOWS\system32\eebobaxk.dll
C:\WINDOWS\system32\egwswgnh.ini
C:\WINDOWS\system32\ejhtjwqm.dll
C:\WINDOWS\system32\ekdhvveq.exe
C:\WINDOWS\system32\eklbkxwb.ini
C:\WINDOWS\system32\elxbadjt.dll
C:\WINDOWS\system32\emawpckh.ini
C:\WINDOWS\system32\emeelfeg.ini
C:\WINDOWS\system32\emegfeum.dll
C:\WINDOWS\system32\eoitrpdr.exe
C:\WINDOWS\system32\eokbpcdi.dll
C:\WINDOWS\system32\epcquqvd.exe
C:\WINDOWS\system32\eppwfgkw.exe
C:\WINDOWS\system32\eqcumvaw.ini
C:\WINDOWS\system32\eqkkhted.ini
C:\WINDOWS\system32\eqwijhpo.ini
C:\WINDOWS\system32\eqxtwuow.exe
C:\WINDOWS\system32\erajtfgd.exe
C:\WINDOWS\system32\erdqtgkq.ini
C:\WINDOWS\system32\erefgciu.exe
C:\WINDOWS\system32\escghikp.dll
C:\WINDOWS\system32\euhbtrpj.exe
C:\WINDOWS\system32\eupkcque.exe
C:\WINDOWS\system32\ewmfgdnl.dll
C:\WINDOWS\system32\ewvgrdva.ini
C:\WINDOWS\system32\exlvxnhv.exe
C:\WINDOWS\system32\eyfdbhph.ini
C:\WINDOWS\system32\eyfombhp.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\fbrrxchs.exe
C:\WINDOWS\system32\fcorlkek.ini
C:\WINDOWS\system32\fcpmegcu.ini
C:\WINDOWS\system32\fgjtnkyi.ini
C:\WINDOWS\system32\fgokouwb.exe
C:\WINDOWS\system32\fgquurqr.ini
C:\WINDOWS\system32\fgwnpgqn.exe
C:\WINDOWS\system32\fhsfwwdq.dll
C:\WINDOWS\system32\fiqbxfcc.ini
C:\WINDOWS\system32\fjrhhkxf.ini
C:\WINDOWS\system32\fmgwibqq.exe
C:\WINDOWS\system32\fpnlkwdg.dll
C:\WINDOWS\system32\fqbjbdbp.dll
C:\WINDOWS\system32\fqsuhwur.ini
C:\WINDOWS\system32\fqxdhttt.dll
C:\WINDOWS\system32\fqyrpbnq.dll
C:\WINDOWS\system32\fraxldai.dll
C:\WINDOWS\system32\fsimbxet.exe
C:\WINDOWS\system32\ftiombmu.ini
C:\WINDOWS\system32\ftteinpk.ini
C:\WINDOWS\system32\fwagejbq.dll
C:\WINDOWS\system32\gbfvmhfi.dll
C:\WINDOWS\system32\geeajknq.exe
C:\WINDOWS\system32\ggfzgwbm.dll
C:\WINDOWS\system32\ggfzgwbm.dllbox
C:\WINDOWS\system32\ghtxavrd.dll
C:\WINDOWS\system32\gjaohkxa.exe
C:\WINDOWS\system32\gjviffst.dll
C:\WINDOWS\system32\gkogtaot.dll
C:\WINDOWS\system32\glocjwrm.ini
C:\WINDOWS\system32\glqievyo.dll
C:\WINDOWS\system32\gmfowbmk.ini
C:\WINDOWS\system32\gnvmjcwm.dll
C:\WINDOWS\system32\gpjibopq.ini
C:\WINDOWS\system32\gqmrvqqb.ini
C:\WINDOWS\system32\guelgsbb.exe
C:\WINDOWS\system32\guyqthdb.dll
C:\WINDOWS\system32\gxhnlrkh.exe
C:\WINDOWS\system32\gxnctgyd.dll
C:\WINDOWS\system32\gywnqajv.dll
C:\WINDOWS\system32\habpaexy.dll
C:\WINDOWS\system32\hbbckllv.dll
C:\WINDOWS\system32\hdfnfast.ini
C:\WINDOWS\system32\hfwotrir.ini
C:\WINDOWS\system32\hiqyvytc.dll
C:\WINDOWS\system32\hiurbhuf.ini
C:\WINDOWS\system32\hiwjmpxr.dll
C:\WINDOWS\system32\hjbsfpgg.ini
C:\WINDOWS\system32\hjihlorj.exe
C:\WINDOWS\system32\hjprpauj.exe
C:\WINDOWS\system32\hkpkynqk.exe
C:\WINDOWS\system32\hlunrwmp.dll
C:\WINDOWS\system32\hndylcec.dll
C:\WINDOWS\system32\hnpastkd.dll
C:\WINDOWS\system32\hosdviyx.dll
C:\WINDOWS\system32\hpisqbfp.ini
C:\WINDOWS\system32\hpotolth.exe
C:\WINDOWS\system32\hqtbfjgq.dll
C:\WINDOWS\system32\hsigyotr.ini
C:\WINDOWS\system32\htuiephf.ini
C:\WINDOWS\system32\huhionnc.dll
C:\WINDOWS\system32\hwjxtxjk.ini
C:\WINDOWS\system32\hxhwynfh.dll
C:\WINDOWS\system32\hxvcdsmf.exe
C:\WINDOWS\system32\iafylnuu.ini
C:\WINDOWS\system32\ibgirjxn.ini
C:\WINDOWS\system32\iclroydk.dll
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\ieslipww.dll
C:\WINDOWS\system32\ifagrhdc.dll
C:\WINDOWS\system32\iflnrqxa.ini
C:\WINDOWS\system32\iijeghfy.exe
C:\WINDOWS\system32\iiwsgjts.ini
C:\WINDOWS\system32\ijmbauca.ini
C:\WINDOWS\system32\ilblotol.dll
C:\WINDOWS\system32\inrxorgl.exe
C:\WINDOWS\system32\inxwwdfj.exe
C:\WINDOWS\system32\ioeryeng.dll
C:\WINDOWS\system32\iognlttc.dll
C:\WINDOWS\system32\iurtvuuj.exe
C:\WINDOWS\system32\ivysrxry.dll
C:\WINDOWS\system32\iykntjgf.dll
C:\WINDOWS\system32\jcmfppju.exe
C:\WINDOWS\system32\jdtqqews.dll
C:\WINDOWS\system32\jdtuidnp.exe
C:\WINDOWS\system32\jfatoxid.dll
C:\WINDOWS\system32\jiltdplq.dll
C:\WINDOWS\system32\jiwthxxe.dll
C:\WINDOWS\system32\jjknvqla.ini
C:\WINDOWS\system32\jkebxida.ini
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jldiccpx.dll
C:\WINDOWS\system32\joaywviw.dll
C:\WINDOWS\system32\jqoxlbon.exe
C:\WINDOWS\system32\jsidblju.dll
C:\WINDOWS\system32\jsuujrep.dll
C:\WINDOWS\system32\jsxkuokm.exe
C:\WINDOWS\system32\jucevian.exe
C:\WINDOWS\system32\jutffmis.ini
C:\WINDOWS\system32\kbsucdrk.dll
C:\WINDOWS\system32\keanrvhf.dll
C:\WINDOWS\system32\kfcsmbqt.exe
C:\WINDOWS\system32\kgenuumm.ini
C:\WINDOWS\system32\kkgifelq.dll
C:\WINDOWS\system32\klgnmjgn.exe
C:\WINDOWS\system32\kmngpmko.exe
C:\WINDOWS\system32\kostebym.dll
C:\WINDOWS\system32\kpniettf.dll
C:\WINDOWS\system32\kqexwysv.dll
C:\WINDOWS\system32\kqmelwgj.ini
C:\WINDOWS\system32\krcfnqth.exe
C:\WINDOWS\system32\krdcusbk.ini
C:\WINDOWS\system32\krdiqnuf.ini
C:\WINDOWS\system32\kuluehvc.ini
C:\WINDOWS\system32\kwdmgcjl.dll
C:\WINDOWS\system32\kwgbmsgj.dll
C:\WINDOWS\system32\kwhcmnuu.exe
C:\WINDOWS\system32\kxefkkpq.exe
C:\WINDOWS\system32\kxlmbmcf.dll
C:\WINDOWS\system32\kyitoicc.dll
C:\WINDOWS\system32\ldawfsav.exe
C:\WINDOWS\system32\ldllymxw.dll
C:\WINDOWS\system32\lfqutdtl.exe
C:\WINDOWS\system32\lgceqntx.dll
C:\WINDOWS\system32\lgdyweof.ini
C:\WINDOWS\system32\lgvvkdnx.ini
C:\WINDOWS\system32\lhqcjcoq.dll
C:\WINDOWS\system32\ljacyett.exe
C:\WINDOWS\system32\ljdyypsl.ini
C:\WINDOWS\system32\ljofclqu.dll
C:\WINDOWS\system32\llivfyjq.dll
C:\WINDOWS\system32\lndgfmwe.ini
C:\WINDOWS\system32\lnwhmqff.dll
C:\WINDOWS\system32\lpmupwhd.dll
C:\WINDOWS\system32\lqkysaki.ini
C:\WINDOWS\system32\lrydksgt.ini
C:\WINDOWS\system32\lsdalssp.exe
C:\WINDOWS\system32\ltaheruy.dll
C:\WINDOWS\system32\lwuglstt.dll
C:\WINDOWS\system32\lxcalcxo.exe
C:\WINDOWS\system32\lyaioqpj.dll
C:\WINDOWS\system32\lyyctrqd.dll
C:\WINDOWS\system32\mbyyqxei.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mcroso~1
C:\WINDOWS\system32\mdlrvxrw.dll
C:\WINDOWS\system32\mhfalnid.ini
C:\WINDOWS\system32\miquwvth.exe
C:\WINDOWS\system32\mixharex.exe
C:\WINDOWS\system32\miyogeme.ini
C:\WINDOWS\system32\mjvpvqle.exe
C:\WINDOWS\system32\mjxewrjp.dll
C:\WINDOWS\system32\mmarfhrl.ini
C:\WINDOWS\system32\mmgtujfq.ini
C:\WINDOWS\system32\mmuunegk.dll
C:\WINDOWS\system32\mqbequmu.ini
C:\WINDOWS\system32\mrwjcolg.dll
C:\WINDOWS\system32\msfeusjq.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mvfiguoo.exe
C:\WINDOWS\system32\mwbcffrj.dll
C:\WINDOWS\system32\mwcjmvng.ini
C:\WINDOWS\system32\mxvwsmcy.ini
C:\WINDOWS\system32\myikhiep.dll
C:\WINDOWS\system32\nakxihka.dll
C:\WINDOWS\system32\nbpjapew.ini
C:\WINDOWS\system32\ndgomfhv.ini
C:\WINDOWS\system32\nefykecr.dll
C:\WINDOWS\system32\nehlfiqk.exe
C:\WINDOWS\system32\nirgjxkk.exe
C:\WINDOWS\system32\njudccsa.dll
C:\WINDOWS\system32\nkhmtaxs.dll
C:\WINDOWS\system32\nmsvgocq.exe
C:\WINDOWS\system32\nnbootju.exe
C:\WINDOWS\system32\nogecetm.dll
C:\WINDOWS\system32\nrjujdcy.dll
C:\WINDOWS\system32\nstudlcu.dll
C:\WINDOWS\system32\ntnyloow.ini
C:\WINDOWS\system32\nutjtopi.exe
C:\WINDOWS\system32\nvmxbxmj.exe
C:\WINDOWS\system32\nxjrigbi.dll
C:\WINDOWS\system32\nxvygglf.ini
C:\WINDOWS\system32\nyebqclw.dll
C:\WINDOWS\system32\oaiwohua.dll
C:\WINDOWS\system32\obajhcof.dll
C:\WINDOWS\system32\obxfelei.exe
C:\WINDOWS\system32\ocnmwmdf.dll
C:\WINDOWS\system32\ocvhvice.ini
C:\WINDOWS\system32\odpmakph.dll
C:\WINDOWS\system32\ofollwpy.dll
C:\WINDOWS\system32\ogiaitrs.ini
C:\WINDOWS\system32\okgwmcrp.dll
C:\WINDOWS\system32\okqdpuiw.dll
C:\WINDOWS\system32\ookwupsc.dll
C:\WINDOWS\system32\opyfcdjq.exe
C:\WINDOWS\system32\oqmyuvan.exe
C:\WINDOWS\system32\oqophujf.dll
C:\WINDOWS\system32\osrwwxlh.exe
C:\WINDOWS\system32\osvsyfas.exe
C:\WINDOWS\system32\otimukin.dll
C:\WINDOWS\system32\ovdauqox.dll
C:\WINDOWS\system32\oyaqqxdp.exe
C:\WINDOWS\system32\oylufatu.exe
C:\WINDOWS\system32\pbdbjbqf.ini
C:\WINDOWS\system32\pbkxlost.dll
C:\WINDOWS\system32\pcsyaogq.dll
C:\WINDOWS\system32\pfhsbjff.dll
C:\WINDOWS\system32\pfsymclb.ini
C:\WINDOWS\system32\pgjrtjup.dll
C:\WINDOWS\system32\phkcxnse.dll
C:\WINDOWS\system32\phojnhsr.dll
C:\WINDOWS\system32\phudowow.exe
C:\WINDOWS\system32\plbyepde.ini
C:\WINDOWS\system32\pmdmbrbm.ini
C:\WINDOWS\system32\pmoacqyo.dll
C:\WINDOWS\system32\pmwrnulh.ini
C:\WINDOWS\system32\pmwrnulh.tmp
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\ppfhqiim.dll
C:\WINDOWS\system32\pqhtwgcf.exe
C:\WINDOWS\system32\pruicvhs.dll
C:\WINDOWS\system32\psbahsaf.exe
C:\WINDOWS\system32\pwsugrcy.dll
C:\WINDOWS\system32\pxbjrrht.dll
C:\WINDOWS\system32\pyuufafr.dll
C:\WINDOWS\system32\qbjegawf.ini
C:\WINDOWS\system32\qbpiqrey.exe
C:\WINDOWS\system32\qbsnaaau.ini
C:\WINDOWS\system32\qcmtucgh.ini
C:\WINDOWS\system32\qdfkyigf.exe
C:\WINDOWS\system32\qdkrsvju.exe
C:\WINDOWS\system32\qdwsgqah.exe
C:\WINDOWS\system32\qffdpcgw.dll
C:\WINDOWS\system32\qfjutgmm.dll
C:\WINDOWS\system32\qfpdxpis.exe
C:\WINDOWS\system32\qgnryles.ini
C:\WINDOWS\system32\qgoayscp.ini
C:\WINDOWS\system32\qhhtwrwg.dll
C:\WINDOWS\system32\qhirweiw.exe
C:\WINDOWS\system32\qjsuefsm.ini
C:\WINDOWS\system32\qlevkklw.dll
C:\WINDOWS\system32\qlhwukvv.dll
C:\WINDOWS\system32\qnbpryqf.ini
C:\WINDOWS\system32\qnkswaat.exe
C:\WINDOWS\system32\qocjcqhl.ini
C:\WINDOWS\system32\qptsyavi.exe
C:\WINDOWS\system32\qqsobgie.exe
C:\WINDOWS\system32\qsftxema.dll
C:\WINDOWS\system32\qsneekuh.ini
C:\WINDOWS\system32\qtguuhmt.exe
C:\WINDOWS\system32\qtliklba.dll
C:\WINDOWS\system32\qtpmhvih.dll
C:\WINDOWS\system32\qupvtcly.exe
C:\WINDOWS\system32\qusdbobh.dll
C:\WINDOWS\system32\quykglnq.exe
C:\WINDOWS\system32\qvukjqqy.exe
C:\WINDOWS\system32\ranvbeqc.dll
C:\WINDOWS\system32\rbulnucb.dll
C:\WINDOWS\system32\rcekyfen.ini
C:\WINDOWS\system32\rgbrubhe.exe
C:\WINDOWS\system32\rivuakaw.dll
C:\WINDOWS\system32\rixqvfky.dll
C:\WINDOWS\system32\rjrjwdia.ini
C:\WINDOWS\system32\rkgyvlxj.ini
C:\WINDOWS\system32\rmlbpfvq.ini
C:\WINDOWS\system32\rphejqsb.dll
C:\WINDOWS\system32\rpisuurq.dll
C:\WINDOWS\system32\rrfhbbfm.exe
C:\WINDOWS\system32\rsrcbxid.dll
C:\WINDOWS\system32\rtnmtsvj.dll
C:\WINDOWS\system32\rtoygish.dll
C:\WINDOWS\system32\rxihprrj.dll
C:\WINDOWS\system32\rxrvaonv.ini
C:\WINDOWS\system32\rxuhixje.exe
C:\WINDOWS\system32\rxwmgfma.dll
C:\WINDOWS\system32\saxvgcoj.exe
C:\WINDOWS\system32\selyrngq.dll
C:\WINDOWS\system32\sgmumeuv.dll
C:\WINDOWS\system32\shifoghf.exe
C:\WINDOWS\system32\silkyfsu.exe
C:\WINDOWS\system32\siuvhhuc.exe
C:\WINDOWS\system32\sljgcuji.dll
C:\WINDOWS\system32\slvnemcx.ini
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\smbols~1\j?vaw.exe
C:\WINDOWS\system32\smhejdhu.dll
C:\WINDOWS\system32\sqbfnkso.dll
C:\WINDOWS\system32\sqrlmvyb.dll
C:\WINDOWS\system32\ssqppml.dll
C:\WINDOWS\system32\sulwxdij.exe
C:\WINDOWS\system32\svsovaep.ini
C:\WINDOWS\system32\swcqqarp.dll
C:\WINDOWS\system32\sweqqtdj.ini
C:\WINDOWS\system32\sxatmhkn.ini
C:\WINDOWS\system32\tbipaehk.ini
C:\WINDOWS\system32\tcjskxld.ini
C:\WINDOWS\system32\thbpkvac.dll
C:\WINDOWS\system32\thjjjbdf.exe
C:\WINDOWS\system32\thrjsgpe.dll
C:\WINDOWS\system32\tihfvbpt.ini
C:\WINDOWS\system32\tkfwltmd.exe
C:\WINDOWS\system32\tknbiuvc.dll
C:\WINDOWS\system32\tkoxprnf.dll
C:\WINDOWS\system32\tlsxddia.dll
C:\WINDOWS\system32\tmxslsvj.ini
C:\WINDOWS\system32\tmysrlso.dll
C:\WINDOWS\system32\tnwrqnee.dll
C:\WINDOWS\system32\tpgmegqw.exe
C:\WINDOWS\system32\tqxpsfuq.dll
C:\WINDOWS\system32\trbacuxw.dll
C:\WINDOWS\system32\trhcvvbb.dll
C:\WINDOWS\system32\trqcqkaa.dll
C:\WINDOWS\system32\tsijbrph.dll
C:\WINDOWS\system32\ttslguwl.ini
C:\WINDOWS\system32\tusdyqos.dll
C:\WINDOWS\system32\tuvtqrp.dll
C:\WINDOWS\system32\txevyntn.dll
C:\WINDOWS\system32\txmqclay.ini
C:\WINDOWS\system32\tyvifvdc.dll
C:\WINDOWS\system32\ucgempcf.dll
C:\WINDOWS\system32\ucogvuka.exe
C:\WINDOWS\system32\udodyaum.dll
C:\WINDOWS\system32\uencxeyu.exe
C:\WINDOWS\system32\ueqrehci.exe
C:\WINDOWS\system32\uhiagrux.ini
C:\WINDOWS\system32\uhltwoud.exe
C:\WINDOWS\system32\uiihxxsl.ini
C:\WINDOWS\system32\uingpomp.dll
C:\WINDOWS\system32\ulygedpn.dll
C:\WINDOWS\system32\umbmoitf.dll
C:\WINDOWS\system32\uowpjfjn.exe
C:\WINDOWS\system32\uoyvnakf.dll
C:\WINDOWS\system32\uptspnef.exe
C:\WINDOWS\system32\usxqflax.dll
C:\WINDOWS\system32\uteurvwv.exe
C:\WINDOWS\system32\uuwcvqdb.ini
C:\WINDOWS\system32\uwmamkqf.ini
C:\WINDOWS\system32\uwvbyqtj.ini
C:\WINDOWS\system32\uxtumkry.ini
C:\WINDOWS\system32\vboouepm.exe
C:\WINDOWS\system32\vclinhfe.dll
C:\WINDOWS\system32\vebhktbj.exe
C:\WINDOWS\system32\venbkdtc.dll
C:\WINDOWS\system32\veoejgou.dll
C:\WINDOWS\system32\vhxwcmxq.exe
C:\WINDOWS\system32\vikeseae.dll
C:\WINDOWS\system32\vjxqnbea.dll
C:\WINDOWS\system32\vkdcoxnn.dll
C:\WINDOWS\system32\vnoavrxr.dll
C:\WINDOWS\system32\vruwjlht.ini
C:\WINDOWS\system32\vsajkwrc.dll
C:\WINDOWS\system32\vsqqavus.ini
C:\WINDOWS\system32\vswrbhtk.dll
C:\WINDOWS\system32\vtndapit.exe
C:\WINDOWS\system32\vtrxsvmw.exe
C:\WINDOWS\system32\vujojbnh.ini
C:\WINDOWS\system32\vvkuwhlq.ini
C:\WINDOWS\system32\vvogcjvo.dll
C:\WINDOWS\system32\vwfvqgfq.ini
C:\WINDOWS\system32\vwkbxgen.exe
C:\WINDOWS\system32\walfvtsu.dll
C:\WINDOWS\system32\wautgbad.dll
C:\WINDOWS\system32\wavmucqe.dll
C:\WINDOWS\system32\wawammec.dll
C:\WINDOWS\system32\wceqvvpw.dll
C:\WINDOWS\system32\wcfovcdb.dll
C:\WINDOWS\system32\weetekxj.ini
C:\WINDOWS\system32\weggreux.ini
C:\WINDOWS\system32\wepajpbn.dll
C:\WINDOWS\system32\wfvtymji.dll
C:\WINDOWS\system32\wgerjvjx.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wintsvtr.exe
C:\WINDOWS\system32\wjenijnm.dll
C:\WINDOWS\system32\wlpmghok.exe
C:\WINDOWS\system32\wmiatuss.dll
C:\WINDOWS\system32\wngutknc.exe
C:\WINDOWS\system32\wqrwqeln.exe
C:\WINDOWS\system32\wrxvrldm.ini
C:\WINDOWS\system32\wshcymjx.exe
C:\WINDOWS\system32\xaownvkd.dll
C:\WINDOWS\system32\xaqowajp.ini
C:\WINDOWS\system32\xcelxpca.exe
C:\WINDOWS\system32\xcrvfdvv.exe
C:\WINDOWS\system32\xfgkhvxs.dll
C:\WINDOWS\system32\xfhfhwpf.dll
C:\WINDOWS\system32\xfkdqerf.ini
C:\WINDOWS\system32\xjqhqvvf.ini
C:\WINDOWS\system32\xkyaqskt.dll
C:\WINDOWS\system32\xnjrcmqa.ini
C:\WINDOWS\system32\xpccidlj.ini
C:\WINDOWS\system32\xpneolsp.ini
C:\WINDOWS\system32\xrivfttr.dll
C:\WINDOWS\system32\xrtugnuo.ini
C:\WINDOWS\system32\xtkfopjb.ini
C:\WINDOWS\system32\xwwoehie.dll
C:\WINDOWS\system32\xwxxahdh.dll
C:\WINDOWS\system32\xwyxbdfo.exe
C:\WINDOWS\system32\xyhrnbcm.dll
C:\WINDOWS\system32\xyjkgsyr.ini
C:\WINDOWS\system32\xysybapl.exe
C:\WINDOWS\system32\xyxtsoss.exe
C:\WINDOWS\system32\yasjldqp.dll
C:\WINDOWS\system32\ycdjujrn.ini
C:\WINDOWS\system32\ycxsbgtw.dll
C:\WINDOWS\system32\ydmdbona.ini
C:\WINDOWS\system32\ygafntpk.dll
C:\WINDOWS\system32\yhahxuwa.exe
C:\WINDOWS\system32\yhhbemce.ini
C:\WINDOWS\system32\yidppbce.ini
C:\WINDOWS\system32\yiydpdlx.dll
C:\WINDOWS\system32\yjvkqika.dll
C:\WINDOWS\system32\ykfpeykg.dll
C:\WINDOWS\system32\yligjsbu.dll
C:\WINDOWS\system32\ylliouhu.ini
C:\WINDOWS\system32\ylwdylrn.ini
C:\WINDOWS\system32\ymrfvcgm.exe
C:\WINDOWS\system32\yndrauug.dll
C:\WINDOWS\system32\ynkjugas.dll
C:\WINDOWS\system32\ypwllofo.ini
C:\WINDOWS\system32\yqlqmpci.dll
C:\WINDOWS\system32\ysfwrtat.exe
C:\WINDOWS\system32\ytomprfg.dll
C:\WINDOWS\system32\ytqviapq.exe
C:\WINDOWS\system32\ytuqtnrt.dll
C:\WINDOWS\system32\yupfjorf.exe
C:\WINDOWS\system32\yvqoypfi.exe
C:\WINDOWS\system32\ywgnxxoa.ini
C:\WINDOWS\system32\ywoydfvc.exe
C:\WINDOWS\system32\yygjwits.ini
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-24 14:47 . 2008-02-24 14:47d--------C:\Program Files\Trend Micro
2008-02-21 11:00 . 2008-02-26 17:5963,919--a------C:\WINDOWS\BMa728670e.xml
2008-02-21 11:00 . 2008-02-26 19:2122--a------C:\WINDOWS\pskt.ini
2008-02-18 16:25 . 2008-02-18 16:251,249,547---hs----C:\WINDOWS\system32\tbipaehk.tmp
2008-02-15 17:13 . 2008-02-15 17:131,248,587---hs----C:\WINDOWS\system32\bghbwmhe.tmp
2008-02-15 16:47 . 2008-02-15 16:471,248,467---hs----C:\WINDOWS\system32\vwfvqgfq.tmp
2008-02-09 11:03 . 2008-02-09 11:0393,760--a------C:\WINDOWS\system32\wpnnbiwn.dll
2008-02-09 10:17 . 2008-02-09 10:1793,760--a------C:\WINDOWS\system32\xqtemqpn.dll
2008-02-09 10:16 . 2008-02-09 10:1693,760--a------C:\WINDOWS\system32\mlqiprhi.dll
2008-02-09 09:00 . 2008-02-09 09:0093,760--a------C:\WINDOWS\system32\vouwvxyd.dll
2008-02-09 08:58 . 2008-02-09 08:5893,760--a------C:\WINDOWS\system32\xahakoju.dll
2008-02-08 17:59 . 2008-02-26 19:1754,156--ah-----C:\WINDOWS\QTFont.qfn
2008-02-08 17:59 . 2008-02-08 17:591,409--a------C:\WINDOWS\QTFont.for
2008-02-08 17:57 . 2008-02-08 17:58d--------C:\Program Files\iTunes
2008-02-08 17:57 . 2008-02-08 17:57d--------C:\Program Files\iPod
2008-02-08 17:53 . 2008-02-08 17:55d--------C:\Program Files\QuickTime
2008-02-07 20:21 . 2008-02-07 20:2195,808--a------C:\WINDOWS\system32\xjcwffui.dll
2008-02-07 20:19 . 2008-02-07 20:1995,808--a------C:\WINDOWS\system32\iwsxcrdn.dll
2008-02-07 18:46 . 2008-02-07 18:4695,808--a------C:\WINDOWS\system32\nbyoigtb.dll
2008-02-06 16:56 . 2004-08-04 00:56159,232--a------C:\WINDOWS\system32\ptpusd.dll
2008-02-06 16:56 . 2004-08-03 22:5815,104--a------C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-06 16:56 . 2001-08-17 22:365,632--a------C:\WINDOWS\system32\ptpusb.dll
2008-02-06 15:18 . 2008-02-06 15:1892,224--a------C:\WINDOWS\system32\ljrkwscq.dll
2008-02-05 16:28 . 2008-02-05 16:2894,272--a------C:\WINDOWS\system32\qgtlcsnq.dll
2008-02-05 16:26 . 2008-02-05 16:2694,272--a------C:\WINDOWS\system32\gutvmaaj.dll
2008-02-04 18:13 . 2008-02-04 18:1393,248--a------C:\WINDOWS\system32\ysjiahmk.dll
2008-02-04 15:37 . 2008-02-04 15:3793,248--a------C:\WINDOWS\system32\fhlseqxe.dll
2008-02-02 22:59 . 2008-02-02 22:5996,832--a------C:\WINDOWS\system32\kncjdvvw.dll
2008-02-02 22:58 . 2008-02-02 22:5896,832--a------C:\WINDOWS\system32\etajybwh.dll
2008-02-02 18:35 . 2008-02-02 18:3596,832--a------C:\WINDOWS\system32\musstypp.dll
2008-02-01 17:52 . 2008-02-01 17:52d--------C:\Program Files\Bonjour
2008-02-01 17:16 . 2008-02-01 17:16d--------C:\Program Files\Apple Software Update
2008-02-01 17:16 . 2008-02-01 17:16d--------C:\Documents and Settings\All Users\Application Data\Apple
2008-02-01 16:46 . 2008-02-01 16:46d--------C:\Documents and Settings\Owner\Application Data\Talkback
2008-01-31 23:13 . 2008-01-31 23:1390,112--a------C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:1357,344--a------C:\WINDOWS\system32\QuickTime.qts
2008-01-31 22:10 . 2008-01-31 22:1090,688--a------C:\WINDOWS\system32\ikasykql.dll
2008-01-31 16:25 . 2008-01-31 16:251,184,494---hs----C:\WINDOWS\system32\dmmxljla.tmp
2008-01-31 16:25 . 2008-01-31 16:2590,688--a------C:\WINDOWS\system32\uhuoilly.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 01:523,494----a-wC:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-02-02 01:31---------d-----wC:\Program Files\Jardinains 2!
2007-09-05 03:361,778----a-wC:\Documents and Settings\Ashley!!\Application Data\wklnhst.dat
.

------- Sigcheck -------

8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
-c----w 12,800 2003-03-31 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
-c----w 14,336 2004-08-04 07:56:57 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
----a-w 14,336 2004-08-04 07:56:57 C:\WINDOWS\system32\svchost.exe

b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
-c--a-w 577,024 2005-03-02 18:09:30 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
-c--a-w 577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
-c--a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
-c----w 561,152 2005-03-02 18:20:03 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
-c----w 577,024 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
-c----w 560,128 2003-09-25 16:49:02 C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
-c----w 577,024 2005-03-02 18:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
-c----w 577,024 2004-08-04 07:56:46 C:\WINDOWS\ServicePackFiles\i386\user32.dll
----a-w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\user32.dll
-c----w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\user32.dll

2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
-c----w 70,656 2006-08-16 12:14:23 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
-c----w 75,264 2003-03-31 12:00:00 C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
-c----w 70,656 2006-05-19 12:15:33 C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
-c----w 82,944 2004-08-04 07:56:46 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
----a-w 82,944 2004-08-04 07:56:46 C:\WINDOWS\system32\ws2_32.dll

184e47c8f7b331025e6dc92740db188f C:\WINDOWS\system32\wininet.dll
-c--a-w 665,600 2007-04-18 12:46:27 C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
-c--a-w 665,600 2007-06-26 14:35:54 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
-c----w 575,488 2006-06-23 18:33:58 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
-c----w 588,288 2004-02-07 01:05:06 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
-c----w 656,384 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
-c----w 658,944 2007-04-18 12:31:39 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
-c----w 656,384 2004-08-04 07:56:46 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
----a-w 658,944 2007-06-26 14:09:10 C:\WINDOWS\system32\wininet.dll
-c----w 658,944 2007-06-26 14:09:10 C:\WINDOWS\system32\dllcache\wininet.dll

1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\drivers\tcpip.sys
-c--a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
-c--a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
-c----w 340,480 2006-04-20 11:38:44 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
-c----w 359,040 2004-08-04 06:14:40 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c----w 332,928 2003-03-31 12:00:00 C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
-c----w 359,040 2004-08-04 06:14:40 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
-c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\drivers\tcpip.sys

01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
-c----w 483,328 2004-05-27 01:38:46 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
-c----w 516,608 2003-03-31 12:00:00 C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
-c----w 502,272 2004-08-04 07:56:57 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
----a-w 502,272 2004-08-04 07:56:57 C:\WINDOWS\system32\winlogon.exe

558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
-c----w 167,552 2003-03-31 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
-c----w 182,912 2004-08-04 06:14:28 C:\WINDOWS\ServicePackFiles\i386\ndis.sys
----a-w 182,912 2004-08-04 06:14:28 C:\WINDOWS\system32\drivers\ndis.sys

4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
-c----w 29,056 2004-08-04 06:00:06 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
------w 29,056 2004-08-04 06:00:06 C:\WINDOWS\system32\drivers\ip6fw.sys

515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
-c--a-w 2,056,832 2005-03-02 00:34:40 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
-c--a-w 2,056,832 2005-03-02 00:36:40 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
-c--a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
-c----w 1,955,840 2005-03-02 00:36:42 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
-c----w 1,949,440 2003-04-24 15:57:54 C:\WINDOWS\$NtUninstallKB885835_0$\ntkrnlpa.exe
-c----w 2,056,832 2004-08-04 05:58:58 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
-c----w 1,955,840 2004-10-22 07:29:40 C:\WINDOWS\$NtUninstallKB890859_0$\ntkrnlpa.exe
-c----w 2,056,832 2005-03-02 00:34:40 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
-c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
-c----w 2,056,832 2004-08-04 05:58:58 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
----a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\ntkrnlpa.exe
-c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
-c--a-w 2,179,328 2005-03-02 00:59:53 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
-c--a-w 2,179,456 2005-03-02 01:04:22 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
-c--a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
-c----w 2,040,832 2005-03-02 01:33:36 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
-c----w 1,925,760 2003-04-24 15:57:50 C:\WINDOWS\$NtUninstallKB885835_0$\ntoskrnl.exe
-c----w 2,180,992 2004-08-04 06:19:59 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
-c----w 2,088,448 2004-10-22 08:33:31 C:\WINDOWS\$NtUninstallKB890859_0$\ntoskrnl.exe
-c----w 2,179,328 2005-03-02 00:59:53 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
-c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
-c----w 2,180,992 2004-08-04 06:19:59 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
----a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\ntoskrnl.exe
-c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,004,032 2003-03-31 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
-c----w 1,032,192 2004-08-04 07:56:49 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
------w 1,032,192 2004-08-04 07:56:49 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
-c----w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06688FAC-4213-68C4-3022-4971BF0396C4}]
C:\WINDOWS\system32\lzzb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97ADAD10-65FD-4C7F-D829-39E679F50A9A}]
C:\WINDOWS\system32\oqvrto.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD95FC7F-629A-1D4B-EE5A-3E761F1A03C8}]
C:\WINDOWS\system32\qgi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"Aim6"="" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 06:59 224248]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 11:52 68856]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-06 23:33 8720384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 04:50 71216]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 13:17 78960]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-14 16:59 70816]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 14:18 135168]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-01-29 18:13 118784]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 02:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"HostManager"="C:\Program Files\Common Files\AOL\1179188616\ee\AOLSoftware.exe" [2006-09-25 16:52 50736]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 02:00 99840]
"{B5-54-43-3D-ZN}"="C:\WINDOWS\system32\lsdsrngp.exe" [2007-08-19 14:52 52757]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 06:59 224248]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-06 23:33 8720384]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 11:52 68856]

C:\Documents and Settings\Ashley!!\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-01-29 13:33:41 122880]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
TA_Start.lnk - C:\WINDOWS\system32\lsdsrngp.exe [2007-08-19 14:52:07 52757]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\WINDOWS\system32\xhhslfey.exe"= C:\WINDOWS\system32\xhh
"C:\\Program Files\\AIM\\AIM Pro\\aimpro.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fcdf3a0-16f6-11dc-9e8a-00173f490913}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 02:25:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-26 08:00:50 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-24 17:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-24 18:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-24 19:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 20:02:47 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 21:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 22:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 23:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-27 00:00:59 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 01:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-27 02:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 09:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-27 03:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-27 04:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 05:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 06:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 07:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 08:00:55 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 09:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 10:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 11:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 12:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 10:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-24 13:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-24 14:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-22 15:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-22 16:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-24 17:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-24 18:00:01 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-24 19:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 20:02:51 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 21:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 22:00:01 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 11:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-26 23:00:01 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-27 00:01:05 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 01:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-27 02:00:01 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-27 03:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-27 04:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 05:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 06:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 07:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\R12Nn0q6.exe
"2008-02-26 12:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-24 13:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-24 14:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-22 15:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
"2008-02-22 16:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\0mfSLIYB.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 19:59:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-26 20:05:10 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-02-27 04:05:05
.
2007-09-01 16:48:25--- E O F ---





Here is the Hijack this log.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:36 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1179188616\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06688FAC-4213-68C4-3022-4971BF0396C4} - C:\WINDOWS\system32\lzzb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {97ADAD10-65FD-4C7F-D829-39E679F50A9A} - C:\WINDOWS\system32\oqvrto.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CD95FC7F-629A-1D4B-EE5A-3E761F1A03C8} - C:\WINDOWS\system32\qgi.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1179188616\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [{B5-54-43-3D-ZN}] C:\WINDOWS\system32\lsdsrngp.exe CHD003
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 -