Logfile of HijackThis v1.99.1
Scan saved at 9:05:35 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ZyXEL\G-302v2\tiwlnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\aaretqe.exe
C:\WINDOWS\System32\svc3ap.exe
C:\WINDOWS\System32\svc3ap.exe
C:\WINDOWS\system32\wuauclt.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: SDWin32 Class - {2B9CED72-A621-4410-8F2A-EFEEFFF4F58F} - C:\WINDOWS\System32\dyfvn.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\System32\qlink32.dll
O2 - BHO: (no name) - {BECCD422-639F-4245-B01B-4C014BEA79B8} - C:\WINDOWS\System32\reeijxo.dll
O4 - HKLM\..\Run: [dyfvnc] C:\WINDOWS\System32\dyfvnc.exe
O4 - HKLM\..\Run: [wwxyyj] C:\WINDOWS\system32\aaretqe.exe r
O4 - HKCU\..\Run: [svc3ap] C:\WINDOWS\System32\svc3ap.exe
O4 - HKCU\..\RunOnce: [svc3ap] C:\WINDOWS\System32\svc3ap.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...up...7079246637
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...up...7079237433
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\System32\qlink32.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\LPICA11N.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\ZyXEL\G-302v2\tiwlnsvc.exe
Edited by odinfire, 14 October 2006 - 10:33 PM.