|
|
|
EXPERT NEEDED....need help to analyze my Hijackthis log
|
|
|
yeapkl
Junior Member
|
29. April 2009 @ 08:20 |
Link to this message
|
Hi there,
My computer are having quite a number of problems lately.
I'm not sure whether is registry or virus problem.
Many thanks for your help in advance.
Here's my Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:31 PM, on 4/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\spoolsv.exe
C:\WINDOWS\Outlook\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Outlook\wuauclt.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\SoftwareDistribution\Download\434ca23b9cfea2b13a53629934d11296\update\update.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
F3 - REG:win.ini: load=C:\WINDOWS\Outlook\wuauclt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\Outlook\wuauclt.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Kler\pctools_2008128_0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools_2008813_7493.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [irsync] irsync.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKLM\..\RunServices: [irsync] irsync.exe
O4 - HKLM\..\RunOnce: [upj1k] %systemroot%\system32\Rundll32.exe %systemroot%\system32\upj1k.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Msn Messenger Service] msnmsg.exe
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
O4 - HKLM\..\Policies\Explorer\Run: [windows] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O20 - AppInit_DLLs: hnfgs.dll,gnfctt.dll,rthderr.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,ghynjr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,gmjgty.dll,
O23 - Service: AbwgEzt - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: AgjmWcu - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ApjfUqp - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BnubFak - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BpaePxs - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: BrmtKry - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ClsfQhb - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: CsrcMku - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: CuqrCis - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: DahvJhq - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: DejgHek - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: DqczNhk - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: DwgfApo - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: ElmjApm - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: EpwpMpy - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: FgfyHad - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: FqeeQtz - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: FwodAaf - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: FyosRpt - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ϵͳÍøÂç·þÎñ (System Network) - Unknown owner - C:\WINDOWS\system32\MayaBaby\MayaBabyMain.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe
--
End of file - 19051 bytes
|
|
Advertisement
|
 |
|
|
AfterDawn Addict
|
29. April 2009 @ 10:34 |
Link to this message
|
yeapkl, this is a joke, right?
If it?s not then it will make the Guinness book of records as the computer with the most Backdoor Trojans, Worms, Viruses, Spyware, Malware ever to be collected in one place.
Most of which are not recorded anywhere or if a record of it can be found it?s in Arabic and looses a lot in translation..
A copy of the Bad HJT lines (over 100) is attached below.
My Only advice is to remove the Hard Drive and burn it at the stake??.
These HJT lines can be removed but it will not get rid of the infection..
[X] - C:\WINDOWS\spoolsv.exe
[X] - C:\WINDOWS\Outlook\wuauclt.exe
[X] - C:\WINDOWS\Outlook\wuauclt.exe
[?] - C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
[?] - O2 - BHO: Info cache - {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Kler\pctools_2008128_0.dll
[N] - O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools_2008813_7493.dll (file missing)
[?] - O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü
[?] - O4 - HKLM\..\Run: [irsync] irsync.exe
[?] - O4 - HKLM\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü
[?] - O4 - HKLM\..\RunServices: [irsync] irsync.exe
[?] - O4 - HKLM\..\RunOnce: [upj1k] %systemroot%\system32\Rundll32.exe %systemroot%\system32\upj1k.dll,DllUnregisterServer
[X] - O4 - HKCU\..\RunServices: [Msn Messenger Service] msnmsg.exe
[?] - O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü
[X] - O4 - Startup: PowerReg Scheduler.exe
[?] - O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
[X] - O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
[?] - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
[?] - O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O20 - AppInit_DLLs: hnfgs.dll,gnfctt.dll,rthderr.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,ghynjr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,gmjgty.dll,
[X] - O23 - Service: AbwgEzt - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: AgjmWcu - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ApjfUqp - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: BnubFak - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: BpaePxs - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: BrmtKry - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ClsfQhb - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: CsrcMku - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: CuqrCis - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: DahvJhq - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: DejgHek - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: DqczNhk - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: DwgfApo - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ElmjApm - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: EpwpMpy - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: FgfyHad - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: FqeeQtz - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: FwodAaf - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: FyosRpt - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe
[?] - O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
[X] - O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe
[?] - O23 - Service: ϵͳÍøÂç?þÎñ (System Network) - Unknown owner - C:\WINDOWS\system32\MayaBaby\MayaBabyMain.exe (file missing)
[X] - O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe
My Condolences,
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 29. April 2009 @ 10:35
|
|
yeapkl
Junior Member
|
29. April 2009 @ 10:42 |
Link to this message
|
Dear 2oG,
First of all, thank you for the help!
Secondly, so there's no cure for it other than burning my HD ? =(
Cheers.
|
AfterDawn Addict
|
29. April 2009 @ 10:57 |
Link to this message
|
We could TRY to clean it but the process would be long and arduous without any guarantee that it could even be done.
It would be a real challenge and I would have to do a lot of research and maybe write some off the wall fixes. That's because most of the stuff I see is not documented and not in any definition lists that I could find. So it would be kinda like gator hunting with a switch... lol
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
29. April 2009 @ 11:06 |
Link to this message
|
Well, I'm only able to identify this few which are not threat from my record.
[?] - O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
[?] - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
[?] - O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
Kindly ignore it. =)
|
AfterDawn Addict
|
29. April 2009 @ 11:20 |
Link to this message
|
|
Yeah, I figured that, that's why they are marked [?] and need to be researched before deleting. Left that out of my post :( Actually I didn't think you would want to clean it. It would probably be the best to reformat and reinstall the OS if you use it for banking or have sensitive data on it because it does have backdoor Trojans..
If you don't have anything on it then we can give it a whirl.. What say??
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
1. May 2009 @ 03:50 |
Link to this message
|
|
Let's give it a go...
Reformat is not my option for now...
|
AfterDawn Addict
|
1. May 2009 @ 09:02 |
Link to this message
|
|
Ok, It will take quite a few rounds. I will be working maybe through Sunday on 14/15 hour shifts to get some computers setup so it may be Monday before I get a chance to work up a plan of attack. I?ll work up a first go round and get it to you as soon as I can.
In the mean time if you have any questions or concerns just drop them to me and I?ll get that back to you before we start.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
1. May 2009 @ 09:53 |
Link to this message
|
|
Thanks mate.
You can take your time on this.
=)
|
AfterDawn Addict
|
3. May 2009 @ 10:01 |
Link to this message
|
yeapkl,
I will be working some long hours for a while but, will try my best to give you as much time as I can. Please bear with me :)
I see some un-known malware on your machine and I may have to use some unusual tools to remove it.
Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.
Please observe these rules while we work:
? Perform all actions in the order given.
? If you don't know, stop and ask! Don't keep going on.
? Stick with it till you're given the all clear.
? REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
The first thing we will do is use some commercial tools to remove the bulk of the infection.
Please do the following:
Download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post the MBAM Log and a fresh HJT log in your next reply.
Note: If after installing MBAM it will not run, then try this:
Please rename the MBAM executable and try again.
To do this
1. Right click Start - Click Explore
2. Navigate to: c:\program files\malwarebytes' Anti-Malware Right click on mbam.exe - click Rename
3. Type into the name box: xxx.exe
Now just double click xxx.exe to run it and follow the first instructions?
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
11. May 2009 @ 10:09 |
Link to this message
|
|
Hey man,
I've been trying to do a scan using Malwarebytes on my comp...apparently my comp just "hang" regardless of during scanning or w/o scanning after startup for 30mins.
Any idea what's wrong?
My explorer.exe is running thou, but when i click on "My computer", it just shows a torch & searching for items.
My wireless connection icon only appears on the notification bar after 30mins....but I'm clear to use IE/Firefox to surf net before my comp hangs...
|
AfterDawn Addict
|
11. May 2009 @ 11:00 |
Link to this message
|
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
13. May 2009 @ 12:18 |
Link to this message
|
Great, the rescue disk method works!!
Here's my MBAM & HJT log.
Scan type: Full Scan (C:\|)
Objects scanned: 209926
Time elapsed: 2 hour(s), 36 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\mewbodomediapop.popbodo (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbodomediapop.popbodo.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbojomediapop.popbojo (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbojomediapop.popbojo.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewvadpopup.btlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewvadpopup.btlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newszadspopup.bmlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newszadspopup.bmlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newzcocomediapop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newzcocomediapop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nezdadpopup.cblogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nezdadpopup.cblogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{285ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{285ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06926b30-424e-4f1c-8ee3-543cd96573dc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{285ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpidisk (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\newpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpmem (Adware.Cinmus) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools (Trojan.Yigather) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\Intel\baiduc.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools_2008108_7493.dll.XXX (Trojan.Yigather) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe.XXX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscpx32r.det (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Adware.Cinmus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awpzpo55.dllmmc.pkm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpiwii72.dllmmc.pkm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DVL (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system\LVL (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\System.exe (Worm.Autorun) -> Delete on reboot.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:08 AM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
F3 - REG:win.ini: load=C:\WINDOWS\Outlook\wuauclt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\Outlook\wuauclt.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [irsync] irsync.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKLM\..\RunServices: [irsync] irsync.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Msn Messenger Service] msnmsg.exe
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
O4 - HKLM\..\Policies\Explorer\Run: [windows] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O20 - AppInit_DLLs: hnfgs.dll,gnfctt.dll,rthderr.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,ghynjr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,gmjgty.dll
O23 - Service: AbwgEzt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: AgjmWcu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ApjfUqp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BnubFak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BpaePxs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: BrmtKry - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ClsfQhb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: CsrcMku - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: CuqrCis - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DahvJhq - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DejgHek - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DqczNhk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DwgfApo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: ElmjApm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: EpwpMpy - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FgfyHad - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FqeeQtz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FwodAaf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FyosRpt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\spoolsv.exe (file missing)
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ϵͳÍøÂç·þÎñ (System Network) - Unknown owner - C:\WINDOWS\system32\MayaBaby\MayaBabyMain.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
--
End of file - 19394 bytes
|
AfterDawn Addict
|
14. May 2009 @ 10:04 |
Link to this message
|
yeapkl,
Great, that worked like I hoped it would? : )
There is still a lot of infection, some that I do not understand as of yet, hehe so, lets try the next step; but remember if it don?t work or if you have a problem, please stop and ask?.
1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
Quote:
"%userprofile%\desktop\combofix.exe" /killall
3. Combo will begin to run DO NOTHING while this is happening.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
? This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
NOTE: If, when it's completed, you can not get on the internet just reboot the computer.
Please post the log from comboFix for me located in
c:\comboFix.txt
And a fresh HJT Log
Thanks,
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
14. May 2009 @ 11:26 |
Link to this message
|
Hey,
ComboFix state that I need to disable my real time scanner ESET NOD32 Antivirus before it continue to run. However i remember uninstall this antivirus long ago.
Should I just proceed on with Combofix?
|
AfterDawn Addict
|
14. May 2009 @ 11:33 |
Link to this message
|
|
proceed - the way I have you running it will disable all running scanners.
you probably don't need to install the recovery console. that is unless you want to....
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
14. May 2009 @ 12:09 |
Link to this message
|
Here you go...
ComboFix 09-05-13.04 - 52309 05/14/2009 23:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.734.411 [GMT 8:00]
Running from: c:\documents and settings\52309\desktop\combofix.exe
Command switches used :: /killall
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\52309\Desktop\Unused Desktop Shortcuts\Sports Interactive\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\DotNet\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\DotNet\IntuitiveCustom\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\DotNet\IntuitiveCustomReports\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\DotNet\IntuitiveStandard\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\DotNet\IntuitiveStandardReports\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\image\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsPayable\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsPayable\EnterInvoices\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsPayable\EnterRecurringPayments\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsPayable\ProcessPayments\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsReceivable\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsReceivable\GenerateInvoices\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsReceivable\ReceiveandApplyPayments\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventory\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventory\AuditInventoryTransactions\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventory\CycleCount\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventory\ManuallyAdjustInventory\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventoryDataandBillsofMaterial\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventoryDataandBillsofMaterial\EnterandMaintainBillsofMaterial\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventoryDataandBillsofMaterial\EnterItemData\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingtheGeneralLedger\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingtheGeneralLedger\PeriodEndActivities\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingtheGeneralLedger\SetUpGeneralLedger\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\CloseandCostWorkOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\EnterReworkOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\EnterWorkOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\MaterialIssue\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\ProcessExpenseWorkOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\ReceiveandInspectWorkOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\ReportLabor\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaterialPlanning\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaterialPlanning\EnterMasterSchedules\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaterialPlanning\EnterSalesForecasts\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaterialPlanning\PlanMaterialRequirements\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\ProcessingSalesOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\ProcessingSalesOrders\EnterCustomerData\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\ProcessingSalesOrders\EnterSalesOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\ProcessingSalesOrders\EnterStaticData\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Purchasing\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Purchasing\EnterPurchaseOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Purchasing\EnterVendorData\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Purchasing\ReceiveandInspectPurchaseOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\CorrectShippingProblems\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\EnterBOLDefaults\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\EnterProformaorCommercialInvoices\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\EnterShipments\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\GenerateShiplists\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\GenerateShippingPapers\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\templates\_desktop.ini
C:\strategy.txt
c:\windows\Downloaded Program Files\toolbar.bmp
c:\windows\Downloaded Program Files\winio.dll
c:\windows\Downloaded Program Files\winio.vxd
c:\windows\Kler
c:\windows\Kler\pctools_2008128_0.dll.XXX
c:\windows\Kler\pctools_2009415_0.dll.XXX
c:\windows\msnimport.exe
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\B4eocaps.SRG
c:\windows\system32\Cache
c:\windows\system32\crugd.cfg
c:\windows\system32\dnteh.cfg
c:\windows\system32\fjyjy.cfg
c:\windows\system32\gprmsgse.axz
c:\windows\system32\gscpx32r.det
c:\windows\system32\hfjg.cfg
c:\windows\system32\MayaBaby
c:\windows\system32\msoscqit.dat
c:\windows\system32\msosmnsf.dat
c:\windows\system32\nicozftp.dat
c:\windows\system32\sysogg.dll
c:\windows\system32\xgnfn.cfg
c:\windows\system32\ydgn.cfg
c:\windows\Update.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPIDISK
-------\Legacy_MAYASYS
-------\Legacy_MSFPFIS64
-------\Legacy_PANDRV
-------\Legacy_PASSWORD
-------\Legacy_SECCTRL
-------\Legacy_SYSTEM_NETWORK
-------\Service_MAYASYS
-------\Service_Pandrv
-------\Service_secctrl
-------\Service_System Network
((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 14:48 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 12:50 . 2009-05-01 12:50 -------- d-----w c:\program files\iPod
2009-05-01 12:49 . 2009-05-01 12:52 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w c:\program files\Trend Micro
2009-04-28 14:52 . 2009-04-28 14:52 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:10 . 2009-04-27 15:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-20 16:39 . 2002-11-13 03:14 1703936 ----a-w c:\windows\system32\NCTAudioFile.dll
2009-04-20 16:39 . 2002-09-06 03:36 233472 ----a-w c:\windows\system32\lame_enc.dll
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w c:\program files\MP3 Converter Simple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 15:46 . 2005-04-16 14:12 5780 ----a-w c:\windows\bthservsdp.dat
2009-05-01 12:51 . 2005-07-06 04:30 -------- d-----w c:\program files\iTunes
2009-05-01 12:49 . 2008-02-22 06:07 -------- d-----w c:\program files\Common Files\Apple
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w c:\program files\Windows Live
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w c:\windows\tmp.dat
2009-04-10 05:44 . 2008-06-27 10:11 143620 ----a-w c:\windows\system32\drivers\acpidisk.sys.XXX
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 15:36 . 2009-03-18 15:36 -------- d-----w c:\program files\Bonjour
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 15:59 . 2009-03-18 15:34 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 15:59 . 2008-11-01 09:35 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Processe Manager"="DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Processe Manager"="DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�" [X]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
PowerReg Scheduler.exe [2008-4-28 256000]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 3qppt58;3qppt58;c:\windows\system32\drivers\3qppt58.sys --> c:\windows\system32\drivers\3qppt58.sys [?]
S0 468aoy1ac;468aoy1ac;c:\windows\system32\drivers\468aoy1ac.sys --> c:\windows\system32\drivers\468aoy1ac.sys [?]
S0 4ddmj4o;4ddmj4o;c:\windows\system32\drivers\4ddmj4o.sys --> c:\windows\system32\drivers\4ddmj4o.sys [?]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S0 58v20f;58v20f;c:\windows\system32\drivers\58v20f.sys --> c:\windows\system32\drivers\58v20f.sys [?]
S0 7yx3zhgur;7yx3zhgur;c:\windows\system32\drivers\7yx3zhgur.sys --> c:\windows\system32\drivers\7yx3zhgur.sys [?]
S0 82wdblow0b;82wdblow0b;c:\windows\system32\drivers\82wdblow0b.sys --> c:\windows\system32\drivers\82wdblow0b.sys [?]
S0 d2yz83c1rc;d2yz83c1rc;c:\windows\system32\drivers\d2yz83c1rc.sys --> c:\windows\system32\drivers\d2yz83c1rc.sys [?]
S0 faaojfwpo;faaojfwpo;c:\windows\system32\drivers\faaojfwpo.sys --> c:\windows\system32\drivers\faaojfwpo.sys [?]
S0 holda;holda;c:\windows\system32\drivers\holda.sys --> c:\windows\system32\drivers\holda.sys [?]
S0 hxhpvot;hxhpvot;c:\windows\system32\drivers\hxhpvot.sys --> c:\windows\system32\drivers\hxhpvot.sys [?]
S0 m60q7y0;m60q7y0;c:\windows\system32\drivers\m60q7y0.sys --> c:\windows\system32\drivers\m60q7y0.sys [?]
S0 mhv6r42;mhv6r42;c:\windows\system32\drivers\mhv6r42.sys --> c:\windows\system32\drivers\mhv6r42.sys [?]
S0 pev26od2;pev26od2;c:\windows\system32\drivers\pev26od2.sys --> c:\windows\system32\drivers\pev26od2.sys [?]
S0 q3i6m8a;q3i6m8a;c:\windows\system32\drivers\q3i6m8a.sys --> c:\windows\system32\drivers\q3i6m8a.sys [?]
S0 r9yr57dd5;r9yr57dd5;c:\windows\system32\drivers\r9yr57dd5.sys --> c:\windows\system32\drivers\r9yr57dd5.sys [?]
S0 wglfl7;wglfl7;c:\windows\system32\drivers\wglfl7.sys --> c:\windows\system32\drivers\wglfl7.sys [?]
S0 yh13phk;yh13phk;c:\windows\system32\drivers\yh13phk.sys --> c:\windows\system32\drivers\yh13phk.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 AbwgEzt;AbwgEzt;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 AgjmWcu;AgjmWcu;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ApjfUqp;ApjfUqp;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 BnubFak;BnubFak;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 BpaePxs;BpaePxs;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 BrmtKry;BrmtKry;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ClsfQhb;ClsfQhb;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 CsrcMku;CsrcMku;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 CuqrCis;CuqrCis;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 DahvJhq;DahvJhq;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 DejgHek;DejgHek;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 DqczNhk;DqczNhk;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 DwgfApo;DwgfApo;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 ElmjApm;ElmjApm;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 EpwpMpy;EpwpMpy;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 FgfyHad;FgfyHad;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 FqeeQtz;FqeeQtz;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 FwodAaf;FwodAaf;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 FyosRpt;FyosRpt;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 GflfQak;GflfQak;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 GqzaElw;GqzaElw;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 GwsgIlg;GwsgIlg;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 GzyoGcd;GzyoGcd;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 HlbxUdm;HlbxUdm;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 HlyvHhd;HlyvHhd;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 HoasVgp;HoasVgp;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 IclfOrs;IclfOrs;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 IfbhZub;IfbhZub;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 IjllNpk;IjllNpk;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 InternetExplorer;InternetExplorer;c:\windows\InternetExplorer.exe --> c:\windows\InternetExplorer.exe [?]
S2 IrxpZdl;IrxpZdl;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 IvmaSbm;IvmaSbm;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 JpjpWox;JpjpWox;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 KbmiSnk;KbmiSnk;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 KhfkXav;KhfkXav;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 KjcfBgs;KjcfBgs;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 KmouEjd;KmouEjd;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 LcryRwp;LcryRwp;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 MeduAeu;MeduAeu;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 MgcxFyt;MgcxFyt;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 MyezKrt;MyezKrt;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 NlfyKcj;NlfyKcj;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 NrvjMxz;NrvjMxz;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 NtdyTit;NtdyTit;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 NukuWef;NukuWef;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 NumqIin;NumqIin;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 OdqvMhs;OdqvMhs;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 OtklPti;OtklPti;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 OxjvBpg;OxjvBpg;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S2 PojjYcf;PojjYcf;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 PsmkMel;PsmkMel;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 QmvyDnr;QmvyDnr;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 QpfjDev;QpfjDev;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 QtyyOrn;QtyyOrn;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 QyvpGgo;QyvpGgo;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 QzoaErb;QzoaErb;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 RuldBkh;RuldBkh;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 SngwJqb;SngwJqb;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 SqdcHcj;SqdcHcj;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ToknVmo;ToknVmo;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 UgmhVgt;UgmhVgt;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 UqrpBdw;UqrpBdw;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 UzaqFaj;UzaqFaj;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 VihcZhn;VihcZhn;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 WfnsVhh;WfnsVhh;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 WhsmOun;WhsmOun;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 WztdHqi;WztdHqi;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 XafrXem;XafrXem;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 XfsxOil;XfsxOil;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 XlayMvo;XlayMvo;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 XpebYko;XpebYko;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 XtjiHmp;XtjiHmp;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 YdpdQsg;YdpdQsg;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 YoceOqn;YoceOqn;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 YqpuJcs;YqpuJcs;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 YtfpRyr;YtfpRyr;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ZkrvQvd;ZkrvQvd;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ZresLdd;ZresLdd;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ZrhfCzj;ZrhfCzj;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ZvowGmf;ZvowGmf;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ca8ee64-9f58-11da-b7b2-0010c66970c1}]
\Shell\AutoRun\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{640f3c76-7212-11dc-b999-0010c66970c1}]
\Shell\auto\command - E:\Limit.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Limit.exe
\Shell\explore\command - E:\Limit.exe
\Shell\open\command - E:\Limit.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ffc861-894d-11da-b774-0010c66970c1}]
\Shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2d5099f-365a-11dc-bae9-0010c66970c1}]
\Shell\Auto\command - F:\pagefile.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e36e4fd6-2bb8-11dc-bacf-0010c66970c1}]
\Shell\AutoRun\command - E:\SGP2006.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed82eeac-6fb7-11dc-b993-0010c66970c1}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4464b1e-c529-11d9-b565-0010c66970c1}]
\Shell\AutoRun\command - What's this.exe
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-irsync - irsync.exe
HKLM-Explorer_Run-user - c:\windows\WinShell..\daemon.exe
HKLM-Explorer_Run-windows - c:\windows\WinShell..\daemon.exe
ShellExecuteHooks-{E272C1EF-275E-4733-FF5E-13455234524F} - (no file)
ShellExecuteHooks-{5674d794-70bd-4e1d-8e4c-6417b7d3b2ec} - (no file)
ShellExecuteHooks-{ACADABAE-1000-0010-8000-00AA006D2EA8} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} - hxxp://projector.rp.edu.sg/WPGClientCheck.CAB
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - component: c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 23:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??@???? ???B?????????????H<C? ??????
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
user = c:\windows\WinShell..\daemon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
windows = c:\windows\WinShell..\daemon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-14 23:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-14 15:57
Pre-Run: 534,343,680 bytes free
Post-Run: 1,129,369,600 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
420 --- E O F --- 2009-05-13 14:01
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:14 PM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: AbwgEzt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: AgjmWcu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ApjfUqp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BnubFak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BpaePxs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: BrmtKry - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ClsfQhb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: CsrcMku - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: CuqrCis - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DahvJhq - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DejgHek - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DqczNhk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DwgfApo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: ElmjApm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: EpwpMpy - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FgfyHad - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FqeeQtz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FwodAaf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FyosRpt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
--
End of file - 17489 bytes
|
AfterDawn Addict
|
14. May 2009 @ 12:42 |
Link to this message
|
|
Looking better but not there yet?
This will take some time for me to work up a fix.. don?t loose faith : )
I just got off a 12 hour shift at 7:30 am this morning so, please excuse me for a few hours of sleep and I?ll be back later after I work up some fixes for the rest of your problems?
Hang in there, it?s working -- so far.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
14. May 2009 @ 20:48 |
Link to this message
|
|
Thanks mate..
u just take ur time =)
|
AfterDawn Addict
|
15. May 2009 @ 07:07 |
Link to this message
|
I?ve always heard you can eat an elephant, if you just take one small bite at a time.. : )
As I said, this is going to take quite a while so please be patient?.
I am having difficulty finding any information on some of the infections that are showing up in the ComboFix Log?
When I do find them, it?s in Arabic or Polish or some language that I don?t have a clue : (
but I?ll work that out?
This time, we?ll just take a small byte of the bad random services and see what we can come up with:
Take your time and if you have a problem, just holler at me?
Remove Bad Services
Step # 1: Remove Hijackthis Entries
Run HijackThis
Click on the Scan]/b] button
Put a [b]check beside all of the items listed below (if present):
O23 - Service: AbwgEzt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: AgjmWcu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ApjfUqp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: BnubFak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: BpaePxs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: BrmtKry - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ClsfQhb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: CsrcMku - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: CuqrCis - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DahvJhq - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DejgHek - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DqczNhk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DwgfApo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ElmjApm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: EpwpMpy - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FgfyHad - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FqeeQtz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FwodAaf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FyosRpt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
Step # 2: Delete Bad Services
Please open Notepad. Ensure that word wrap is turned off.
Click on Format and make sure that there is not a tick next to Word Wrap.
If there's one, click on Word Wrap to remove it.
Copy and paste the following in the quote box into Notepad:
Quote:
@echo off
sc stop AbwgEzt
sc delete AbwgEzt
sc stop AgjmWcu
sc delete AgjmWcu
sc stop ApjfUqp
sc delete ApjfUqp
sc stop BnubFak
sc delete BnubFak
sc stop BpaePxs
sc delete BpaePxs
sc stop BrmtKry
sc delete BrmtKry
sc stop ClsfQhb
sc delete ClsfQhb
sc stop CsrcMku
sc delete CsrcMku
sc stop CuqrCis
sc delete CuqrCis
sc stop DahvJhq
sc delete DahvJhq
sc stop DejgHek
sc delete DejgHek
sc stop DqczNhk
sc delete DqczNhk
sc stop DwgfApo
sc delete DwgfApo
sc stop ElmjApm
sc delete ElmjApm
sc stop EpwpMpy
sc delete EpwpMpy
sc stop FgfyHad
sc delete FgfyHad
sc stop FqeeQtz
sc delete FqeeQtz
sc stop FwodAaf
sc delete FwodAaf
sc stop FyosRpt
sc delete FyosRpt
exit
Click on File > Save As....
In the File Name box, copy and paste in fix.bat
In the Save as type box, select All Files from the drop-down list.
Click Save and save it to your Desktop.
Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.
Now Please post a fresh HJT Log?..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 15. May 2009 @ 07:13
|
|
yeapkl
Junior Member
|
18. May 2009 @ 09:37 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:47 PM, on 5/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
--
End of file - 16070 bytes
|
|
yeapkl
Junior Member
|
18. May 2009 @ 10:02 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:47 PM, on 5/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
--
End of file - 16070 bytes
|
|
yeapkl
Junior Member
|
18. May 2009 @ 10:05 |
Link to this message
|
|
Oops, sorry...double post
|
AfterDawn Addict
|
18. May 2009 @ 10:43 |
Link to this message
|
That?s looking good..
This time, we?ll just take a bigger byte and clear the rest of the bad random services so we can work on the other stuff : )
Again, take your time and if you have a problem, just holler at me?
Remove Bad Services
Step # 1: Remove Hijackthis Entries
Run HijackThis
Click on the Scan]/b] button
Put a [b]check beside all of the items listed below (if present):
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
Step # 2: Delete Bad Services
Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the quote box into Notepad:
Quote:
@echo off
sc stop GflfQak
sc delete GflfQak
sc stop GqzaElw
sc delete GqzaElw
sc stop GwsgIlg
sc delete GwsgIlg
sc stop GzyoGcd
sc delete GzyoGcd
sc stop HlbxUdm
sc delete HlbxUdm
sc stop HlyvHhd
sc delete HlyvHhd
sc stop HoasVgp
sc delete HoasVgp
sc stop IclfOrs
sc delete IclfOrs
sc stop IfbhZub
sc delete IfbhZub
sc stop IjllNpk
sc delete IjllNpk
sc stop InternetExplorer
sc delete InternetExplorer
sc stop IrxpZdl
sc delete IrxpZdl
sc stop IvmaSbm
sc delete IvmaSbm
sc stop JpjpWox
sc delete JpjpWox
sc stop KbmiSnk
sc delete KbmiSnk
sc stop KhfkXav
sc delete KhfkXav
sc stop KjcfBgs
sc delete KjcfBgs
sc stop KmouEjd
sc delete KmouEjd
sc stop LcryRwp
sc delete LcryRwp
sc stop MeduAeu
sc delete MeduAeu
sc stop MgcxFyt
sc delete MgcxFyt
sc stop MyezKrt
sc delete MyezKrt
sc stop NlfyKcj
sc delete NlfyKcj
sc stop NrvjMxz
sc delete NrvjMxz
sc stop NtdyTit
sc delete NtdyTit
sc stop NukuWef
sc delete NukuWef
sc stop NumqIin
sc delete NumqIin
sc stop OdqvMhs
sc delete OdqvMhs
sc stop OtklPti
sc delete OtklPti
sc stop OxjvBpg
sc delete OxjvBpg
sc stop PojjYcf
sc delete PojjYcf
sc stop PsmkMel
sc delete PsmkMel
sc stop QmvyDnr
sc delete QmvyDnr
sc stop QpfjDev
sc delete QpfjDev
sc stop QtyyOrn
sc delete QtyyOrn
sc stop QyvpGgo
sc delete QyvpGgo
sc stop QzoaErb
sc delete QzoaErb
sc stop RuldBkh
sc delete RuldBkh
sc stop SngwJqb
sc delete SngwJqb
sc stop SqdcHcj
sc delete SqdcHcj
sc stop ToknVmo
sc delete ToknVmo
sc stop UgmhVgt
sc delete UgmhVgt
sc stop UqrpBdw
sc delete UqrpBdw
exit
Click on File > Save As....
In the File Name box, copy and paste in fix.bat
In the Save as type box, select All Files from the drop-down list.
Click Save and save it to your Desktop.
Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.
Now Please post a fresh HJT Log?..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Advertisement
|
|
|
|
yeapkl
Junior Member
|
18. May 2009 @ 11:04 |
Link to this message
|
OK man...Here's the latest log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:34 PM, on 5/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü�
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
--
End of file - 12613 bytes
|
|
