EXPERT NEEDED....need help to analyze my Hijackthis log

Hi there,

My computer are having quite a number of problems lately.
I'm not sure whether is registry or virus problem.

Many thanks for your help in advance.

Here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:31 PM, on 4/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\spoolsv.exe
C:\WINDOWS\Outlook\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Outlook\wuauclt.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\SoftwareDistribution\Download\434ca23b9cfea2b13a53629934d11296\update\update.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
F3 - REG:win.ini: load=C:\WINDOWS\Outlook\wuauclt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\Outlook\wuauclt.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Kler\pctools_2008128_0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools_2008813_7493.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [irsync] irsync.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKLM\..\RunServices: [irsync] irsync.exe
O4 - HKLM\..\RunOnce: [upj1k] %systemroot%\system32\Rundll32.exe %systemroot%\system32\upj1k.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Msn Messenger Service] msnmsg.exe
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
O4 - HKLM\..\Policies\Explorer\Run: [windows] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O20 - AppInit_DLLs: hnfgs.dll,gnfctt.dll,rthderr.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,ghynjr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,gmjgty.dll,
O23 - Service: AbwgEzt - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: AgjmWcu - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ApjfUqp - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BnubFak - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BpaePxs - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: BrmtKry - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ClsfQhb - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: CsrcMku - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: CuqrCis - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: DahvJhq - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: DejgHek - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: DqczNhk - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: DwgfApo - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: ElmjApm - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: EpwpMpy - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: FgfyHad - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: FqeeQtz - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: FwodAaf - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: FyosRpt - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ϵͳÍøÂç·þÎñ (System Network) - Unknown owner - C:\WINDOWS\system32\MayaBaby\MayaBabyMain.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe

--
End of file - 19051 bytes

 

yeapkl, this is a joke, right?

If it’s not then it will make the Guinness book of records as the computer with the most Backdoor Trojans, Worms, Viruses, Spyware, Malware ever to be collected in one place.
Most of which are not recorded anywhere or if a record of it can be found it’s in Arabic and looses a lot in translation..

A copy of the Bad HJT lines (over 100) is attached below.

My Only advice is to remove the Hard Drive and burn it at the stake…….

These HJT lines can be removed but it will not get rid of the infection..
[X] - C:\WINDOWS\spoolsv.exe
[X] - C:\WINDOWS\Outlook\wuauclt.exe
[X] - C:\WINDOWS\Outlook\wuauclt.exe
[?] - C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
[?] - O2 - BHO: Info cache - {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Kler\pctools_2008128_0.dll
[N] - O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools_2008813_7493.dll (file missing)
[?] - O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
[?] - O4 - HKLM\..\Run: [irsync] irsync.exe
[?] - O4 - HKLM\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
[?] - O4 - HKLM\..\RunServices: [irsync] irsync.exe
[?] - O4 - HKLM\..\RunOnce: [upj1k] %systemroot%\system32\Rundll32.exe %systemroot%\system32\upj1k.dll,DllUnregisterServer
[X] - O4 - HKCU\..\RunServices: [Msn Messenger Service] msnmsg.exe
[?] - O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
[X] - O4 - Startup: PowerReg Scheduler.exe
[?] - O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
[X] - O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
[?] - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
[?] - O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O20 - AppInit_DLLs: hnfgs.dll,gnfctt.dll,rthderr.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,ghynjr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,gmjgty.dll,
[X] - O23 - Service: AbwgEzt - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: AgjmWcu - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ApjfUqp - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: BnubFak - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: BpaePxs - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: BrmtKry - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ClsfQhb - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: CsrcMku - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: CuqrCis - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: DahvJhq - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: DejgHek - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: DqczNhk - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: DwgfApo - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ElmjApm - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: EpwpMpy - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: FgfyHad - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: FqeeQtz - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: FwodAaf - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: FyosRpt - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe
[?] - O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
[X] - O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe
[?] - O23 - Service: ϵͳÍøÂç•þÎñ (System Network) - Unknown owner - C:\WINDOWS\system32\MayaBaby\MayaBabyMain.exe (file missing)
[X] - O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe
[X] - O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe

My Condolences,
2oG

 

Dear 2oG,

First of all, thank you for the help!

Secondly, so there's no cure for it other than burning my HD ? =(


Cheers.

 

We could TRY to clean it but the process would be long and arduous without any guarantee that it could even be done.

It would be a real challenge and I would have to do a lot of research and maybe write some off the wall fixes. That's because most of the stuff I see is not documented and not in any definition lists that I could find. So it would be kinda like gator hunting with a switch... lol

2oG

 

Well, I'm only able to identify this few which are not threat from my record.

[?] - O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
[?] - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
[?] - O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
[?] - O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg

Kindly ignore it. =)

 

Yeah, I figured that, that's why they are marked [?] and need to be researched before deleting. Left that out of my post Actually I didn't think you would want to clean it. It would probably be the best to reformat and reinstall the OS if you use it for banking or have sensitive data on it because it does have backdoor Trojans..
If you don't have anything on it then we can give it a whirl.. What say??

2oG

 

Let's give it a go...

Reformat is not my option for now...

 

Ok, It will take quite a few rounds. I will be working maybe through Sunday on 14/15 hour shifts to get some computers setup so it may be Monday before I get a chance to work up a plan of attack. I’ll work up a first go round and get it to you as soon as I can.
In the mean time if you have any questions or concerns just drop them to me and I’ll get that back to you before we start.

2oG

 

Thanks mate.

You can take your time on this.

=)

 

yeapkl,
I will be working some long hours for a while but, will try my best to give you as much time as I can. Please bear with me

I see some un-known malware on your machine and I may have to use some unusual tools to remove it.
Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
• Perform all actions in the order given.
• If you don't know, stop and ask! Don't keep going on.
• Stick with it till you're given the all clear.
• REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.

The first thing we will do is use some commercial tools to remove the bulk of the infection.

Please do the following:

Download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

• Please post the MBAM Log and a fresh HJT log in your next reply.


Note: If after installing MBAM it will not run, then try this:
Please rename the MBAM executable and try again.
To do this
1. Right click Start - Click Explore
2. Navigate to: c:\program files\malwarebytes' Anti-Malware Right click on mbam.exe - click Rename
3. Type into the name box: xxx.exe
Now just double click xxx.exe to run it and follow the first instructions…

2OG

 

Hey man,

I've been trying to do a scan using Malwarebytes on my comp...apparently my comp just "hang" regardless of during scanning or w/o scanning after startup for 30mins.

Any idea what's wrong?
My explorer.exe is running thou, but when i click on "My computer", it just shows a torch & searching for items.

My wireless connection icon only appears on the notification bar after 30mins....but I'm clear to use IE/Firefox to surf net before my comp hangs...

 

Using a clean computer download and burn a rescue disk from here:
http://www.free-av.com/en/products/12/av...cue_system.html

Then use this guide to clean your machine:
http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

Then, go back and try the previous instructions………

Let me know the outcome and we will see……….

Other than that, reformat/reinstall.....

2oG

 

Great, the rescue disk method works!!

Here's my MBAM & HJT log.

Scan type: Full Scan (C:\|)
Objects scanned: 209926
Time elapsed: 2 hour(s), 36 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mewbodomediapop.popbodo (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbodomediapop.popbodo.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbojomediapop.popbojo (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbojomediapop.popbojo.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewvadpopup.btlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewvadpopup.btlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newszadspopup.bmlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newszadspopup.bmlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newzcocomediapop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newzcocomediapop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nezdadpopup.cblogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nezdadpopup.cblogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{285ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{285ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06926b30-424e-4f1c-8ee3-543cd96573dc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{285ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpidisk (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\newpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpmem (Adware.Cinmus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools (Trojan.Yigather) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Intel\baiduc.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools_2008108_7493.dll.XXX (Trojan.Yigather) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe.XXX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscpx32r.det (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Adware.Cinmus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awpzpo55.dllmmc.pkm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpiwii72.dllmmc.pkm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DVL (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system\LVL (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\System.exe (Worm.Autorun) -> Delete on reboot.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:08 AM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
F3 - REG:win.ini: load=C:\WINDOWS\Outlook\wuauclt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\Outlook\wuauclt.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [irsync] irsync.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKLM\..\RunServices: [irsync] irsync.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Msn Messenger Service] msnmsg.exe
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
O4 - HKLM\..\Policies\Explorer\Run: [windows] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O20 - AppInit_DLLs: hnfgs.dll,gnfctt.dll,rthderr.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,ghynjr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,gmjgty.dll
O23 - Service: AbwgEzt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: AgjmWcu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ApjfUqp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BnubFak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BpaePxs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: BrmtKry - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ClsfQhb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: CsrcMku - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: CuqrCis - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DahvJhq - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DejgHek - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DqczNhk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DwgfApo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: ElmjApm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: EpwpMpy - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FgfyHad - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FqeeQtz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FwodAaf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FyosRpt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\spoolsv.exe (file missing)
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ϵͳÍøÂç·þÎñ (System Network) - Unknown owner - C:\WINDOWS\system32\MayaBaby\MayaBabyMain.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

--
End of file - 19394 bytes

 

yeapkl,

Great, that worked like I hoped it would… : )

There is still a lot of infection, some that I do not understand as of yet, hehe so, lets try the next step; but remember if it don’t work or if you have a problem, please stop and ask….


1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.

3. Combo will begin to run DO NOTHING while this is happening.
• It will kill a few processes and disconnect you from the internet.
• If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
• This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.

**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

NOTE: If, when it's completed, you can not get on the internet just reboot the computer.

Please post the log from comboFix for me located in
c:\comboFix.txt
And a fresh HJT Log


Thanks,
2oG

 

Hey,

ComboFix state that I need to disable my real time scanner ESET NOD32 Antivirus before it continue to run. However i remember uninstall this antivirus long ago.

Should I just proceed on with Combofix?

 

proceed - the way I have you running it will disable all running scanners.

you probably don't need to install the recovery console. that is unless you want to....


2oG

 

Here you go...

ComboFix 09-05-13.04 - 52309 05/14/2009 23:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.734.411 [GMT 8:00]
Running from: c:\documents and settings\52309\desktop\combofix.exe
Command switches used :: /killall
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\52309\Desktop\Unused Desktop Shortcuts\Sports Interactive\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\DotNet\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\DotNet\IntuitiveCustom\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\DotNet\IntuitiveCustomReports\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\DotNet\IntuitiveStandard\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\DotNet\IntuitiveStandardReports\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\image\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsPayable\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsPayable\EnterInvoices\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsPayable\EnterRecurringPayments\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsPayable\ProcessPayments\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsReceivable\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsReceivable\GenerateInvoices\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingAccountsReceivable\ReceiveandApplyPayments\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventory\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventory\AuditInventoryTransactions\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventory\CycleCount\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventory\ManuallyAdjustInventory\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventoryDataandBillsofMaterial\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventoryDataandBillsofMaterial\EnterandMaintainBillsofMaterial\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingInventoryDataandBillsofMaterial\EnterItemData\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingtheGeneralLedger\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingtheGeneralLedger\PeriodEndActivities\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaintainingtheGeneralLedger\SetUpGeneralLedger\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\CloseandCostWorkOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\EnterReworkOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\EnterWorkOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\MaterialIssue\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\ProcessExpenseWorkOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\ReceiveandInspectWorkOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Manufacturing\ReportLabor\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaterialPlanning\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaterialPlanning\EnterMasterSchedules\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaterialPlanning\EnterSalesForecasts\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\MaterialPlanning\PlanMaterialRequirements\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\ProcessingSalesOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\ProcessingSalesOrders\EnterCustomerData\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\ProcessingSalesOrders\EnterSalesOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\ProcessingSalesOrders\EnterStaticData\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Purchasing\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Purchasing\EnterPurchaseOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Purchasing\EnterVendorData\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Purchasing\ReceiveandInspectPurchaseOrders\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\CorrectShippingProblems\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\EnterBOLDefaults\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\EnterProformaorCommercialInvoices\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\EnterShipments\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\GenerateShiplists\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\Shipping\GenerateShippingPapers\_desktop.ini
c:\ierp60\SEGSVR03\IERP60\Workflow\templates\_desktop.ini
C:\strategy.txt
c:\windows\Downloaded Program Files\toolbar.bmp
c:\windows\Downloaded Program Files\winio.dll
c:\windows\Downloaded Program Files\winio.vxd
c:\windows\Kler
c:\windows\Kler\pctools_2008128_0.dll.XXX
c:\windows\Kler\pctools_2009415_0.dll.XXX
c:\windows\msnimport.exe
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\B4eocaps.SRG
c:\windows\system32\Cache
c:\windows\system32\crugd.cfg
c:\windows\system32\dnteh.cfg
c:\windows\system32\fjyjy.cfg
c:\windows\system32\gprmsgse.axz
c:\windows\system32\gscpx32r.det
c:\windows\system32\hfjg.cfg
c:\windows\system32\MayaBaby
c:\windows\system32\msoscqit.dat
c:\windows\system32\msosmnsf.dat
c:\windows\system32\nicozftp.dat
c:\windows\system32\sysogg.dll
c:\windows\system32\xgnfn.cfg
c:\windows\system32\ydgn.cfg
c:\windows\Update.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_MAYASYS
-------\Legacy_MSFPFIS64
-------\Legacy_PANDRV
-------\Legacy_PASSWORD
-------\Legacy_SECCTRL
-------\Legacy_SYSTEM_NETWORK
-------\Service_MAYASYS
-------\Service_Pandrv
-------\Service_secctrl
-------\Service_System Network


((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 14:48 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 12:50 . 2009-05-01 12:50 -------- d-----w c:\program files\iPod
2009-05-01 12:49 . 2009-05-01 12:52 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w c:\program files\Trend Micro
2009-04-28 14:52 . 2009-04-28 14:52 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:10 . 2009-04-27 15:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-20 16:39 . 2002-11-13 03:14 1703936 ----a-w c:\windows\system32\NCTAudioFile.dll
2009-04-20 16:39 . 2002-09-06 03:36 233472 ----a-w c:\windows\system32\lame_enc.dll
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w c:\program files\MP3 Converter Simple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 15:46 . 2005-04-16 14:12 5780 ----a-w c:\windows\bthservsdp.dat
2009-05-01 12:51 . 2005-07-06 04:30 -------- d-----w c:\program files\iTunes
2009-05-01 12:49 . 2008-02-22 06:07 -------- d-----w c:\program files\Common Files\Apple
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w c:\program files\Windows Live
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w c:\windows\tmp.dat
2009-04-10 05:44 . 2008-06-27 10:11 143620 ----a-w c:\windows\system32\drivers\acpidisk.sys.XXX
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 15:36 . 2009-03-18 15:36 -------- d-----w c:\program files\Bonjour
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 15:59 . 2009-03-18 15:34 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 15:59 . 2008-11-01 09:35 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Processe Manager"="DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Processe Manager"="DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü" [X]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
PowerReg Scheduler.exe [2008-4-28 256000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat

[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 3qppt58;3qppt58;c:\windows\system32\drivers\3qppt58.sys --> c:\windows\system32\drivers\3qppt58.sys [?]
S0 468aoy1ac;468aoy1ac;c:\windows\system32\drivers\468aoy1ac.sys --> c:\windows\system32\drivers\468aoy1ac.sys [?]
S0 4ddmj4o;4ddmj4o;c:\windows\system32\drivers\4ddmj4o.sys --> c:\windows\system32\drivers\4ddmj4o.sys [?]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S0 58v20f;58v20f;c:\windows\system32\drivers\58v20f.sys --> c:\windows\system32\drivers\58v20f.sys [?]
S0 7yx3zhgur;7yx3zhgur;c:\windows\system32\drivers\7yx3zhgur.sys --> c:\windows\system32\drivers\7yx3zhgur.sys [?]
S0 82wdblow0b;82wdblow0b;c:\windows\system32\drivers\82wdblow0b.sys --> c:\windows\system32\drivers\82wdblow0b.sys [?]
S0 d2yz83c1rc;d2yz83c1rc;c:\windows\system32\drivers\d2yz83c1rc.sys --> c:\windows\system32\drivers\d2yz83c1rc.sys [?]
S0 faaojfwpo;faaojfwpo;c:\windows\system32\drivers\faaojfwpo.sys --> c:\windows\system32\drivers\faaojfwpo.sys [?]
S0 holda;holda;c:\windows\system32\drivers\holda.sys --> c:\windows\system32\drivers\holda.sys [?]
S0 hxhpvot;hxhpvot;c:\windows\system32\drivers\hxhpvot.sys --> c:\windows\system32\drivers\hxhpvot.sys [?]
S0 m60q7y0;m60q7y0;c:\windows\system32\drivers\m60q7y0.sys --> c:\windows\system32\drivers\m60q7y0.sys [?]
S0 mhv6r42;mhv6r42;c:\windows\system32\drivers\mhv6r42.sys --> c:\windows\system32\drivers\mhv6r42.sys [?]
S0 pev26od2;pev26od2;c:\windows\system32\drivers\pev26od2.sys --> c:\windows\system32\drivers\pev26od2.sys [?]
S0 q3i6m8a;q3i6m8a;c:\windows\system32\drivers\q3i6m8a.sys --> c:\windows\system32\drivers\q3i6m8a.sys [?]
S0 r9yr57dd5;r9yr57dd5;c:\windows\system32\drivers\r9yr57dd5.sys --> c:\windows\system32\drivers\r9yr57dd5.sys [?]
S0 wglfl7;wglfl7;c:\windows\system32\drivers\wglfl7.sys --> c:\windows\system32\drivers\wglfl7.sys [?]
S0 yh13phk;yh13phk;c:\windows\system32\drivers\yh13phk.sys --> c:\windows\system32\drivers\yh13phk.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 AbwgEzt;AbwgEzt;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 AgjmWcu;AgjmWcu;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ApjfUqp;ApjfUqp;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 BnubFak;BnubFak;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 BpaePxs;BpaePxs;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 BrmtKry;BrmtKry;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ClsfQhb;ClsfQhb;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 CsrcMku;CsrcMku;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 CuqrCis;CuqrCis;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 DahvJhq;DahvJhq;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 DejgHek;DejgHek;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 DqczNhk;DqczNhk;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 DwgfApo;DwgfApo;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 ElmjApm;ElmjApm;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 EpwpMpy;EpwpMpy;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 FgfyHad;FgfyHad;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 FqeeQtz;FqeeQtz;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 FwodAaf;FwodAaf;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 FyosRpt;FyosRpt;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 GflfQak;GflfQak;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 GqzaElw;GqzaElw;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 GwsgIlg;GwsgIlg;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 GzyoGcd;GzyoGcd;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 HlbxUdm;HlbxUdm;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 HlyvHhd;HlyvHhd;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 HoasVgp;HoasVgp;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 IclfOrs;IclfOrs;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 IfbhZub;IfbhZub;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 IjllNpk;IjllNpk;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 InternetExplorer;InternetExplorer;c:\windows\InternetExplorer.exe --> c:\windows\InternetExplorer.exe [?]
S2 IrxpZdl;IrxpZdl;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 IvmaSbm;IvmaSbm;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 JpjpWox;JpjpWox;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 KbmiSnk;KbmiSnk;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 KhfkXav;KhfkXav;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 KjcfBgs;KjcfBgs;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 KmouEjd;KmouEjd;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 LcryRwp;LcryRwp;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 MeduAeu;MeduAeu;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 MgcxFyt;MgcxFyt;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 MyezKrt;MyezKrt;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 NlfyKcj;NlfyKcj;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 NrvjMxz;NrvjMxz;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 NtdyTit;NtdyTit;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 NukuWef;NukuWef;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 NumqIin;NumqIin;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 OdqvMhs;OdqvMhs;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 OtklPti;OtklPti;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 OxjvBpg;OxjvBpg;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S2 PojjYcf;PojjYcf;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 PsmkMel;PsmkMel;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 QmvyDnr;QmvyDnr;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 QpfjDev;QpfjDev;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 QtyyOrn;QtyyOrn;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 QyvpGgo;QyvpGgo;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 QzoaErb;QzoaErb;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 RuldBkh;RuldBkh;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 SngwJqb;SngwJqb;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 SqdcHcj;SqdcHcj;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ToknVmo;ToknVmo;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 UgmhVgt;UgmhVgt;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 UqrpBdw;UqrpBdw;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 UzaqFaj;UzaqFaj;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 VihcZhn;VihcZhn;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 WfnsVhh;WfnsVhh;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 WhsmOun;WhsmOun;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 WztdHqi;WztdHqi;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 XafrXem;XafrXem;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 XfsxOil;XfsxOil;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 XlayMvo;XlayMvo;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 XpebYko;XpebYko;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 XtjiHmp;XtjiHmp;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 YdpdQsg;YdpdQsg;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 YoceOqn;YoceOqn;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 YqpuJcs;YqpuJcs;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 YtfpRyr;YtfpRyr;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ZkrvQvd;ZkrvQvd;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ZresLdd;ZresLdd;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ZrhfCzj;ZrhfCzj;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S2 ZvowGmf;ZvowGmf;c:\windows\wuauclt.exe --> c:\windows\wuauclt.exe [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ca8ee64-9f58-11da-b7b2-0010c66970c1}]
\Shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{640f3c76-7212-11dc-b999-0010c66970c1}]
\Shell\auto\command - E:\Limit.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Limit.exe
\Shell\explore\command - E:\Limit.exe
\Shell\open\command - E:\Limit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ffc861-894d-11da-b774-0010c66970c1}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2d5099f-365a-11dc-bae9-0010c66970c1}]
\Shell\Auto\command - F:\pagefile.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e36e4fd6-2bb8-11dc-bacf-0010c66970c1}]
\Shell\AutoRun\command - E:\SGP2006.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed82eeac-6fb7-11dc-b993-0010c66970c1}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4464b1e-c529-11d9-b565-0010c66970c1}]
\Shell\AutoRun\command - What's this.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-irsync - irsync.exe
HKLM-Explorer_Run-user - c:\windows\WinShell..\daemon.exe
HKLM-Explorer_Run-windows - c:\windows\WinShell..\daemon.exe
ShellExecuteHooks-{E272C1EF-275E-4733-FF5E-13455234524F} - (no file)
ShellExecuteHooks-{5674d794-70bd-4e1d-8e4c-6417b7d3b2ec} - (no file)
ShellExecuteHooks-{ACADABAE-1000-0010-8000-00AA006D2EA8} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} - hxxp://projector.rp.edu.sg/WPGClientCheck.CAB
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - component: c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 23:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??@???? ???B?????????????H<C? ??????
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
user = c:\windows\WinShell..\daemon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
windows = c:\windows\WinShell..\daemon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-14 23:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-14 15:57

Pre-Run: 534,343,680 bytes free
Post-Run: 1,129,369,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

420 --- E O F --- 2009-05-13 14:01



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:14 PM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: AbwgEzt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: AgjmWcu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ApjfUqp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BnubFak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BpaePxs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: BrmtKry - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ClsfQhb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: CsrcMku - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: CuqrCis - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DahvJhq - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DejgHek - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DqczNhk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: DwgfApo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: ElmjApm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: EpwpMpy - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FgfyHad - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FqeeQtz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FwodAaf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: FyosRpt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

--
End of file - 17489 bytes

 

Looking better but not there yet…
This will take some time for me to work up a fix.. don’t loose faith : )

I just got off a 12 hour shift at 7:30 am this morning so, please excuse me for a few hours of sleep and I’ll be back later after I work up some fixes for the rest of your problems…

Hang in there, it’s working -- so far.

2oG

 

Thanks mate..

u just take ur time =)

 

I’ve always heard you can eat an elephant, if you just take one small bite at a time.. : )

As I said, this is going to take quite a while so please be patient….

I am having difficulty finding any information on some of the infections that are showing up in the ComboFix Log…
When I do find them, it’s in Arabic or Polish or some language that I don’t have a clue : (
but I’ll work that out…

This time, we’ll just take a small byte of the bad random services and see what we can come up with:

Take your time and if you have a problem, just holler at me…

Remove Bad Services

Step # 1: Remove Hijackthis Entries
Run HijackThis
Click on the Scan]/b] button
Put a check beside all of the items listed below (if present):

O23 - Service: AbwgEzt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: AgjmWcu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: ApjfUqp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: BnubFak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: BpaePxs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: BrmtKry - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: ClsfQhb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: CsrcMku - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: CuqrCis - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: DahvJhq - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: DejgHek - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: DqczNhk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: DwgfApo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: ElmjApm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: EpwpMpy - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: FgfyHad - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: FqeeQtz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: FwodAaf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: FyosRpt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)


Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.


Step # 2: Delete Bad Services

Please open Notepad. Ensure that word wrap is turned off.
Click on Format and make sure that there is not a tick next to Word Wrap.
If there's one, click on Word Wrap to remove it.
Copy and paste the following in the quote box into Notepad:

Click on File > Save As....

In the File Name box, copy and paste in fix.bat
In the Save as type box, select All Files from the drop-down list.

Click Save and save it to your Desktop.

Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.


Now Please post a fresh HJT Log…..


2oG