Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help out there ! *waves hands*

Started by jhun , Mar 19 2005 07:44 PM

  • Please log in to reply

#1
jhun
Posted 19 March 2005 - 07:44 PM

jhun

    New Member

  • Member
  • Pip
  • 6 posts
i dun really know where did i went to get my computer into this straits, but right now whenever it start up it lags like nobody bizness, and there this Security iGuard software that keep installing itself to my com no matter how i delete ! heLp pleasE, i nid my computer urgently for my project ! thanz

here the log :

Logfile of HijackThis v1.99.1
Scan saved at 9:42:10 AM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Vkk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\DOCUME~1\Princess\LOCALS~1\Temp\tmp3E.tmp
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Princess\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kjn] C:\WINDOWS\System32\Vkk.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
O4 - HKLM\..\Run: [Hop] C:\WINDOWS\Kdp.exe
O4 - HKLM\..\Run: [Snq] C:\WINDOWS\System32\Cnv.exe
O4 - HKLM\..\Run: [Sne] C:\WINDOWS\System32\Hmf.exe
O4 - HKLM\..\Run: [Jmr] C:\WINDOWS\Rac.exe
O4 - HKLM\..\Run: [Dbt] C:\WINDOWS\System32\Caf.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Utp.exe
O4 - HKLM\..\Run: [Esh] C:\WINDOWS\System32\Sab.exe
O4 - HKLM\..\Run: [Vhn] C:\WINDOWS\Gbi.exe
O4 - HKLM\..\Run: [Fue] C:\WINDOWS\System32\Anj.exe
O4 - HKLM\..\Run: [Aqi] C:\WINDOWS\Cqc.exe
O4 - HKLM\..\Run: [ezax] C:\WINDOWS\ezax.exe
O4 - HKLM\..\Run: [Hih] C:\WINDOWS\Ugn.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Tad] C:\WINDOWS\Moo.exe
O4 - HKLM\..\Run: [Jok] C:\WINDOWS\Qjk.exe
O4 - HKLM\..\Run: [Hnc] C:\WINDOWS\System32\Uoi.exe
O4 - HKLM\..\Run: [Sso] C:\WINDOWS\Voo.exe
O4 - HKLM\..\Run: [Air] C:\WINDOWS\System32\Dld.exe
O4 - HKLM\..\Run: [Nkm] C:\WINDOWS\Nvt.exe
O4 - HKLM\..\Run: [Jkd] C:\WINDOWS\Esn.exe
O4 - HKLM\..\Run: [Gip] C:\WINDOWS\Avc.exe
O4 - HKLM\..\Run: [Kvp] C:\WINDOWS\System32\Ngd.exe
O4 - HKLM\..\Run: [Vrc] C:\WINDOWS\Iin.exe
O4 - HKLM\..\Run: [Ahn] C:\WINDOWS\Plo.exe
O4 - HKLM\..\Run: [Ucf] C:\WINDOWS\System32\Clr.exe
O4 - HKLM\..\Run: [Iig] C:\WINDOWS\Pku.exe
O4 - HKLM\..\Run: [Vai] C:\WINDOWS\Efa.exe
O4 - HKLM\..\Run: [Pbi] C:\WINDOWS\Hkr.exe
O4 - HKLM\..\Run: [Elv] C:\WINDOWS\Nom.exe
O4 - HKLM\..\Run: [Huu] C:\WINDOWS\System32\Lai.exe
O4 - HKLM\..\Run: [Oid] C:\WINDOWS\System32\Jbe.exe
O4 - HKLM\..\Run: [Qlf] C:\WINDOWS\System32\Kla.exe
O4 - HKLM\..\Run: [Etu] C:\WINDOWS\System32\Hlr.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Sov] C:\WINDOWS\Hlu.exe
O4 - HKLM\..\Run: [Oln] C:\WINDOWS\System32\Ufq.exe
O4 - HKLM\..\Run: [Dbm] C:\WINDOWS\Idb.exe
O4 - HKLM\..\Run: [Kjc] C:\WINDOWS\System32\Vjq.exe
O4 - HKLM\..\Run: [Iqf] C:\WINDOWS\System32\Efg.exe
O4 - HKLM\..\Run: [Ivl] C:\WINDOWS\System32\Kmg.exe
O4 - HKLM\..\RunOnce: [HcTSC] C:\WINDOWS\TSC.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Kjn] C:\WINDOWS\System32\Vkk.exe
O4 - HKCU\..\Run: [Uuse] C:\Documents and Settings\Princess\Application Data\mbsi.exe
O4 - HKCU\..\Run: [Hop] C:\WINDOWS\Kdp.exe
O4 - HKCU\..\Run: [Snq] C:\WINDOWS\System32\Cnv.exe
O4 - HKCU\..\Run: [Sne] C:\WINDOWS\System32\Hmf.exe
O4 - HKCU\..\Run: [Jmr] C:\WINDOWS\Rac.exe
O4 - HKCU\..\Run: [Dbt] C:\WINDOWS\System32\Caf.exe
O4 - HKCU\..\Run: [Seb] C:\WINDOWS\System32\Utp.exe
O4 - HKCU\..\Run: [Esh] C:\WINDOWS\System32\Sab.exe
O4 - HKCU\..\Run: [Vhn] C:\WINDOWS\Gbi.exe
O4 - HKCU\..\Run: [Fue] C:\WINDOWS\System32\Anj.exe
O4 - HKCU\..\Run: [Aqi] C:\WINDOWS\Cqc.exe
O4 - HKCU\..\Run: [Hih] C:\WINDOWS\Ugn.exe
O4 - HKCU\..\Run: [Tad] C:\WINDOWS\Moo.exe
O4 - HKCU\..\Run: [Jok] C:\WINDOWS\Qjk.exe
O4 - HKCU\..\Run: [Hnc] C:\WINDOWS\System32\Uoi.exe
O4 - HKCU\..\Run: [Sso] C:\WINDOWS\Voo.exe
O4 - HKCU\..\Run: [Air] C:\WINDOWS\System32\Dld.exe
O4 - HKCU\..\Run: [Nkm] C:\WINDOWS\Nvt.exe
O4 - HKCU\..\Run: [Jkd] C:\WINDOWS\Esn.exe
O4 - HKCU\..\Run: [Gip] C:\WINDOWS\Avc.exe
O4 - HKCU\..\Run: [Kvp] C:\WINDOWS\System32\Ngd.exe
O4 - HKCU\..\Run: [Vrc] C:\WINDOWS\Iin.exe
O4 - HKCU\..\Run: [Ahn] C:\WINDOWS\Plo.exe
O4 - HKCU\..\Run: [Ucf] C:\WINDOWS\System32\Clr.exe
O4 - HKCU\..\Run: [Iig] C:\WINDOWS\Pku.exe
O4 - HKCU\..\Run: [Vai] C:\WINDOWS\Efa.exe
O4 - HKCU\..\Run: [Pbi] C:\WINDOWS\Hkr.exe
O4 - HKCU\..\Run: [Elv] C:\WINDOWS\Nom.exe
O4 - HKCU\..\Run: [Huu] C:\WINDOWS\System32\Lai.exe
O4 - HKCU\..\Run: [Oid] C:\WINDOWS\System32\Jbe.exe
O4 - HKCU\..\Run: [Qlf] C:\WINDOWS\System32\Kla.exe
O4 - HKCU\..\Run: [Etu] C:\WINDOWS\System32\Hlr.exe
O4 - HKCU\..\Run: [Sov] C:\WINDOWS\Hlu.exe
O4 - HKCU\..\Run: [Oln] C:\WINDOWS\System32\Ufq.exe
O4 - HKCU\..\Run: [Dbm] C:\WINDOWS\Idb.exe
O4 - HKCU\..\Run: [Kjc] C:\WINDOWS\System32\Vjq.exe
O4 - HKCU\..\Run: [Iqf] C:\WINDOWS\System32\Efg.exe
O4 - HKCU\..\Run: [Ivl] C:\WINDOWS\System32\Kmg.exe
O4 - Startup: winupdate56565616[1].exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {3BD4B218-42AA-4287-80A1-11893B952242} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3BD4B218-42AA-4287-80A1-11893B952242} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4DC85A81-E61C-4CF8-985C-F5B6C2A85ACB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4DC85A81-E61C-4CF8-985C-F5B6C2A85ACB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AB8B398D-380C-484C-9515-3505273F0A25} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AB8B398D-380C-484C-9515-3505273F0A25} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C854F0E8-FD35-4CDD-8490-7DC6A0897FA2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C854F0E8-FD35-4CDD-8490-7DC6A0897FA2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DAE7700C-A425-41F0-A031-A9327203FD88} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DAE7700C-A425-41F0-A031-A9327203FD88} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E34A3D2F-52CE-46C3-98F8-FFA74E9942BC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E34A3D2F-52CE-46C3-98F8-FFA74E9942BC} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtange...ave/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://horse-active....ang/loader2.ocx
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildt...uncherSetup.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo....cab?refid=4604
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ise/install.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v5.cab
O16 - DPF: {E20352D0-48EF-49E6-A042-981AA9958EE2} (Launcher Control) - http://hyperrelay.ed...TWOLauncher.cab
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O21 - SSODL: NTDBGTOOL - {CF51D466-1BDC-4681-965D-3D74E79D76C4} - C:\WINDOWS\System32\ntmscdm.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0

Advertisements

#2
Besttechie
Posted 24 March 2005 - 12:27 PM

Besttechie

    Visiting Staff

  • Member
  • PipPipPip
  • 386 posts
Hi jhun,

I will be analyzing your log and will have a repsonse shortly. :tazz:

B
  • 0

#3
Besttechie
Posted 24 March 2005 - 01:08 PM

Besttechie

    Visiting Staff

  • Member
  • PipPipPip
  • 386 posts
Hi,

Can you please submit these 5 files to me? It would be greatly appreciated. Just zip them up using WinZip or a program like that and email them here as an attachment. spyware submissions

The files I would like are in red (if you can find them)

C:\WINDOWS\Moo.exe
C:\WINDOWS\Kdp.exe
C:\WINDOWS\System32\Cnv.exe
C:\WINDOWS\System32\Hmf.exe
C:\WINDOWS\Rac.exe

Next:

You have a Horseserver infection which requires some tools to get rid of.
  • First, download HSFix from here
  • After it is downloaded, create a new folder on your desktop called "HSFix" and extract all the files into the newly created folder.
  • Next, download CleanUp! (Direct Download) Install it, but do not run it yet.
  • Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
  • Locate the HSFix folder on your desktop, open it, and double-click "hsfix.bat"
  • A log will be produced which you can close out of.
  • Then run HijackThis again, close any open windows and browsers and fix these:
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O4 - HKLM\..\Run: [Kjn] C:\WINDOWS\System32\Vkk.exe
    O4 - HKLM\..\Run: [Shell] open32.exe
    O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
    O4 - HKLM\..\Run: [Hop] C:\WINDOWS\Kdp.exe
    O4 - HKLM\..\Run: [Snq] C:\WINDOWS\System32\Cnv.exe
    O4 - HKLM\..\Run: [Sne] C:\WINDOWS\System32\Hmf.exe
    O4 - HKLM\..\Run: [Jmr] C:\WINDOWS\Rac.exe
    O4 - HKLM\..\Run: [Dbt] C:\WINDOWS\System32\Caf.exe
    O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Utp.exe
    O4 - HKLM\..\Run: [Esh] C:\WINDOWS\System32\Sab.exe
    O4 - HKLM\..\Run: [Vhn] C:\WINDOWS\Gbi.exe
    O4 - HKLM\..\Run: [Fue] C:\WINDOWS\System32\Anj.exe
    O4 - HKLM\..\Run: [Aqi] C:\WINDOWS\Cqc.exe
    O4 - HKLM\..\Run: [ezax] C:\WINDOWS\ezax.exe
    O4 - HKLM\..\Run: [Hih] C:\WINDOWS\Ugn.exe
    O4 - HKLM\..\Run: [Tad] C:\WINDOWS\Moo.exe
    O4 - HKLM\..\Run: [Jok] C:\WINDOWS\Qjk.exe
    O4 - HKLM\..\Run: [Hnc] C:\WINDOWS\System32\Uoi.exe
    O4 - HKLM\..\Run: [Sso] C:\WINDOWS\Voo.exe
    O4 - HKLM\..\Run: [Air] C:\WINDOWS\System32\Dld.exe
    O4 - HKLM\..\Run: [Nkm] C:\WINDOWS\Nvt.exe
    O4 - HKLM\..\Run: [Jkd] C:\WINDOWS\Esn.exe
    O4 - HKLM\..\Run: [Gip] C:\WINDOWS\Avc.exe
    O4 - HKLM\..\Run: [Kvp] C:\WINDOWS\System32\Ngd.exe
    O4 - HKLM\..\Run: [Vrc] C:\WINDOWS\Iin.exe
    O4 - HKLM\..\Run: [Ahn] C:\WINDOWS\Plo.exe
    O4 - HKLM\..\Run: [Ucf] C:\WINDOWS\System32\Clr.exe
    O4 - HKLM\..\Run: [Iig] C:\WINDOWS\Pku.exe
    O4 - HKLM\..\Run: [Vai] C:\WINDOWS\Efa.exe
    O4 - HKLM\..\Run: [Pbi] C:\WINDOWS\Hkr.exe
    O4 - HKLM\..\Run: [Elv] C:\WINDOWS\Nom.exe
    O4 - HKLM\..\Run: [Huu] C:\WINDOWS\System32\Lai.exe
    O4 - HKLM\..\Run: [Oid] C:\WINDOWS\System32\Jbe.exe
    O4 - HKLM\..\Run: [Qlf] C:\WINDOWS\System32\Kla.exe
    O4 - HKLM\..\Run: [Etu] C:\WINDOWS\System32\Hlr.exe
    O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
    O4 - HKLM\..\Run: [Sov] C:\WINDOWS\Hlu.exe
    O4 - HKLM\..\Run: [Oln] C:\WINDOWS\System32\Ufq.exe
    O4 - HKLM\..\Run: [Dbm] C:\WINDOWS\Idb.exe
    O4 - HKLM\..\Run: [Kjc] C:\WINDOWS\System32\Vjq.exe
    O4 - HKLM\..\Run: [Iqf] C:\WINDOWS\System32\Efg.exe
    O4 - HKLM\..\Run: [Ivl] C:\WINDOWS\System32\Kmg.exe
    O4 - HKCU\..\Run: [Kjn] C:\WINDOWS\System32\Vkk.exe
    O4 - HKCU\..\Run: [Uuse] C:\Documents and Settings\Princess\Application Data\mbsi.exe
    O4 - HKCU\..\Run: [Hop] C:\WINDOWS\Kdp.exe
    O4 - HKCU\..\Run: [Snq] C:\WINDOWS\System32\Cnv.exe
    O4 - HKCU\..\Run: [Sne] C:\WINDOWS\System32\Hmf.exe
    O4 - HKCU\..\Run: [Jmr] C:\WINDOWS\Rac.exe
    O4 - HKCU\..\Run: [Dbt] C:\WINDOWS\System32\Caf.exe
    O4 - HKCU\..\Run: [Seb] C:\WINDOWS\System32\Utp.exe
    O4 - HKCU\..\Run: [Esh] C:\WINDOWS\System32\Sab.exe
    O4 - HKCU\..\Run: [Vhn] C:\WINDOWS\Gbi.exe
    O4 - HKCU\..\Run: [Fue] C:\WINDOWS\System32\Anj.exe
    O4 - HKCU\..\Run: [Aqi] C:\WINDOWS\Cqc.exe
    O4 - HKCU\..\Run: [Hih] C:\WINDOWS\Ugn.exe
    O4 - HKCU\..\Run: [Tad] C:\WINDOWS\Moo.exe
    O4 - HKCU\..\Run: [Jok] C:\WINDOWS\Qjk.exe
    O4 - HKCU\..\Run: [Hnc] C:\WINDOWS\System32\Uoi.exe
    O4 - HKCU\..\Run: [Sso] C:\WINDOWS\Voo.exe
    O4 - HKCU\..\Run: [Air] C:\WINDOWS\System32\Dld.exe
    O4 - HKCU\..\Run: [Nkm] C:\WINDOWS\Nvt.exe
    O4 - HKCU\..\Run: [Jkd] C:\WINDOWS\Esn.exe
    O4 - HKCU\..\Run: [Gip] C:\WINDOWS\Avc.exe
    O4 - HKCU\..\Run: [Kvp] C:\WINDOWS\System32\Ngd.exe
    O4 - HKCU\..\Run: [Vrc] C:\WINDOWS\Iin.exe
    O4 - HKCU\..\Run: [Ahn] C:\WINDOWS\Plo.exe
    O4 - HKCU\..\Run: [Ucf] C:\WINDOWS\System32\Clr.exe
    O4 - HKCU\..\Run: [Iig] C:\WINDOWS\Pku.exe
    O4 - HKCU\..\Run: [Vai] C:\WINDOWS\Efa.exe
    O4 - HKCU\..\Run: [Pbi] C:\WINDOWS\Hkr.exe
    O4 - HKCU\..\Run: [Elv] C:\WINDOWS\Nom.exe
    O4 - HKCU\..\Run: [Huu] C:\WINDOWS\System32\Lai.exe
    O4 - HKCU\..\Run: [Oid] C:\WINDOWS\System32\Jbe.exe
    O4 - HKCU\..\Run: [Qlf] C:\WINDOWS\System32\Kla.exe
    O4 - HKCU\..\Run: [Etu] C:\WINDOWS\System32\Hlr.exe
    O4 - HKCU\..\Run: [Sov] C:\WINDOWS\Hlu.exe
    O4 - HKCU\..\Run: [Oln] C:\WINDOWS\System32\Ufq.exe
    O4 - HKCU\..\Run: [Dbm] C:\WINDOWS\Idb.exe
    O4 - HKCU\..\Run: [Kjc] C:\WINDOWS\System32\Vjq.exe
    O4 - HKCU\..\Run: [Iqf] C:\WINDOWS\System32\Efg.exe
    O4 - HKCU\..\Run: [Ivl] C:\WINDOWS\System32\Kmg.exe
    O4 - Startup: winupdate56565616[1].exe
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.horse-active.net
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.horse-active.net (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted IP range: 64.62.171.156
    O15 - Trusted IP range: 64.62.171.156 (HKLM)
    O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
  • Run CleanUp! and let it clean your computer of temp files. Decline when it asks you to log off.
  • Restart your computer into normal mode and run at least one of the following free, online virus scans:
    http://housecall.tre.../start_corp.asp
    http://www.pandasoft...n_principal.htm
    http://www3.ca.com/t...sinfo/scan.aspx
  • Restart your computer one last time and post a new HijackThis log, as well as the HSFix log which is located at C:/hslog.txt
Good luck! :tazz:

B
  • 0

#4
jhun
Posted 27 March 2005 - 04:48 AM

jhun

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hey, i followed ur instructions and hey, no more popups ! an com got abit faster. i did a scan on my computer using panda but yet it detected 14 virus, now i have AVG 7.0, but yet when i scan with that it tell mi that it doesnt have any virus at all. so what so i do now ? please advice

anyway here are the logs

Logfile of HijackThis v1.99.1
Scan saved at 11:08:44 AM, on 3/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Princess\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kjn] C:\WINDOWS\System32\Vkk.exe
O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
O4 - HKLM\..\Run: [Hop] C:\WINDOWS\Kdp.exe
O4 - HKLM\..\Run: [Snq] C:\WINDOWS\System32\Cnv.exe
O4 - HKLM\..\Run: [Sne] C:\WINDOWS\System32\Hmf.exe
O4 - HKLM\..\Run: [Jmr] C:\WINDOWS\Rac.exe
O4 - HKLM\..\Run: [Dbt] C:\WINDOWS\System32\Caf.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Utp.exe
O4 - HKLM\..\Run: [Esh] C:\WINDOWS\System32\Sab.exe
O4 - HKLM\..\Run: [Vhn] C:\WINDOWS\Gbi.exe
O4 - HKLM\..\Run: [Fue] C:\WINDOWS\System32\Anj.exe
O4 - HKLM\..\Run: [Aqi] C:\WINDOWS\Cqc.exe
O4 - HKLM\..\Run: [ezax] C:\WINDOWS\ezax.exe
O4 - HKLM\..\Run: [Hih] C:\WINDOWS\Ugn.exe
O4 - HKLM\..\Run: [Tad] C:\WINDOWS\Moo.exe
O4 - HKLM\..\Run: [Jok] C:\WINDOWS\Qjk.exe
O4 - HKLM\..\Run: [Hnc] C:\WINDOWS\System32\Uoi.exe
O4 - HKLM\..\Run: [Sso] C:\WINDOWS\Voo.exe
O4 - HKLM\..\Run: [Air] C:\WINDOWS\System32\Dld.exe
O4 - HKLM\..\Run: [Nkm] C:\WINDOWS\Nvt.exe
O4 - HKLM\..\Run: [Jkd] C:\WINDOWS\Esn.exe
O4 - HKLM\..\Run: [Gip] C:\WINDOWS\Avc.exe
O4 - HKLM\..\Run: [Kvp] C:\WINDOWS\System32\Ngd.exe
O4 - HKLM\..\Run: [Vrc] C:\WINDOWS\Iin.exe
O4 - HKLM\..\Run: [Ahn] C:\WINDOWS\Plo.exe
O4 - HKLM\..\Run: [Ucf] C:\WINDOWS\System32\Clr.exe
O4 - HKLM\..\Run: [Iig] C:\WINDOWS\Pku.exe
O4 - HKLM\..\Run: [Vai] C:\WINDOWS\Efa.exe
O4 - HKLM\..\Run: [Pbi] C:\WINDOWS\Hkr.exe
O4 - HKLM\..\Run: [Elv] C:\WINDOWS\Nom.exe
O4 - HKLM\..\Run: [Huu] C:\WINDOWS\System32\Lai.exe
O4 - HKLM\..\Run: [Oid] C:\WINDOWS\System32\Jbe.exe
O4 - HKLM\..\Run: [Qlf] C:\WINDOWS\System32\Kla.exe
O4 - HKLM\..\Run: [Etu] C:\WINDOWS\System32\Hlr.exe
O4 - HKLM\..\Run: [Sov] C:\WINDOWS\Hlu.exe
O4 - HKLM\..\Run: [Oln] C:\WINDOWS\System32\Ufq.exe
O4 - HKLM\..\Run: [Dbm] C:\WINDOWS\Idb.exe
O4 - HKLM\..\Run: [Kjc] C:\WINDOWS\System32\Vjq.exe
O4 - HKLM\..\Run: [Iqf] C:\WINDOWS\System32\Efg.exe
O4 - HKLM\..\Run: [Ivl] C:\WINDOWS\System32\Kmg.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [Set] C:\WINDOWS\System32\Hku.exe
O4 - HKLM\..\Run: [Fvu] C:\WINDOWS\Lbm.exe
O4 - HKLM\..\Run: [Cej] C:\WINDOWS\Ofd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Suu] C:\WINDOWS\System32\Njr.exe
O4 - HKLM\..\Run: [Khq] C:\WINDOWS\Gnb.exe
O4 - HKLM\..\Run: [swcroot] c:\windows\system32\swcroot.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Kjn] C:\WINDOWS\System32\Vkk.exe
O4 - HKCU\..\Run: [Uuse] C:\Documents and Settings\Princess\Application Data\mbsi.exe
O4 - HKCU\..\Run: [Hop] C:\WINDOWS\Kdp.exe
O4 - HKCU\..\Run: [Snq] C:\WINDOWS\System32\Cnv.exe
O4 - HKCU\..\Run: [Sne] C:\WINDOWS\System32\Hmf.exe
O4 - HKCU\..\Run: [Jmr] C:\WINDOWS\Rac.exe
O4 - HKCU\..\Run: [Dbt] C:\WINDOWS\System32\Caf.exe
O4 - HKCU\..\Run: [Seb] C:\WINDOWS\System32\Utp.exe
O4 - HKCU\..\Run: [Esh] C:\WINDOWS\System32\Sab.exe
O4 - HKCU\..\Run: [Vhn] C:\WINDOWS\Gbi.exe
O4 - HKCU\..\Run: [Fue] C:\WINDOWS\System32\Anj.exe
O4 - HKCU\..\Run: [Aqi] C:\WINDOWS\Cqc.exe
O4 - HKCU\..\Run: [Hih] C:\WINDOWS\Ugn.exe
O4 - HKCU\..\Run: [Tad] C:\WINDOWS\Moo.exe
O4 - HKCU\..\Run: [Jok] C:\WINDOWS\Qjk.exe
O4 - HKCU\..\Run: [Hnc] C:\WINDOWS\System32\Uoi.exe
O4 - HKCU\..\Run: [Sso] C:\WINDOWS\Voo.exe
O4 - HKCU\..\Run: [Air] C:\WINDOWS\System32\Dld.exe
O4 - HKCU\..\Run: [Nkm] C:\WINDOWS\Nvt.exe
O4 - HKCU\..\Run: [Jkd] C:\WINDOWS\Esn.exe
O4 - HKCU\..\Run: [Gip] C:\WINDOWS\Avc.exe
O4 - HKCU\..\Run: [Kvp] C:\WINDOWS\System32\Ngd.exe
O4 - HKCU\..\Run: [Vrc] C:\WINDOWS\Iin.exe
O4 - HKCU\..\Run: [Ahn] C:\WINDOWS\Plo.exe
O4 - HKCU\..\Run: [Ucf] C:\WINDOWS\System32\Clr.exe
O4 - HKCU\..\Run: [Iig] C:\WINDOWS\Pku.exe
O4 - HKCU\..\Run: [Vai] C:\WINDOWS\Efa.exe
O4 - HKCU\..\Run: [Pbi] C:\WINDOWS\Hkr.exe
O4 - HKCU\..\Run: [Elv] C:\WINDOWS\Nom.exe
O4 - HKCU\..\Run: [Huu] C:\WINDOWS\System32\Lai.exe
O4 - HKCU\..\Run: [Oid] C:\WINDOWS\System32\Jbe.exe
O4 - HKCU\..\Run: [Qlf] C:\WINDOWS\System32\Kla.exe
O4 - HKCU\..\Run: [Etu] C:\WINDOWS\System32\Hlr.exe
O4 - HKCU\..\Run: [Sov] C:\WINDOWS\Hlu.exe
O4 - HKCU\..\Run: [Oln] C:\WINDOWS\System32\Ufq.exe
O4 - HKCU\..\Run: [Dbm] C:\WINDOWS\Idb.exe
O4 - HKCU\..\Run: [Kjc] C:\WINDOWS\System32\Vjq.exe
O4 - HKCU\..\Run: [Iqf] C:\WINDOWS\System32\Efg.exe
O4 - HKCU\..\Run: [Ivl] C:\WINDOWS\System32\Kmg.exe
O4 - HKCU\..\Run: [Set] C:\WINDOWS\System32\Hku.exe
O4 - HKCU\..\Run: [Fvu] C:\WINDOWS\Lbm.exe
O4 - HKCU\..\Run: [Cej] C:\WINDOWS\Ofd.exe
O4 - HKCU\..\Run: [Suu] C:\WINDOWS\System32\Njr.exe
O4 - HKCU\..\Run: [Khq] C:\WINDOWS\Gnb.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {25D2FBAB-CB3C-4A54-A1FF-E1349B8B76AD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25D2FBAB-CB3C-4A54-A1FF-E1349B8B76AD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3BD4B218-42AA-4287-80A1-11893B952242} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3BD4B218-42AA-4287-80A1-11893B952242} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4DC85A81-E61C-4CF8-985C-F5B6C2A85ACB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4DC85A81-E61C-4CF8-985C-F5B6C2A85ACB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AB8B398D-380C-484C-9515-3505273F0A25} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AB8B398D-380C-484C-9515-3505273F0A25} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C4A95373-DA87-4578-BEAB-1A7314EA957C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C4A95373-DA87-4578-BEAB-1A7314EA957C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C854F0E8-FD35-4CDD-8490-7DC6A0897FA2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C854F0E8-FD35-4CDD-8490-7DC6A0897FA2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DAE7700C-A425-41F0-A031-A9327203FD88} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DAE7700C-A425-41F0-A031-A9327203FD88} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E34A3D2F-52CE-46C3-98F8-FFA74E9942BC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E34A3D2F-52CE-46C3-98F8-FFA74E9942BC} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c283.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtange...ave/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildt...uncherSetup.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ise/install.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v5.cab
O16 - DPF: {E20352D0-48EF-49E6-A042-981AA9958EE2} (Launcher Control) - http://hyperrelay.ed...TWOLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0

#5
jhun
Posted 27 March 2005 - 04:50 AM

jhun

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
and here the hslog file


Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
drct16.dll
mszx23.exe
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-
  • 0

#6
jhun
Posted 27 March 2005 - 04:59 AM

jhun

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
sorrie, the hijack log on top is an old one, here the correct one to it

Logfile of HijackThis v1.99.1
Scan saved at 6:59:37 PM, on 3/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\LTSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\gah95on6.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\Princess\Application Data\mbsi.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Princess\Desktop\Virus Cleaning Kit\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Set] C:\WINDOWS\System32\Hku.exe
O4 - HKLM\..\Run: [Fvu] C:\WINDOWS\Lbm.exe
O4 - HKLM\..\Run: [Cej] C:\WINDOWS\Ofd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Suu] C:\WINDOWS\System32\Njr.exe
O4 - HKLM\..\Run: [Khq] C:\WINDOWS\Gnb.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Kjn] C:\WINDOWS\System32\Vkk.exe
O4 - HKCU\..\Run: [Uuse] C:\Documents and Settings\Princess\Application Data\mbsi.exe
O4 - HKCU\..\Run: [Set] C:\WINDOWS\System32\Hku.exe
O4 - HKCU\..\Run: [Fvu] C:\WINDOWS\Lbm.exe
O4 - HKCU\..\Run: [Cej] C:\WINDOWS\Ofd.exe
O4 - HKCU\..\Run: [Suu] C:\WINDOWS\System32\Njr.exe
O4 - HKCU\..\Run: [Khq] C:\WINDOWS\Gnb.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {25D2FBAB-CB3C-4A54-A1FF-E1349B8B76AD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25D2FBAB-CB3C-4A54-A1FF-E1349B8B76AD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3BD4B218-42AA-4287-80A1-11893B952242} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3BD4B218-42AA-4287-80A1-11893B952242} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4DC85A81-E61C-4CF8-985C-F5B6C2A85ACB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4DC85A81-E61C-4CF8-985C-F5B6C2A85ACB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AB8B398D-380C-484C-9515-3505273F0A25} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AB8B398D-380C-484C-9515-3505273F0A25} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C4A95373-DA87-4578-BEAB-1A7314EA957C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C4A95373-DA87-4578-BEAB-1A7314EA957C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C854F0E8-FD35-4CDD-8490-7DC6A0897FA2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C854F0E8-FD35-4CDD-8490-7DC6A0897FA2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DAE7700C-A425-41F0-A031-A9327203FD88} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DAE7700C-A425-41F0-A031-A9327203FD88} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E34A3D2F-52CE-46C3-98F8-FFA74E9942BC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E34A3D2F-52CE-46C3-98F8-FFA74E9942BC} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c283.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtange...ave/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildt...uncherSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ise/install.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v5.cab
O16 - DPF: {E20352D0-48EF-49E6-A042-981AA9958EE2} (Launcher Control) - http://hyperrelay.ed...TWOLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP