Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Found!


  • This topic is locked This topic is locked

#1
Peter Lee KS

Peter Lee KS

    New Member

  • Member
  • Pip
  • 4 posts
I'm using a pendrive..When I plug in my pendrive .. Folder such as Peter .. will become Peter.exe .. Trojan.Agent found by Malwarebytes' Anti-Malware ..
  • 0

Advertisements


#2
Peter Lee KS

Peter Lee KS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:22 AM, on 23-Aug-2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\smsc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pnxwpf.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...69&l=dis&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.114la.com/?wgho
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.poony.info/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.114la.com/index.htm
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [473A7E] C:\WINDOWS\system32\286A36\473A7E.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 473A7E.lnk = C:\WINDOWS\system32\286A36\473A7E.EXE
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{C552331E-AEA1-4312-99D9-5E955B376854}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D3BCB0-5456-4A6D-80CE-46EFF6069757}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Print Spooler Monitor (PrtSmanm) - Unknown owner - C:\WINDOWS\system32\smsc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
  • 0

#3
Peter Lee KS

Peter Lee KS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 24-Aug-2011 8:00:22 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Peter
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

503.48 Mb Total Physical Memory | 106.18 Mb Available Physical Memory | 21.09% Memory free
1.20 Gb Paging File | 0.70 Gb Available in Paging File | 58.60% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 21.12 Gb Free Space | 72.07% Space Free | Partition Type: NTFS
Drive D: | 581.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 45.23 Gb Total Space | 33.43 Gb Free Space | 73.92% Space Free | Partition Type: NTFS

Computer Name: WWW-735BEC1172A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-08-24 07:59:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Peter\OTL.exe
PRC - [2011-08-24 07:56:05 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\winvwim.exe
PRC - [2011-08-23 08:42:56 | 000,050,703 | R--- | M] () -- C:\WINDOWS\system32\smsc.exe
PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-05-18 11:19:41 | 001,477,426 | RHS- | M] () -- C:\WINDOWS\system32\286A36\473A7E.EXE
PRC - [2011-03-21 17:32:02 | 001,829,960 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
PRC - [2010-06-01 10:17:50 | 000,148,792 | ---- | M] (Yahoo! Inc.) -- C:\Messenger\Ymsgr_tray.exe
PRC - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007-06-13 18:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011-08-24 07:56:05 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\winvwim.exe
MOD - [2011-08-24 07:52:34 | 000,323,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne
MOD - [2011-08-24 07:52:34 | 000,217,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\HtmlView.fne
MOD - [2011-08-24 07:52:34 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\dp1.fne
MOD - [2011-08-24 07:52:34 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne
MOD - [2011-08-24 07:52:32 | 001,101,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr
MOD - [2011-08-23 08:42:56 | 000,050,703 | R--- | M] () -- C:\WINDOWS\system32\smsc.exe
MOD - [2011-05-18 11:19:41 | 001,477,426 | RHS- | M] () -- C:\WINDOWS\system32\286A36\473A7E.EXE
MOD - [2011-03-21 17:32:08 | 000,498,760 | ---- | M] () -- C:\Program Files\ManyCam\Bin\cximagecrt.dll
MOD - [2011-03-21 17:32:06 | 000,123,976 | ---- | M] () -- C:\Program Files\ManyCam\Bin\CrashRpt.dll
MOD - [2010-06-01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Messenger\yui.dll
MOD - [2007-09-21 10:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004-08-04 20:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004-08-04 20:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (srservice)
SRV - File not found [Disabled | Stopped] -- -- (mnmsrvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (helpsvc)
SRV - [2011-08-23 08:42:56 | 000,050,703 | R--- | M] () [Auto | Running] -- C:\WINDOWS\System32\smsc.exe -- (PrtSmanm)
SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (asc3360pr)
DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007-11-30 07:00:00 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006-08-09 13:19:24 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004-08-04 20:00:00 | 000,004,992 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\presafe.sys -- (presafe)
DRV - [2004-08-04 07:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.114la.com/?wgho
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.poony.info/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...69&l=dis&gct=hp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-07 21:21:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-05-07 21:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011-05-07 21:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011-04-15 00:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-01-01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004-08-04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [473A7E] C:\WINDOWS\system32\286A36\473A7E.EXE ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\473A7E.lnk = C:\WINDOWS\system32\286A36\473A7E.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetopenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-11 01:57:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004-08-04 20:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2f932be4-78aa-11e0-a0cf-001438bb86c6}\Shell\AuTOPLay\cOmmaNd - "" = E:\sykwc.exe
O33 - MountPoints2\{2f932be4-78aa-11e0-a0cf-001438bb86c6}\Shell\AutoRun\command - "" = E:\sykwc.exe
O33 - MountPoints2\{2f932be4-78aa-11e0-a0cf-001438bb86c6}\Shell\ExPlOrE\COmMANd - "" = E:\sykwc.exe
O33 - MountPoints2\{2f932be4-78aa-11e0-a0cf-001438bb86c6}\Shell\open\ComMand - "" = E:\sykwc.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-08-23 11:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-08-23 11:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011-08-23 11:18:25 | 000,000,000 | -H-D | C] -- C:\Peter
[2011-08-23 08:48:09 | 003,032,440 | ---- | C] (Tencent) -- C:\WINDOWS\System32\QQPinyin.ime
[2011-08-23 08:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\Tencent
[2011-08-23 08:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tencent
[2011-08-23 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2011-08-23 08:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Tencent
[2011-08-22 14:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011-08-22 14:55:58 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-08-22 14:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-08-22 14:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-08-22 14:55:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-08-22 14:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011-08-24 07:52:44 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\473A7E.lnk
[2011-08-24 07:52:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-08-23 11:32:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2011-08-23 08:42:56 | 000,050,703 | R--- | M] () -- C:\WINDOWS\System32\smsc.exe
[2011-08-23 08:25:05 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\asr_kvdnwj
[2011-08-23 08:11:47 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-08-23 08:11:15 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-08-23 08:11:15 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-08-22 14:55:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-08-22 12:03:07 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011-08-22 11:47:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc607e3be4ed4a.job
[2011-08-22 11:35:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011-08-23 11:32:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2011-08-23 08:42:58 | 000,050,703 | R--- | C] () -- C:\WINDOWS\System32\smsc.exe
[2011-08-23 08:25:05 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\asr_kvdnwj
[2011-08-23 08:09:17 | 000,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-08-22 14:55:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-08-22 11:47:37 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc607e3be4ed4a.job
[2011-05-09 13:55:36 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-05-07 21:28:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008-04-11 00:25:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008-03-31 05:28:06 | 000,000,639 | ---- | C] () -- C:\WINDOWS\System32\OemInfo.ini
[2008-03-31 03:22:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-01-11 02:00:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-01-11 01:54:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-01-10 17:49:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-01-10 17:48:39 | 000,155,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004-08-04 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-04 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 20:00:00 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 20:00:00 | 000,158,658 | RHS- | C] () -- C:\WINDOWS\System32\skxglb.dll
[2004-08-04 20:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-04 20:00:00 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 20:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\c34a.dat
[2004-08-04 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 20:00:00 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\presafe.sys
[2004-08-04 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-04 20:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004-08-04 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-01-07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011-05-13 12:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ManyCam
[2011-05-12 16:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mipony
[2011-05-19 11:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2011-08-23 08:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tencent
[2011-08-23 08:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011-08-23 08:48:13 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\Start Menu\Programs\????) -- C:\Documents and Settings\Administrator\Start Menu\Programs\腾讯软件

< End of report >
  • 0

#4
Peter Lee KS

Peter Lee KS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL Extras logfile created on: 24-Aug-2011 8:00:23 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Peter
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

503.48 Mb Total Physical Memory | 106.18 Mb Available Physical Memory | 21.09% Memory free
1.20 Gb Paging File | 0.70 Gb Available in Paging File | 58.60% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 21.12 Gb Free Space | 72.07% Space Free | Partition Type: NTFS
Drive D: | 581.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 45.23 Gb Total Space | 33.43 Gb Free Space | 73.92% Space Free | Partition Type: NTFS

Computer Name: WWW-735BEC1172A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8864:TCP" = 8864:TCP:*:Enabled:smovtaom

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYConfig.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYConfig.exe:*:Enabled:QQ????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYLiveup.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYLiveup.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYLevel.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYLevel.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYDict.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYDict.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeRegDict.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeRegDict.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeRegSkin.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeRegSkin.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeDownload.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeDownload.exe:*:Enabled:QQ??????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYMBlog.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYMBlog.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYHandInput.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYHandInput.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYCloud.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYCloud.exe:*:Enabled:QQ???????? -- (Tencent)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Messenger\YahooMessenger.exe" = C:\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"F:\BACKUP\System.exe" = F:\BACKUP\System.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsbbm.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsbbm.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\w1d6ce5.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\w1d6ce5.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvvepr.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvvepr.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hfvmrq.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hfvmrq.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmgvqkw.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmgvqkw.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sntto.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sntto.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aavr.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aavr.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uibwoa.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uibwoa.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yyaqnh.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yyaqnh.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\286A36\473A7E.EXE" = C:\WINDOWS\system32\286A36\473A7E.EXE:*:Enabled:ipsec -- ()
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnrry.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnrry.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aafn.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aafn.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winemlf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winemlf.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfwdh.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfwdh.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dxyy.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dxyy.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qwwr.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qwwr.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pcampv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pcampv.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hkpd.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hkpd.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyoxrw.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyoxrw.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winobruh.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winobruh.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winibxv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winibxv.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbtudt.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbtudt.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuctjed.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuctjed.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvlpw.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvlpw.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winojacf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winojacf.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ncxgw.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ncxgw.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxnom.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxnom.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winegcbr.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winegcbr.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxbtl.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxbtl.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bhmnt.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bhmnt.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ipcogk.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ipcogk.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlljv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlljv.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyekwkg.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyekwkg.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winajjy.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winajjy.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winahuv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winahuv.exe:*:Enabled:ipsec
"C:\Messenger\ymsgr_tray.exe" = C:\Messenger\ymsgr_tray.exe:*:Enabled:ipsec -- (Yahoo! Inc.)
"C:\Program Files\ManyCam\Bin\ManyCam.exe" = C:\Program Files\ManyCam\Bin\ManyCam.exe:*:Enabled:ipsec -- (ManyCam LLC)
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bgvxxo.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bgvxxo.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingjmue.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingjmue.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintdol.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintdol.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winarwoe.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winarwoe.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winphtxi.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winphtxi.exe:*:Enabled:ipsec
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnpxd.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnpxd.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqdvy.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqdvy.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winamtr.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winamtr.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuhve.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuhve.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ysqav.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ysqav.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winygisqm.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winygisqm.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincqvxmr.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincqvxmr.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ncau.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ncau.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingoee.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingoee.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjyho.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjyho.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyeapfp.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyeapfp.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winalel.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winalel.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpnfjm.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpnfjm.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vbgor.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vbgor.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dsowt.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dsowt.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windyis.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windyis.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wivsck.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wivsck.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bgnxrf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bgnxrf.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ybho.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ybho.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingfsxgl.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingfsxgl.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ervfxd.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ervfxd.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrijvh.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrijvh.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jfvi.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jfvi.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmqtbf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmqtbf.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winejqv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winejqv.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fruiwl.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fruiwl.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gboc.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gboc.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuwrq.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuwrq.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvaew.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvaew.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windkvod.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windkvod.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkiaoew.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkiaoew.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winojjxox.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winojjxox.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ggqfqf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ggqfqf.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qhdrh.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qhdrh.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ibwr.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ibwr.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxvcqlo.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxvcqlo.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qdelq.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qdelq.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kexkj.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kexkj.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyvllqq.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyvllqq.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winikqds.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winikqds.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqqmg.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqqmg.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbldw.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbldw.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mdcrv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mdcrv.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sphvt.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sphvt.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winapua.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winapua.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winllhmh.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winllhmh.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlmsx.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlmsx.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\worv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\worv.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ukpvn.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ukpvn.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winogdifm.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winogdifm.exe:*:Enabled:ipsec
"C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe" = C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpjiv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpjiv.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjamdtb.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjamdtb.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\reve.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\reve.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\619E22\Z8Z0CF91.EXE" = C:\WINDOWS\system32\619E22\Z8Z0CF91.EXE:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winoknp.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winoknp.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tshave.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tshave.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrowlrf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrowlrf.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ajjje.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ajjje.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbghg.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbghg.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bijmp.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bijmp.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windvypy.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windvypy.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windlsm.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windlsm.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\taojg.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\taojg.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhnfl.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhnfl.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpvdcu.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpvdcu.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tkwbe.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tkwbe.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ihbdc.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ihbdc.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dsmck.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dsmck.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvpwgd.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvpwgd.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqrovlo.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqrovlo.exe:*:Enabled:ipsec
"C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe" = C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe:*:Enabled:ipsec -- (Google Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xtbnb.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xtbnb.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winynxe.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winynxe.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vspe.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vspe.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pleks.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pleks.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\smsc.exe" = C:\WINDOWS\system32\smsc.exe:*:Enabled:Microsoft Enabled -- ()
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYConfig.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYConfig.exe:*:Enabled:QQ????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYLiveup.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYLiveup.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYLevel.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYLevel.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYDict.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYDict.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeRegDict.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeRegDict.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeRegSkin.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeRegSkin.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeDownload.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQImeDownload.exe:*:Enabled:QQ??????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYMBlog.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYMBlog.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYHandInput.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYHandInput.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYCloud.exe" = C:\Program Files\Tencent\QQPinyin\4.3.1084.400\QQPYCloud.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pnxwpf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pnxwpf.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqkdlq.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqkdlq.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlokh.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlokh.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dwqsjt.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dwqsjt.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrsjjta.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrsjjta.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kbdnq.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kbdnq.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmqdbqf.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmqdbqf.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winekgkv.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winekgkv.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vnrnq.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vnrnq.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winftdnw.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winftdnw.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbkbua.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbkbua.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winivylaa.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winivylaa.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lvwta.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lvwta.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ddsfj.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ddsfj.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqkjqp.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqkjqp.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwgrt.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwgrt.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winiqoxph.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winiqoxph.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmbpthr.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmbpthr.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pvwqpu.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pvwqpu.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaapa.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaapa.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfpjxm.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfpjxm.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlijq.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlijq.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvwim.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvwim.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winofovs.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winofovs.exe:*:Enabled:ipsec
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\niila.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\niila.exe:*:Enabled:ipsec


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"ManyCam" = ManyCam 2.6.43 (remove only)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MiPony" = MiPony 1.2.3
"mIRC" = mIRC
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"QQ拼音输入法" = QQ拼音输入法4.3
"TeamViewer 6" = TeamViewer 6
"VBRunDLL" = VBRunDLL 3.4
"VLC media player" = VLC media player 1.1.9
"Windows Ghost" = Windows Ghost
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Yazak Chat" = Yazak Chat 8.90.18

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12-May-2011 1:21:22 AM | Computer Name = WWW-735BEC1172A | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 19-May-2011 1:11:34 AM | Computer Name = WWW-735BEC1172A | Source = MsiInstaller | ID = 11720
Description = Product: Skype Toolbars -- Error 1720. There is a problem with this
Windows Installer package. A script required for this install to complete could
not be run. Contact your support personnel or package vendor. Custom action GetChromeRootPath.05B3CEE0_7172_4F7F_8DE8_E2DBADD223A0
script error -2146827859, Microsoft VBScript runtime error: ActiveX component can't
create object: 'Scripting.FileSystemObject' Line 14, Column 7,

Error - 19-May-2011 2:09:37 AM | Computer Name = WWW-735BEC1172A | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 17-Jun-2011 1:20:06 AM | Computer Name = WWW-735BEC1172A | Source = Google Update | ID = 20
Description =

Error - 17-Jun-2011 1:26:03 AM | Computer Name = WWW-735BEC1172A | Source = Google Update | ID = 20
Description =

Error - 17-Jun-2011 2:26:04 AM | Computer Name = WWW-735BEC1172A | Source = Google Update | ID = 20
Description =

Error - 12-Jul-2011 3:24:31 AM | Computer Name = WWW-735BEC1172A | Source = Google Update | ID = 20
Description =

Error - 12-Jul-2011 3:37:37 AM | Computer Name = WWW-735BEC1172A | Source = Google Update | ID = 20
Description =

Error - 21-Aug-2011 11:38:24 PM | Computer Name = WWW-735BEC1172A | Source = Google Update | ID = 20
Description =

Error - 21-Aug-2011 11:47:38 PM | Computer Name = WWW-735BEC1172A | Source = MsiInstaller | ID = 11704
Description = Product: Google Update Helper -- Error 1704. An installation for Microsoft
Office Professional Edition 2003 is currently suspended. You must undo the changes
made by that installation to continue. Do you want to undo those changes?

[ System Events ]
Error - 23-Aug-2011 3:33:00 AM | Computer Name = WWW-735BEC1172A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23-Aug-2011 3:33:32 AM | Computer Name = WWW-735BEC1172A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23-Aug-2011 3:34:17 AM | Computer Name = WWW-735BEC1172A | Source = Service Control Manager | ID = 7023
Description = The Windows Config service terminated with the following error: %%1114

Error - 23-Aug-2011 3:34:17 AM | Computer Name = WWW-735BEC1172A | Source = Service Control Manager | ID = 7023
Description = The Image System service terminated with the following error: %%1114

Error - 23-Aug-2011 3:37:03 AM | Computer Name = WWW-735BEC1172A | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{C552331E-AEA1-4312-99D9-5E955B376854}. The
backup browser is stopping.

Error - 23-Aug-2011 7:52:37 PM | Computer Name = WWW-735BEC1172A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23-Aug-2011 7:52:52 PM | Computer Name = WWW-735BEC1172A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23-Aug-2011 7:53:25 PM | Computer Name = WWW-735BEC1172A | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23-Aug-2011 7:54:08 PM | Computer Name = WWW-735BEC1172A | Source = Service Control Manager | ID = 7023
Description = The Windows Config service terminated with the following error: %%1114

Error - 23-Aug-2011 7:54:08 PM | Computer Name = WWW-735BEC1172A | Source = Service Control Manager | ID = 7023
Description = The Image System service terminated with the following error: %%1114


< End of report >
  • 0

#5
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2011-08-24 07:56:05 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\winvwim.exe
    MOD - [2011-08-24 07:52:34 | 000,323,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne
    MOD - [2011-08-24 07:52:34 | 000,217,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\HtmlView.fne
    MOD - [2011-08-24 07:52:34 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\dp1.fne
    MOD - [2011-08-24 07:52:34 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne
    MOD - [2011-08-24 07:52:32 | 001,101,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr
    MOD - [2011-08-23 08:42:56 | 000,050,703 | R--- | M] () -- C:\WINDOWS\system32\smsc.exe
    MOD - [2011-05-18 11:19:41 | 001,477,426 | RHS- | M] () -- C:\WINDOWS\system32\286A36\473A7E.EXE
    SRV - [2011-08-23 08:42:56 | 000,050,703 | R--- | M] () [Auto | Running] -- C:\WINDOWS\System32\smsc.exe -- (PrtSmanm)
    DRV - File not found [Kernel | On_Demand | Running] -- -- (asc3360pr)
    DRV - [2004-08-04 20:00:00 | 000,004,992 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\presafe.sys -- (presafe)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.poony.info/
    O4 - HKLM..\Run: [473A7E] C:\WINDOWS\system32\286A36\473A7E.EXE ()
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\473A7E.lnk = C:\WINDOWS\system32\286A36\473A7E.EXE ()
    O33 - MountPoints2\{2f932be4-78aa-11e0-a0cf-001438bb86c6}\Shell\AuTOPLay\cOmmaNd - "" = E:\sykwc.exe
    O33 - MountPoints2\{2f932be4-78aa-11e0-a0cf-001438bb86c6}\Shell\AutoRun\command - "" = E:\sykwc.exe
    O33 - MountPoints2\{2f932be4-78aa-11e0-a0cf-001438bb86c6}\Shell\ExPlOrE\COmMANd - "" = E:\sykwc.exe
    O33 - MountPoints2\{2f932be4-78aa-11e0-a0cf-001438bb86c6}\Shell\open\ComMand - "" = E:\sykwc.exe
    [2011-08-24 07:52:44 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\473A7E.lnk
    [2011-08-23 08:42:56 | 000,050,703 | R--- | M] () -- C:\WINDOWS\System32\smsc.exe
    [2011-08-23 08:25:05 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\asr_kvdnwj
    
    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "8864:TCP"=-
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    
    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Administrator\Local Settings\Temp\*.exe
    C:\WINDOWS\system32\619E22
    C:\WINDOWS\system32\286A36
    E:\sykwc.exe
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP