Adware, malware, spyware, hijacker discussion and information

[Gain Knowledge]  [Install Prevention]  [Maintain Security]  [Spyware Removal Help]


It is currently Sun May 26, 2013 1:20 am

Board index » HiJackThis! Log Assessment-Spyware Help » Countermeasures: HijackThis! Spyware Help

All times are UTC - 7 hours


Forum rules


ATTN:!! Only users pre-approved by TeMerc may offer help and assistance in malware removal. Any and all unauthorized posts will be removed without notice. Please read this thread for proper HijackThis! installation.



Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 12 posts ] 
  Print view Previous topic | Next topic 
Author Message
KiryuMkX
 Post subject: I have multiple symptoms but not sure of the cause
PostPosted: Tue Dec 07, 2010 2:11 am 
Offline

Joined: Mon Dec 06, 2010 3:03 am
Posts: 6
A few weeks ago I noticed that I'm not getting the we pages I'm supposed to go to when I search on google. I thought it was some virus so I used Malwarebytes to scan my computer but that just made it worse. After the scan, I couldn't use any of my browsers even though I'm connected to the internet and Firefox says something about my proxy. Later I got Malwarebytes keep popping up telling me to quarantine scvhost.exe and shell.exe. I fixed the browser by doing a system restore but I'm afraid to use Malwarebytes again because I won't be able to get help if I can't use a browser. Now the scvhost and shell problem is gone and Malwarebytes wants me to quarantine something else and I think it disabled my system restore. I'm afraid to log onto any accounts on my computer because I'm afraid of being keylogged. Please tell me if you need anything else besides my HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:49 PM, on 11/21/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\susie\AppData\Roaming\Microsoft\svchost.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Users\susie\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Steam\Steam.exe
C:\Users\susie\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Users\susie\AppData\Local\Temp\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\susie\AppData\Local\Temp\dwm.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 211.43.152.155 patch.cosmicbreak.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ½ðɽ¿ìÒë(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [aslcomm] C:\Windows\system32\wallmsp.exe
O4 - HKCU\..\Run: [qscmdll] C:\Windows\system32\ssmcdsw.exe
O4 - HKCU\..\Run: [wiue32] C:\Windows\system32\oissdmmp.exe
O4 - HKCU\..\Run: [itjdnssm] C:\Windows\system32\qppsmcw.exe
O4 - HKCU\..\Run: [kvmspls] C:\Windows\system32\bchdikms.exe
O4 - HKCU\..\Run: [prodcmmp] C:\Windows\system32\ikddmch.exe
O4 - HKCU\..\Run: [udccndw2] C:\Windows\system32\psiomcp.exe
O4 - HKCU\..\Run: [jncontmon] C:\Windows\system32\ssjitsys32.exe
O4 - HKCU\..\Run: [ncstatsc] C:\Windows\system32\lsnccq.exe
O4 - HKCU\..\Run: [qisdrmss] C:\Windows\system32\qodesnaq.exe
O4 - HKCU\..\Run: [iejdsmm] C:\Windows\system32\yhsgmmw.exe
O4 - HKCU\..\Run: [pqezlr32] C:\Windows\system32\eyclcm.exe
O4 - HKCU\..\Run: [fqavqqv] C:\Windows\system32\a6qkqkqa.exe
O4 - HKCU\..\Run: [afavv8] C:\Windows\system32\kak4aav5a.exe
O4 - HKCU\..\Run: [kkffa] C:\Windows\system32\kaa1k0ff.exe
O4 - HKCU\..\Run: [fvvpff] C:\Windows\system32\1pf9aav.exe
O4 - HKCU\..\Run: [vpffa] C:\Windows\system32\kf9aavp9k.exe
O4 - HKCU\..\Run: [ffaavpp] C:\Windows\system32\faavkkfvkaa.exe
O4 - HKCU\..\Run: [pkaav1p] C:\Windows\system32\5aavkkf.exe
O4 - HKCU\..\Run: [vkkfvvp] C:\Windows\system32\k1vvppka.exe
O4 - HKCU\..\Run: [appka] C:\Windows\system32\k0faav1p.exe
O4 - HKCU\..\Run: [ppkffaa] C:\Windows\system32\2ffappk.exe
O4 - HKCU\..\Run: [yyiddi7] C:\Windows\system32\iidt1i1tnd.exe
O4 - HKCU\..\Run: [ppkkfvv] C:\Windows\system32\vkkfvkaa1k.exe
O4 - HKCU\..\Run: [vkkfvka] C:\Windows\system32\2vv1ffa.exe
O4 - HKCU\..\Run: [ffavkaa] C:\Windows\system32\pkkfvkaa1k.exe
O4 - HKCU\..\Run: [fvvqq] C:\Windows\system32\5q1faqq.exe
O4 - HKCU\..\Run: [alaqffa] C:\Windows\system32\q7lfaa7vq.exe
O4 - HKCU\..\Run: [lffaavq] C:\Windows\system32\aavlaqq1a.exe
O4 - HKCU\..\Run: [fappkaa] C:\Windows\system32\kk1vvppkaav.exe
O4 - HKCU\..\Run: [iyyti0] C:\Windows\system32\n6idyy7tn.exe
O4 - HKCU\..\Run: [vkkffap] C:\Windows\system32\vvpf5a1pka.exe
O4 - HKCU\..\Run: [kzzpu] C:\Windows\system32\7ffzz2p.exe
O4 - HKCU\..\Run: [zppzkfz] C:\Windows\system32\uup1pkff7.exe
O4 - HKCU\..\Run: [lffaqq] C:\Windows\system32\1aqql1f.exe
O4 - HKCU\..\Run: [faqql] C:\Windows\system32\vfv9qqlf9a.exe
O4 - HKCU\..\Run: [qqllfa] C:\Windows\system32\fvvqffaav.exe
O4 - HKCU\..\Run: [qqllf] C:\Windows\system32\0vvqf9a.exe
O4 - HKCU\..\Run: [avll1v] C:\Windows\system32\lfaa7vqllf5.exe
O4 - HKCU\..\Run: [vla0v] C:\Windows\system32\aqqlaavl.exe
O4 - HKCU\..\Run: [vvqqla] C:\Windows\system32\f2vvqffaavl.exe
O4 - HKCU\..\Run: [qqlf9a] C:\Windows\system32\a38avlaqq1a.exe
O4 - HKCU\..\Run: [vppkaa] C:\Windows\system32\avppk2avk.exe
O4 - HKCU\..\Run: [kkff6p] C:\Windows\system32\pfvvppkaav.exe
O4 - HKCU\..\Run: [kfvv1] C:\Windows\system32\fvvpf9aa.exe
O4 - HKCU\..\Run: [favkaa1] C:\Windows\system32\vkkfvv1ffaa.exe
O4 - HKCU\..\Run: [fvvpf9a] C:\Windows\system32\2ffappk.exe
O4 - HKCU\..\Run: [vvpf5] C:\Windows\system32\pf9aavp9k0f.exe
O4 - HKCU\..\Run: [aavkkff] C:\Windows\system32\fv5pffappkk.exe
O4 - HKCU\..\Run: [avvpffa] C:\Windows\system32\5pffapp.exe
O4 - HKCU\..\Run: [avkaa1] C:\Windows\system32\k7favvp5fa.exe
O4 - HKCU\..\Run: [tjjoyto] C:\Windows\system32\jdd2td82.exe
O4 - HKCU\..\Run: [aavvpff] C:\Windows\system32\v7pkf9aavp.exe
O4 - HKCU\..\Run: [kaavk0f] C:\Windows\system32\v3vvpf9aavp.exe
O4 - HKCU\..\Run: [tjjey] C:\Windows\system32\jettjyyeoyj.exe
O4 - HKCU\..\Run: [alvlgaa] C:\Windows\system32\0aagaqa.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [snccxxs] C:\Windows\system32\sic1iccicsc.exe
O4 - HKCU\..\Run: [xnns2n] C:\Windows\system32\1i2snsn.exe
O4 - HKCU\..\Run: [nncssxn] C:\Windows\system32\ni6ci6xxss2.exe
O4 - HKCU\..\Run: [ffappk2] C:\Windows\system32\vkkfvv1ffaa.exe
O4 - HKCU\..\Run: [avkkffa] C:\Windows\system32\faavkkfv.exe
O4 - HKCU\..\Run: [kfvvp] C:\Windows\system32\5p6kfaa.exe
O4 - HKCU\..\Run: [fappk] C:\Windows\system32\pkk7favv.exe
O4 - HKCU\..\Run: [llff6q] C:\Windows\system32\5lfv5q1.exe
O4 - HKCU\..\Run: [avvqql] C:\Windows\system32\lf5vqqlff6.exe
O4 - HKCU\..\Run: [pkkfv] C:\Windows\system32\avkkfvkaa1.exe
O4 - HKCU\..\Run: [kkfvvpf] C:\Windows\system32\kk7favvp5fa.exe
O4 - HKCU\..\Run: [kkffa1] C:\Windows\system32\v1pkkfvkaa.exe
O4 - HKCU\..\Run: [fvvppk] C:\Windows\system32\avv1ffaa.exe
O4 - HKCU\..\Run: [wrhhbb] C:\Windows\system32\hwwrhhbr9.exe
O4 - HKCU\..\Run: [hwmm1] C:\Windows\system32\bb6wrmm7hb.exe
O4 - HKCU\..\Run: [faav1] C:\Windows\system32\a6vvpf5a1.exe
O4 - HKCU\..\Run: [vvqf5a] C:\Windows\system32\vpf5a1pka.exe
O4 - HKCU\..\Run: [jjeezo] C:\Windows\system32\7ztoo7j.exe
O4 - HKCU\..\Run: [llggbr] C:\Windows\system32\lb5w1lgww1g.exe
O4 - HKCU\..\Run: [ggaqql1] C:\Windows\system32\1a0vvqf.exe
O4 - HKCU\..\Run: [laqgga] C:\Windows\system32\7vql98g.exe
O4 - HKCU\..\Run: [qqllgaa] C:\Windows\system32\f6qqlaavll.exe
O4 - HKCU\..\Run: [avllgvv] C:\Windows\system32\q70a0vqql1g.exe
O4 - HKCU\..\Run: [vqql1] C:\Windows\system32\9qqlf9a.exe
O4 - HKCU\..\Run: [aavvqff] C:\Windows\system32\9a0vqql.exe
O4 - HKCU\..\Run: [nhxxssn] C:\Windows\system32\css1c0xxsh9.exe
O4 - HKCU\..\Run: [xnccxx] C:\Windows\system32\sc8sn1hccxn.exe
O4 - HKCU\..\Run: [wwrrlbb] C:\Windows\system32\6rrlb5b.exe
O4 - HKCU\..\Run: [gwwr1l] C:\Windows\system32\b2wrggwwl7.exe
O4 - HKCU\..\Run: [gbbwwrl] C:\Windows\system32\rrl5bwggwwr.exe
O4 - HKCU\..\Run: [ssnni] C:\Windows\system32\1siid1x.exe
O4 - HKCU\..\Run: [aqffaa] C:\Windows\system32\qqkaavlaqq1.exe
O4 - HKCU\..\Run: [faqql1] C:\Windows\system32\qq1lfvvqf9.exe
O4 - HKCU\..\Run: [kaau0p] C:\Windows\system32\a0u0pkkf1.exe
O4 - HKCU\..\Run: [iddxnni] C:\Windows\system32\6i7dxss.exe
O4 - HKCU\..\Run: [kfv5p] C:\Windows\system32\vvpf9aav.exe
O4 - HKCU\..\Run: [cssnnh] C:\Windows\system32\ccxc3hxhcxx.exe
O4 - HKCU\..\Run: [pkaavk0] C:\Windows\system32\21k0ffa.exe
O4 - HKCU\..\Run: [faavvpk] C:\Windows\system32\9aavp9k.exe
O4 - HKCU\..\Run: [pffaavp] C:\Windows\system32\kvkappkkf.exe
O4 - HKCU\..\Run: [pffap9] C:\Windows\system32\31pkaa1.exe
O4 - HKCU\..\Run: [vqgga0] C:\Windows\system32\6gga2ql.exe
O4 - HKCU\..\Run: [gbq0l] C:\Windows\system32\l9ggbv9q.exe
O4 - HKCU\..\Run: [kff6p] C:\Windows\system32\2av5pff.exe
O4 - HKCU\..\Run: [appk0f] C:\Windows\system32\vfvkaa1k0.exe
O4 - HKCU\..\Run: [pkkfvv1] C:\Windows\system32\pffap9k0faa.exe
O4 - HKCU\..\Run: [avvp5] C:\Windows\system32\faavkkfv.exe
O4 - HKCU\..\Run: [qqkkf] C:\Windows\system32\ppkkfvvpf9.exe
O4 - HKCU\..\Run: [nniyyt1] C:\Windows\system32\tnd9yytn.exe
O4 - HKCU\..\Run: [ppkaavk] C:\Windows\system32\6aavkkf.exe
O4 - HKCU\..\Run: [kvkaqq] C:\Windows\system32\pkf9aavp9k0.exe
O4 - HKCU\..\Run: [vfvka] C:\Windows\system32\vkaa1k0f.exe
O4 - HKCU\..\Run: [vppka] C:\Windows\system32\kfvvpf9aav.exe
O4 - HKCU\..\Run: [ppk2a] C:\Windows\system32\vppk2avkk1v.exe
O4 - HKCU\..\Run: [pkkfvka] C:\Windows\system32\pkk7favv.exe
O4 - HKCU\..\Run: [vpkkf] C:\Windows\system32\pkkfvv1f.exe
O4 - HKCU\..\Run: [appkk] C:\Windows\system32\vp9k0faav.exe
O4 - HKCU\..\Run: [pkkfv5] C:\Windows\system32\4f2avkk.exe
O4 - HKCU\..\Run: [vpkk7] C:\Windows\system32\vpp6kfaa.exe
O4 - HKCU\..\Run: [iidyy7] C:\Windows\system32\5yytiid.exe
O4 - HKCU\..\Run: [ttotoii] C:\Windows\system32\iiddynniid.exe
O4 - HKCU\..\Run: [ntnddy] C:\Windows\system32\dnt92d5i.exe
O4 - HKCU\..\Run: [faavvp] C:\Windows\system32\fv5pffappkk.exe
O4 - HKCU\..\Run: [vvpkk] C:\Windows\system32\p5faavpp6k.exe
O4 - HKCU\..\Run: [kaa1k] C:\Windows\system32\avvp5faav.exe
O4 - HKCU\..\Run: [faavkk1] C:\Windows\system32\kffappkkf.exe
O4 - HKCU\..\Run: [pkffapp] C:\Windows\system32\v1pkkfvk.exe
O4 - HKCU\..\Run: [aavpp6k] C:\Windows\system32\v1pkaa1k0.exe
O4 - HKCU\..\Run: [vvppk] C:\Windows\system32\1ffaavk.exe
O4 - HKCU\..\Run: [llfvvq] C:\Windows\system32\f6qqk2avl.exe
O4 - HKCU\..\Run: [kkfv5q] C:\Windows\system32\favkaa1kkff.exe
O4 - HKCU\..\Run: [qqkkfa] C:\Windows\system32\k0faav1qkk.exe
O4 - HKCU\..\Run: [aavpp6] C:\Windows\system32\v1pkaa1k0.exe
O4 - HKCU\..\Run: [kffa0] C:\Windows\system32\p2ffappkkfv.exe
O4 - HKCU\..\Run: [nddty] C:\Windows\system32\y3tntdynni.exe
O4 - HKCU\..\Run: [pkkfaa] C:\Windows\system32\v3vvpf9aavp.exe
O4 - HKCU\..\Run: [kfvvqf9] C:\Windows\system32\k0faav1qkk.exe
O4 - HKCU\..\Run: [avvq1] C:\Windows\system32\aa7vqkkf.exe
O4 - HKCU\..\Run: [faav1q] C:\Windows\system32\5v6f5a2.exe
O4 - HKCU\..\Run: [vpffaav] C:\Windows\system32\5faavpp.exe
O4 - HKCU\..\Run: [kffap9k] C:\Windows\system32\38kfvka.exe
O4 - HKCU\..\Run: [vpkkfvk] C:\Windows\system32\aavpp6kf.exe
O4 - HKCU\..\Run: [vvp5f] C:\Windows\system32\favvp5faavp.exe
O4 - HKCU\..\Run: [aaavvqk] C:\Windows\system32\qkk1vvqq.exe
O4 - HKCU\..\Run: [qqkfvv] C:\Windows\system32\vkaqqkkfvv.exe
O4 - HKCU\..\Run: [bbwwrgg] C:\Windows\system32\rrl5bwwrll6.exe
O4 - HKCU\..\Run: [fvkaa1k] C:\Windows\system32\6kfaa7v.exe
O4 - HKCU\..\Run: [kkffap] C:\Windows\system32\k8av1pkkfvk.exe
O4 - HKCU\..\Run: [pffa1] C:\Windows\system32\appkkfvv.exe
O4 - HKCU\..\Run: [kkffav] C:\Windows\system32\ap9k0faav1p.exe
O4 - HKCU\..\Run: [aavp9] C:\Windows\system32\5a1pkaa.exe
O4 - HKCU\..\Run: [avkkfv] C:\Windows\system32\vkkfvkaa1k.exe
O4 - HKCU\..\Run: [didttn] C:\Windows\system32\tnndd2yt5y.exe
O4 - HKCU\..\Run: [nntdy] C:\Windows\system32\y9y1yttiiyn.exe
O4 - HKCU\..\Run: [kfvvpf] C:\Windows\system32\ppk2avkk1.exe
O4 - HKCU\..\Run: [vvpffa] C:\Windows\system32\vppkaav1pkk.exe
O4 - HKCU\..\Run: [pkkfaav] C:\Windows\system32\p6kfaa7vp.exe
O4 - HKCU\..\Run: [akaav1p] C:\Windows\system32\vvp5faav.exe
O4 - HKCU\..\Run: [kkfaa7v] C:\Windows\system32\5vpf5a1.exe
O4 - HKCU\..\Run: [ffapp] C:\Windows\system32\kfv5pffa.exe
O4 - HKCU\..\Run: [yyydy1] C:\Windows\system32\syssiy6d.exe
O4 - HKCU\..\Run: [lgg7b] C:\Windows\system32\5lggbww.exe
O4 - HKCU\..\Run: [wqllgw] C:\Windows\system32\wqq1bbww.exe
O4 - HKCU\..\Run: [gwwq0] C:\Windows\system32\gwwqggb1.exe
O4 - HKCU\..\Run: [qqlbbw] C:\Windows\system32\gwwqggb1.exe
O4 - HKCU\..\Run: [ffaav] C:\Windows\system32\kappkkfvvp.exe
O4 - HKCU\..\Run: [ffaavq0] C:\Windows\system32\v1qkkfv98q.exe
O4 - HKCU\..\Run: [vkkfvvq] C:\Windows\system32\ffaq0k0faa.exe
O4 - HKCU\..\Run: [gvvq0] C:\Windows\system32\bvvqggb1.exe
O4 - HKCU\..\Run: [vvqql] C:\Windows\system32\bvvqggb1vqq.exe
O4 - HKCU\..\Run: [bvllgvv] C:\Windows\system32\lgbbv5lggbv.exe
O4 - HKCU\..\Run: [vllffaq] C:\Windows\system32\0llfv9q.exe
O4 - HKCU\..\Run: [ffaqq] C:\Windows\system32\l7fav9qqlf.exe
O4 - HKCU\..\Run: [avvpf9a] C:\Windows\system32\5pffapp.exe
O4 - HKCU\..\Run: [kaav1p] C:\Windows\system32\2kf5a1p.exe
O4 - HKCU\..\Run: [avkk1v] C:\Windows\system32\vkappkkfvv.exe
O4 - HKCU\..\Run: [vppk0] C:\Windows\system32\aavpp6kfaa7.exe
O4 - HKCU\..\Run: [ppkaa] C:\Windows\system32\p6kfaa7vp.exe
O4 - HKCU\..\Run: [ppkkfaa] C:\Windows\system32\ppkaav1pk.exe
O4 - HKCU\..\Run: [yoojy] C:\Windows\system32\toddyytj.exe
O4 - HKCU\..\Run: [dttoojd] C:\Windows\system32\oojd9y0to.exe
O4 - HKCU\..\Run: [jddyyto] C:\Windows\system32\jyytjj1ttoo.exe
O4 - HKCU\..\Run: [pffaa] C:\Windows\system32\p6aavkkfvv.exe
O4 - HKCU\..\Run: [kkfvk] C:\Windows\system32\vppkaav1.exe
O4 - HKCU\..\Run: [upkkfu] C:\Windows\system32\ffz5pkkf.exe
O4 - HKCU\..\Run: [ppkkf] C:\Windows\system32\pkkfz9u0pk.exe
O4 - HKCU\..\Run: [kkfvv] C:\Windows\system32\7pkf9aa.exe
O4 - HKCU\..\Run: [vppkaa1] C:\Windows\system32\fav5pffa.exe
O4 - HKCU\..\Run: [aavvpkk] C:\Windows\system32\aavkkfvka.exe
O4 - HKCU\..\Run: [llgaa] C:\Windows\system32\l1gaavl98.exe
O4 - HKCU\..\Run: [kaav1] C:\Windows\system32\kaav1qkkfv.exe
O4 - HKCU\..\Run: [vqf5a] C:\Windows\system32\4v2qkaa.exe
O4 - HKCU\..\Run: [aavvqkk] C:\Windows\system32\0vq0k0f.exe
O4 - HKCU\..\Run: [ffa1p] C:\Windows\system32\kf5a1pkaa1k.exe
O4 - HKCU\..\Run: [vvpkk7] C:\Windows\system32\pkkfvv1f.exe
O4 - HKCU\..\Run: [aavppk0] C:\Windows\system32\pkk7favv.exe
O4 - HKCU\..\Run: [rrlbbw1] C:\Windows\system32\lb9wwrl9g0b.exe
O4 - HKCU\..\Run: [kffa1p] C:\Windows\system32\431pkaa.exe
O4 - HKCU\..\Run: [vvpp6] C:\Windows\system32\6a7vpkk.exe
O4 - HKCU\..\Run: [aavvq1f] C:\Windows\system32\avvqf9a0vq.exe
O4 - HKCU\..\Run: [pvvpkk7] C:\Windows\system32\fappkkfv.exe
O4 - HKCU\..\Run: [bgqbbv] C:\Windows\system32\qqvqg6vbvbl.exe
O4 - HKCU\..\Run: [lvqll7v] C:\Windows\system32\qllqa5la1v.exe
O4 - HKCU\..\Run: [kkfaa] C:\Windows\system32\6a7vpkk.exe
O4 - HKCU\..\Run: [ytiid] C:\Windows\system32\tiidtiyy1i.exe
O4 - HKCU\..\Run: [kfaa7] C:\Windows\system32\av1pkkfv.exe
O4 - HKCU\..\Run: [pkaavkk] C:\Windows\system32\faavkkfv.exe
O4 - HKCU\..\Run: [yyiddit] C:\Windows\system32\tn1tyidtidy.exe
O4 - HKCU\..\Run: [kffav] C:\Windows\system32\f2vv1ffaavk.exe
O4 - HKCU\..\Run: [appkaa] C:\Windows\system32\fvkaa1k0ff.exe
O4 - HKCU\..\Run: [ddiydyt] C:\Windows\system32\ntd3yynni1.exe
O4 - HKCU\..\Run: [vvqkkf] C:\Windows\system32\aavkkfv98qk.exe
O4 - HKCU\..\Run: [fqf9a] C:\Windows\system32\q1qkkfv9.exe
O4 - HKCU\..\Run: [kkeezuu] C:\Windows\system32\21eezzu.exe
O4 - HKCU\..\Run: [xssnc] C:\Windows\system32\xnc0xxsh9.exe
O4 - HKCU\..\Run: [vkkff] C:\Windows\system32\k0ffap9k0.exe
O4 - HKCU\..\Run: [faavkkf] C:\Windows\system32\v1pkkfvkaa.exe
O4 - HKCU\..\Run: [ppffap9] C:\Windows\system32\vk0ffap9k0.exe
O4 - HKCU\..\Run: [pffap9k] C:\Windows\system32\ffap9k0f.exe
O4 - HKCU\..\Run: [fappk2a] C:\Windows\system32\4f2avkk.exe
O4 - HKCU\..\Run: [favvp5f] C:\Windows\system32\21k0ffa.exe
O4 - HKCU\..\Run: [ccxmmh] C:\Windows\system32\cxx6h5c2.exe
O4 - HKCU\..\Run: [faavk] C:\Windows\system32\p6aavkkfvv.exe
O4 - HKCU\..\Run: [hrhhcc] C:\Windows\system32\mcc1m0hhcr9.exe
O4 - HKCU\..\Run: [kfaavk] C:\Windows\system32\avvp5faav.exe
O4 - HKCU\..\Run: [kffap] C:\Windows\system32\kappkkfvvp.exe
O4 - HKCU\..\Run: [fpf9a] C:\Windows\system32\fvvpf9aavp9.exe
O4 - HKCU\..\Run: [vkaavk0] C:\Windows\system32\p6kfaa7vp.exe
O4 - HKCU\..\Run: [vppk0f] C:\Windows\system32\p2av5pff.exe
O4 - HKCU\..\Run: [ppkf9a] C:\Windows\system32\fv5pffappkk.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [favv1] C:\Windows\system32\fvv1p2ffa.exe
O4 - HKCU\..\Run: [pffaavk] C:\Windows\system32\2kf5a1p.exe
O4 - HKCU\..\Run: [ppkaav1] C:\Windows\system32\0aav1pk.exe
O4 - HKCU\..\Run: [ojjdy] C:\Windows\system32\o6idyy7to.exe
O4 - HKCU\..\Run: [ggb5v] C:\Windows\system32\gbbvl9ggbv.exe
O4 - HKCU\..\Run: [ysiid1] C:\Windows\system32\6iids4n.exe
O4 - HKCU\..\Run: [xnnsnn] C:\Windows\system32\ssnns7sni0.exe
O4 - HKCU\..\Run: [aavvp] C:\Windows\system32\pffappkkf.exe
O4 - HKCU\..\Run: [avkkf] C:\Windows\system32\ffaavpp6kv.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [kkfvvqq] C:\Windows\system32\pkk7favv.exe
O4 - HKCU\..\Run: [hhcrrm0] C:\Windows\system32\5mmhx5r.exe
O4 - HKCU\..\Run: [hcxmcc1] C:\Windows\system32\hxmcc1m0h.exe
O4 - HKCU\..\Run: [pfvvppk] C:\Windows\system32\ppkkfvv1ffa.exe
O4 - HKCU\..\Run: [kkff6q] C:\Windows\system32\9k0faav.exe
O4 - HKCU\..\Run: [pkkfvvp] C:\Windows\system32\0vvpf9a.exe
O4 - HKCU\..\Run: [avllf] C:\Windows\system32\faavll1vvq.exe
O4 - HKCU\..\Run: [pappk0f] C:\Windows\system32\kffap9k0faa.exe
O4 - HKCU\..\Run: [appk2] C:\Windows\system32\kk7favvp5fa.exe
O4 - HKCU\..\Run: [vkkfv] C:\Windows\system32\1kkfvvp.exe
O4 - HKCU\..\Run: [dttiy] C:\Windows\system32\3idyydt.exe
O4 - HKCU\..\Run: [lmggbww] C:\Windows\system32\ggbrrlb9wwr.exe
O4 - HKCU\..\Run: [dttod9] C:\Windows\system32\t9oojd9y0to.exe
O4 - HKCU\..\Run: [qffaavq] C:\Windows\system32\p6aavk4fvv.exe
O4 - HKCU\..\Run: [qkffaqq] C:\Windows\system32\av5q1faqqkk.exe
O4 - HKCU\..\Run: [didtd] C:\Windows\system32\ttiy0odood.exe
O4 - HKCU\..\Run: [avvpk] C:\Windows\system32\f9aavp9k0fa.exe
O4 - HKCU\..\Run: [tdnniy] C:\Windows\system32\id1tint7d.exe
O4 - HKCU\..\Run: [dydnyyd] C:\Windows\system32\483tntn.exe
O4 - HKCU\..\Run: [pffaav] C:\Windows\system32\ppffap9k0.exe
O4 - HKCU\..\Run: [ttytjjd] C:\Windows\system32\ojddjyd6t1.exe
O4 - HKCU\..\Run: [kkfaav] C:\Windows\system32\5pffapp.exe
O4 - HKCU\..\Run: [vqqk0] C:\Windows\system32\kfvvqf9a.exe
O4 - HKCU\..\Run: [fav5q] C:\Windows\system32\qkaa1kkffaq.exe
O4 - HKCU\..\Run: [avvqf5] C:\Windows\system32\1qkkfv9.exe
O4 - HKCU\..\Run: [kffaq0] C:\Windows\system32\vvqkkffa7.exe
O4 - HKCU\..\Run: [qkkfv] C:\Windows\system32\f5a2qkaa1.exe
O4 - HKCU\..\Run: [zppkz] C:\Windows\system32\kk7fzuu7pkf.exe
O4 - HKCU\..\Run: [ufuupup] C:\Windows\system32\kfuupff1.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\susie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [fvvqqkf] C:\Windows\system32\k0faav1q.exe
O4 - HKCU\..\Run: [kkffaq0] C:\Windows\system32\vv6f5a2qka.exe
O4 - HKCU\..\Run: [vvqffa0] C:\Windows\system32\a1kkffaq0.exe
O4 - HKCU\..\Run: [kvkkfv] C:\Windows\system32\kff6ppk2.exe
O4 - HKCU\..\Run: [fvkaa] C:\Windows\system32\fav5pffa.exe
O4 - HKCU\..\Run: [avvpf] C:\Windows\system32\vpf9aavp.exe
O4 - HKCU\..\Run: [vvpf5a] C:\Windows\system32\avkkfvka.exe
O4 - HKCU\..\Run: [aavvpk] C:\Windows\system32\fpf9aavp9k.exe
O4 - HKCU\..\Run: [favvq1f] C:\Windows\system32\k0faav1qkk.exe
O4 - HKCU\..\Run: [avkkff] C:\Windows\system32\pf9aavp9k.exe
O4 - HKCU\..\Run: [vkapp] C:\Windows\system32\1ap9k0f.exe
O4 - HKCU\..\Run: [kfaav] C:\Windows\system32\vvp5faav.exe
O4 - HKCU\..\Run: [vvkkp] C:\Windows\system32\ppfkfk76a.exe
O4 - HKCU\..\Run: [qkkfaav] C:\Windows\system32\0aav1qk.exe
O4 - HKCU\..\Run: [vfvvp] C:\Windows\system32\1pf9aav.exe
O4 - HKCU\..\Run: [fvkkffa] C:\Windows\system32\kaavkkfv.exe
O4 - HKCU\..\Run: [vqqkaa1] C:\Windows\system32\a1pkaa1kkf.exe
O4 - HKCU\..\Run: [avvqff] C:\Windows\system32\fvkaa1kkffa.exe
O4 - HKCU\..\Run: [nddyyt] C:\Windows\system32\dtytn5dyytn.exe
O4 - HKCU\..\Run: [fpfukk] C:\Windows\system32\pp6zzu2kfu.exe
O4 - HKCU\..\Run: [upff1p] C:\Windows\system32\u0pkkf1z.exe
O4 - HKCU\..\Run: [kffaa] C:\Windows\system32\vvp5faavpp6.exe
O4 - HKCU\..\Run: [vpf5a] C:\Windows\system32\av1pkkfvkaa.exe
O4 - HKCU\..\Run: [kkffap9] C:\Windows\system32\9kkfvka.exe
O4 - HKCU\..\Run: [vkkfvv1] C:\Windows\system32\kffap9k0faa.exe
O4 - HKCU\..\Run: [tnnyt5] C:\Windows\system32\dt6i6ny1.exe
O4 - HKCU\..\Run: [yniddi] C:\Windows\system32\dt6ty7nyy1d.exe
O4 - HKCU\..\Run: [dydyttn] C:\Windows\system32\tiyy1tndd.exe
O4 - HKCU\..\Run: [ffkv1] C:\Windows\system32\ffkv1kavpff.exe
O4 - HKCU\..\Run: [appkkfa] C:\Windows\system32\0vvpf9a.exe
O4 - HKCU\..\Run: [ffap9k] C:\Windows\system32\faavpp6kf.exe
O4 - HKCU\..\Run: [fap9k] C:\Windows\system32\pkkfvvpf9.exe
O4 - HKCU\..\Run: [wwrrm1] C:\Windows\system32\r5m1bwmm.exe
O4 - HKCU\..\Run: [aavkk1v] C:\Windows\system32\pf9aavp9k.exe
O4 - HKCU\..\Run: [yysii] C:\Windows\system32\snniyyssn.exe
O4 - HKCU\..\Run: [dssnni] C:\Windows\system32\s0nniy0s0.exe
O4 - HKCU\..\Run: [wwqqlg] C:\Windows\system32\llbbwl9g0.exe
O4 - HKCU\..\Run: [cxxs1h] C:\Windows\system32\xxs1hssx.exe
O4 - HKCU\..\Run: [ddydydn] C:\Windows\system32\dnytnnyi.exe
O4 - HKCU\..\Run: [qkkfaa] C:\Windows\system32\k0faav1qkk.exe
O4 - HKCU\..\Run: [fappkkf] C:\Windows\system32\fappkkfvvp.exe
O4 - HKCU\..\Run: [vpf9a] C:\Windows\system32\k8av1pkkfvk.exe
O4 - HKCU\..\Run: [avppkaa] C:\Windows\system32\pkkfvkaa1k.exe
O4 - HKCU\..\Run: [uuoee] C:\Windows\system32\oeujzz1uoo.exe
O4 - HKCU\..\Run: [uuoj9e] C:\Windows\system32\ujzz1uoo.exe
O4 - HKCU\..\Run: [faavp] C:\Windows\system32\kf5a1pkaa.exe
O4 - HKCU\..\Run: [iniyidy] C:\Windows\system32\td2ttyti6.exe
O4 - HKCU\..\Run: [kaavkk1] C:\Windows\system32\kaa1k0ffap9.exe
O4 - HKCU\..\Run: [tytnytn] C:\Windows\system32\i1ynyiy1nd.exe
O4 - HKCU\..\Run: [ddtitdd] C:\Windows\system32\ddttti6ddn.exe
O4 - HKCU\..\Run: [pkkfvv] C:\Windows\system32\v1pkaa1k0.exe
O4 - HKCU\..\Run: [ccmxrmc] C:\Windows\system32\rmmrhm3r.exe
O4 - HKCU\..\Run: [crrxx1r] C:\Windows\system32\h5cxrhhx.exe
O4 - HKCU\..\Run: [kkfvvq] C:\Windows\system32\avvqffaav.exe
O4 - HKCU\..\Run: [vqkkfv9] C:\Windows\system32\kkff6qqk2.exe
O4 - HKCU\..\Run: [kffa2q] C:\Windows\system32\av1pkkfvkaa.exe
O4 - HKCU\..\Run: [aavvqk] C:\Windows\system32\v1qkkfv98q.exe
O4 - HKCU\..\Run: [kkffaq] C:\Windows\system32\faqqkkfvvq.exe
O4 - HKCU\..\Run: [ddyytno] C:\Windows\system32\d9yytn9i0dy.exe
O4 - HKCU\..\Run: [vppkaav] C:\Windows\system32\a1k0ffap9.exe
O4 - HKCU\..\Run: [ytiidt] C:\Windows\system32\5iidt5n.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [newsecureapp70700.exe] C:\Users\susie\AppData\Roaming\BE8B3FC6258474AD6D04DC97C4A6889B\newsecureapp70700.exe
O4 - HKCU\..\Run: [svchost] C:\Users\susie\AppData\Roaming\Microsoft\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: 0oee2yt.exe
O4 - Startup: 6a7vpkk.exe
O4 - Startup: 79k0faa.exe
O4 - Startup: a1pkaa1k0f.exe
O4 - Startup: aavpp6kfaa7.exe
O4 - Startup: dysndny1y2.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: vpffap9k0f.exe
O4 - Startup: ÄË°TQQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ¥ÎQQ±m«Hµo°e¸Ó¹Ï¤ù - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: ²K¥[¨ìQQ¦Û©w¸q­±ªO - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ²K¥[¨ìQQªí±¡ - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SoftPerfect Bandwidth Manager (bwmservice) - Unknown owner - C:\Program Files\SoftPerfect Bandwidth Manager\bwmsvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 31557 bytes



IP:
top
Top
 Profile Send private message  
 
TeMerc
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Tue Dec 07, 2010 7:08 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15966
Location: PHX, AZ
Welcome to the forums. What a mess.

Lets run ComboFix from link below:
http://www.bleepingcomputer.com/combofi ... e-combofix

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

_________________
Image


IP:
top
Top
 Profile Send private message  
 
KiryuMkX
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Tue Dec 07, 2010 6:03 pm 
Offline

Joined: Mon Dec 06, 2010 3:03 am
Posts: 6
Not sure if you wanted me to copy & paste or to upload the .txt file so I did both.

.
((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-08 00:03 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F6BFF48-DB4F-4E24-8A97-E82825183199}\mpengine.dll
2010-11-21 21:52 . 2010-11-21 21:52 -------- d-----w- c:\program files\Trend Micro
2010-11-21 04:49 . 2010-11-21 04:49 -------- d-----w- c:\users\susie\AppData\Roaming\Locktime
2010-11-21 04:44 . 2010-11-21 04:44 -------- d-----w- c:\programdata\Locktime
2010-11-21 04:44 . 2010-11-21 04:44 -------- d-----w- c:\program files\NetLimiter 2 Pro
2010-11-20 06:03 . 2010-11-20 20:43 -------- d-----w- c:\program files\SoftPerfect Bandwidth Manager
2010-11-20 04:42 . 2010-11-20 04:52 -------- d-----w- C:\CCProxy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-10-02 16:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 03:27 . 2010-09-28 03:27 356352 ----a-w- c:\windows\eSellerateEngine.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-03 2937528]
"Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
"Google Update"="c:\users\susie\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-02 136176]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-13 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-28 118784]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-08 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\susie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
0oee2yt.exe [2010-7-9 43520]
6a7vpkk.exe [2010-7-10 43520]
79k0faa.exe [2010-7-13 43520]
a1pkaa1k0f.exe [2010-7-13 43520]
aavpp6kfaa7.exe [2010-7-16 43520]
dysndny1y2.exe [2010-7-12 43520]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
vpffap9k0f.exe [2010-7-10 43520]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-3-2 1441792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3432444]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-06-07 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-03-05 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-07-19 235616]
R3 XDva296;XDva296;c:\windows\system32\XDva296.sys [x]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2010-03-16 82872]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-04-09 959104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-16 31616]

.
Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028532644-920559856-4189036104-1001Core.job
- c:\users\susie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 01:16]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028532644-920559856-4189036104-1001UA.job
- c:\users\susie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 01:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:62848
IE: Add to QQ Customized Emoticons - c:\program files\Tencent\QQ\AddEmotion.htm
IE: Add to QQ Customized Panel - c:\program files\Tencent\QQ\AddPanel.htm
IE: Add to QQ Emotions - c:\program files\Tencent\QQ\AddEmotion.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send picture by MMS - c:\program files\Tencent\QQ\SendMMS.htm
IE: Send Picture with QQ MMS - c:\program files\Tencent\QQ\SendMMS.htm
IE: Upload to QQ Network Hard Disk - c:\program files\Tencent\QQ\AddToNetDisk.htm
IE: ¥ÎQQ±m«Hµo°e¸Ó¹Ï¤ù - c:\program files\Tencent\QQ\SendMMS.htm
IE: ²K¥[¨ìQQ¦Û©w¸q­±ªO - c:\program files\Tencent\QQ\AddPanel.htm
IE: ²K¥[¨ìQQªí±¡ - c:\program files\Tencent\QQ\AddEmotion.htm
IE: ???QQ?? - c:\program files\Tencent\QQ\AddEmotion.htm
FF - ProfilePath - c:\users\susie\AppData\Roaming\Mozilla\Firefox\Profiles\73etj48o.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62848
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGlbNMFFUpdater.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGlbNMNetmarbleDownload.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGlbNMStarter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGlbNMSystemInformer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGlbNMWebMessengerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\susie\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-aslcomm - c:\windows\system32\wallmsp.exe
HKCU-Run-qscmdll - c:\windows\system32\ssmcdsw.exe
HKCU-Run-wiue32 - c:\windows\system32\oissdmmp.exe
HKCU-Run-itjdnssm - c:\windows\system32\qppsmcw.exe
HKCU-Run-kvmspls - c:\windows\system32\bchdikms.exe
HKCU-Run-prodcmmp - c:\windows\system32\ikddmch.exe
HKCU-Run-udccndw2 - c:\windows\system32\psiomcp.exe
HKCU-Run-jncontmon - c:\windows\system32\ssjitsys32.exe
HKCU-Run-ncstatsc - c:\windows\system32\lsnccq.exe
HKCU-Run-qisdrmss - c:\windows\system32\qodesnaq.exe
HKCU-Run-iejdsmm - c:\windows\system32\yhsgmmw.exe
HKCU-Run-pqezlr32 - c:\windows\system32\eyclcm.exe
HKCU-Run-fqavqqv - c:\windows\system32\a6qkqkqa.exe
HKCU-Run-afavv8 - c:\windows\system32\kak4aav5a.exe
HKCU-Run-kkffa - c:\windows\system32\kaa1k0ff.exe
HKCU-Run-fvvpff - c:\windows\system32\1pf9aav.exe
HKCU-Run-vpffa - c:\windows\system32\kf9aavp9k.exe
HKCU-Run-ffaavpp - c:\windows\system32\faavkkfvkaa.exe
HKCU-Run-pkaav1p - c:\windows\system32\5aavkkf.exe
HKCU-Run-vkkfvvp - c:\windows\system32\k1vvppka.exe
HKCU-Run-appka - c:\windows\system32\k0faav1p.exe
HKCU-Run-ppkffaa - c:\windows\system32\2ffappk.exe
HKCU-Run-yyiddi7 - c:\windows\system32\iidt1i1tnd.exe
HKCU-Run-ppkkfvv - c:\windows\system32\vkkfvkaa1k.exe
HKCU-Run-vkkfvka - c:\windows\system32\2vv1ffa.exe
HKCU-Run-ffavkaa - c:\windows\system32\pkkfvkaa1k.exe
HKCU-Run-fvvqq - c:\windows\system32\5q1faqq.exe
HKCU-Run-alaqffa - c:\windows\system32\q7lfaa7vq.exe
HKCU-Run-lffaavq - c:\windows\system32\aavlaqq1a.exe
HKCU-Run-fappkaa - c:\windows\system32\kk1vvppkaav.exe
HKCU-Run-iyyti0 - c:\windows\system32\n6idyy7tn.exe
HKCU-Run-vkkffap - c:\windows\system32\vvpf5a1pka.exe
HKCU-Run-kzzpu - c:\windows\system32\7ffzz2p.exe
HKCU-Run-zppzkfz - c:\windows\system32\uup1pkff7.exe
HKCU-Run-lffaqq - c:\windows\system32\1aqql1f.exe
HKCU-Run-faqql - c:\windows\system32\vfv9qqlf9a.exe
HKCU-Run-qqllfa - c:\windows\system32\fvvqffaav.exe
HKCU-Run-qqllf - c:\windows\system32\0vvqf9a.exe
HKCU-Run-avll1v - c:\windows\system32\lfaa7vqllf5.exe
HKCU-Run-vla0v - c:\windows\system32\aqqlaavl.exe
HKCU-Run-vvqqla - c:\windows\system32\f2vvqffaavl.exe
HKCU-Run-qqlf9a - c:\windows\system32\a38avlaqq1a.exe
HKCU-Run-vppkaa - c:\windows\system32\avppk2avk.exe
HKCU-Run-kkff6p - c:\windows\system32\pfvvppkaav.exe
HKCU-Run-kfvv1 - c:\windows\system32\fvvpf9aa.exe
HKCU-Run-favkaa1 - c:\windows\system32\vkkfvv1ffaa.exe
HKCU-Run-fvvpf9a - c:\windows\system32\2ffappk.exe
HKCU-Run-vvpf5 - c:\windows\system32\pf9aavp9k0f.exe
HKCU-Run-aavkkff - c:\windows\system32\fv5pffappkk.exe
HKCU-Run-avvpffa - c:\windows\system32\5pffapp.exe
HKCU-Run-avkaa1 - c:\windows\system32\k7favvp5fa.exe
HKCU-Run-tjjoyto - c:\windows\system32\jdd2td82.exe
HKCU-Run-aavvpff - c:\windows\system32\v7pkf9aavp.exe
HKCU-Run-kaavk0f - c:\windows\system32\v3vvpf9aavp.exe
HKCU-Run-tjjey - c:\windows\system32\jettjyyeoyj.exe
HKCU-Run-alvlgaa - c:\windows\system32\0aagaqa.exe
HKCU-Run-snccxxs - c:\windows\system32\sic1iccicsc.exe
HKCU-Run-xnns2n - c:\windows\system32\1i2snsn.exe
HKCU-Run-nncssxn - c:\windows\system32\ni6ci6xxss2.exe
HKCU-Run-ffappk2 - c:\windows\system32\vkkfvv1ffaa.exe
HKCU-Run-avkkffa - c:\windows\system32\faavkkfv.exe
HKCU-Run-kfvvp - c:\windows\system32\5p6kfaa.exe
HKCU-Run-fappk - c:\windows\system32\pkk7favv.exe
HKCU-Run-llff6q - c:\windows\system32\5lfv5q1.exe
HKCU-Run-avvqql - c:\windows\system32\lf5vqqlff6.exe
HKCU-Run-pkkfv - c:\windows\system32\avkkfvkaa1.exe
HKCU-Run-kkfvvpf - c:\windows\system32\kk7favvp5fa.exe
HKCU-Run-kkffa1 - c:\windows\system32\v1pkkfvkaa.exe
HKCU-Run-fvvppk - c:\windows\system32\avv1ffaa.exe
HKCU-Run-wrhhbb - c:\windows\system32\hwwrhhbr9.exe
HKCU-Run-hwmm1 - c:\windows\system32\bb6wrmm7hb.exe
HKCU-Run-faav1 - c:\windows\system32\a6vvpf5a1.exe
HKCU-Run-vvqf5a - c:\windows\system32\vpf5a1pka.exe
HKCU-Run-jjeezo - c:\windows\system32\7ztoo7j.exe
HKCU-Run-llggbr - c:\windows\system32\lb5w1lgww1g.exe
HKCU-Run-ggaqql1 - c:\windows\system32\1a0vvqf.exe
HKCU-Run-laqgga - c:\windows\system32\7vql98g.exe
HKCU-Run-qqllgaa - c:\windows\system32\f6qqlaavll.exe
HKCU-Run-avllgvv - c:\windows\system32\q70a0vqql1g.exe
HKCU-Run-vqql1 - c:\windows\system32\9qqlf9a.exe
HKCU-Run-aavvqff - c:\windows\system32\9a0vqql.exe
HKCU-Run-nhxxssn - c:\windows\system32\css1c0xxsh9.exe
HKCU-Run-xnccxx - c:\windows\system32\sc8sn1hccxn.exe
HKCU-Run-wwrrlbb - c:\windows\system32\6rrlb5b.exe
HKCU-Run-gwwr1l - c:\windows\system32\b2wrggwwl7.exe
HKCU-Run-gbbwwrl - c:\windows\system32\rrl5bwggwwr.exe
HKCU-Run-ssnni - c:\windows\system32\1siid1x.exe
HKCU-Run-aqffaa - c:\windows\system32\qqkaavlaqq1.exe
HKCU-Run-faqql1 - c:\windows\system32\qq1lfvvqf9.exe
HKCU-Run-kaau0p - c:\windows\system32\a0u0pkkf1.exe
HKCU-Run-iddxnni - c:\windows\system32\6i7dxss.exe
HKCU-Run-kfv5p - c:\windows\system32\vvpf9aav.exe
HKCU-Run-cssnnh - c:\windows\system32\ccxc3hxhcxx.exe
HKCU-Run-pkaavk0 - c:\windows\system32\21k0ffa.exe
HKCU-Run-faavvpk - c:\windows\system32\9aavp9k.exe
HKCU-Run-pffaavp - c:\windows\system32\kvkappkkf.exe
HKCU-Run-pffap9 - c:\windows\system32\31pkaa1.exe
HKCU-Run-vqgga0 - c:\windows\system32\6gga2ql.exe
HKCU-Run-gbq0l - c:\windows\system32\l9ggbv9q.exe
HKCU-Run-kff6p - c:\windows\system32\2av5pff.exe
HKCU-Run-appk0f - c:\windows\system32\vfvkaa1k0.exe
HKCU-Run-pkkfvv1 - c:\windows\system32\pffap9k0faa.exe
HKCU-Run-avvp5 - c:\windows\system32\faavkkfv.exe
HKCU-Run-qqkkf - c:\windows\system32\ppkkfvvpf9.exe
HKCU-Run-nniyyt1 - c:\windows\system32\tnd9yytn.exe
HKCU-Run-ppkaavk - c:\windows\system32\6aavkkf.exe
HKCU-Run-kvkaqq - c:\windows\system32\pkf9aavp9k0.exe
HKCU-Run-vfvka - c:\windows\system32\vkaa1k0f.exe
HKCU-Run-vppka - c:\windows\system32\kfvvpf9aav.exe
HKCU-Run-ppk2a - c:\windows\system32\vppk2avkk1v.exe
HKCU-Run-pkkfvka - c:\windows\system32\pkk7favv.exe
HKCU-Run-vpkkf - c:\windows\system32\pkkfvv1f.exe
HKCU-Run-appkk - c:\windows\system32\vp9k0faav.exe
HKCU-Run-pkkfv5 - c:\windows\system32\4f2avkk.exe
HKCU-Run-vpkk7 - c:\windows\system32\vpp6kfaa.exe
HKCU-Run-iidyy7 - c:\windows\system32\5yytiid.exe
HKCU-Run-ttotoii - c:\windows\system32\iiddynniid.exe
HKCU-Run-ntnddy - c:\windows\system32\dnt92d5i.exe
HKCU-Run-faavvp - c:\windows\system32\fv5pffappkk.exe
HKCU-Run-vvpkk - c:\windows\system32\p5faavpp6k.exe
HKCU-Run-kaa1k - c:\windows\system32\avvp5faav.exe
HKCU-Run-faavkk1 - c:\windows\system32\kffappkkf.exe
HKCU-Run-pkffapp - c:\windows\system32\v1pkkfvk.exe
HKCU-Run-aavpp6k - c:\windows\system32\v1pkaa1k0.exe
HKCU-Run-vvppk - c:\windows\system32\1ffaavk.exe
HKCU-Run-llfvvq - c:\windows\system32\f6qqk2avl.exe
HKCU-Run-kkfv5q - c:\windows\system32\favkaa1kkff.exe
HKCU-Run-qqkkfa - c:\windows\system32\k0faav1qkk.exe
HKCU-Run-aavpp6 - c:\windows\system32\v1pkaa1k0.exe
HKCU-Run-kffa0 - c:\windows\system32\p2ffappkkfv.exe
HKCU-Run-nddty - c:\windows\system32\y3tntdynni.exe
HKCU-Run-pkkfaa - c:\windows\system32\v3vvpf9aavp.exe
HKCU-Run-kfvvqf9 - c:\windows\system32\k0faav1qkk.exe
HKCU-Run-avvq1 - c:\windows\system32\aa7vqkkf.exe
HKCU-Run-faav1q - c:\windows\system32\5v6f5a2.exe
HKCU-Run-vpffaav - c:\windows\system32\5faavpp.exe
HKCU-Run-kffap9k - c:\windows\system32\38kfvka.exe
HKCU-Run-vpkkfvk - c:\windows\system32\aavpp6kf.exe
HKCU-Run-vvp5f - c:\windows\system32\favvp5faavp.exe
HKCU-Run-aaavvqk - c:\windows\system32\qkk1vvqq.exe
HKCU-Run-qqkfvv - c:\windows\system32\vkaqqkkfvv.exe
HKCU-Run-bbwwrgg - c:\windows\system32\rrl5bwwrll6.exe
HKCU-Run-fvkaa1k - c:\windows\system32\6kfaa7v.exe
HKCU-Run-kkffap - c:\windows\system32\k8av1pkkfvk.exe
HKCU-Run-pffa1 - c:\windows\system32\appkkfvv.exe
HKCU-Run-kkffav - c:\windows\system32\ap9k0faav1p.exe
HKCU-Run-aavp9 - c:\windows\system32\5a1pkaa.exe
HKCU-Run-avkkfv - c:\windows\system32\vkkfvkaa1k.exe
HKCU-Run-didttn - c:\windows\system32\tnndd2yt5y.exe
HKCU-Run-nntdy - c:\windows\system32\y9y1yttiiyn.exe
HKCU-Run-kfvvpf - c:\windows\system32\ppk2avkk1.exe
HKCU-Run-vvpffa - c:\windows\system32\vppkaav1pkk.exe
HKCU-Run-pkkfaav - c:\windows\system32\p6kfaa7vp.exe
HKCU-Run-akaav1p - c:\windows\system32\vvp5faav.exe
HKCU-Run-kkfaa7v - c:\windows\system32\5vpf5a1.exe
HKCU-Run-ffapp - c:\windows\system32\kfv5pffa.exe
HKCU-Run-yyydy1 - c:\windows\system32\syssiy6d.exe
HKCU-Run-lgg7b - c:\windows\system32\5lggbww.exe
HKCU-Run-wqllgw - c:\windows\system32\wqq1bbww.exe
HKCU-Run-gwwq0 - c:\windows\system32\gwwqggb1.exe
HKCU-Run-qqlbbw - c:\windows\system32\gwwqggb1.exe
HKCU-Run-ffaav - c:\windows\system32\kappkkfvvp.exe
HKCU-Run-ffaavq0 - c:\windows\system32\v1qkkfv98q.exe
HKCU-Run-vkkfvvq - c:\windows\system32\ffaq0k0faa.exe
HKCU-Run-gvvq0 - c:\windows\system32\bvvqggb1.exe
HKCU-Run-vvqql - c:\windows\system32\bvvqggb1vqq.exe
HKCU-Run-bvllgvv - c:\windows\system32\lgbbv5lggbv.exe
HKCU-Run-vllffaq - c:\windows\system32\0llfv9q.exe
HKCU-Run-ffaqq - c:\windows\system32\l7fav9qqlf.exe
HKCU-Run-avvpf9a - c:\windows\system32\5pffapp.exe
HKCU-Run-kaav1p - c:\windows\system32\2kf5a1p.exe
HKCU-Run-avkk1v - c:\windows\system32\vkappkkfvv.exe
HKCU-Run-vppk0 - c:\windows\system32\aavpp6kfaa7.exe
HKCU-Run-ppkaa - c:\windows\system32\p6kfaa7vp.exe
HKCU-Run-ppkkfaa - c:\windows\system32\ppkaav1pk.exe
HKCU-Run-yoojy - c:\windows\system32\toddyytj.exe
HKCU-Run-dttoojd - c:\windows\system32\oojd9y0to.exe
HKCU-Run-jddyyto - c:\windows\system32\jyytjj1ttoo.exe
HKCU-Run-pffaa - c:\windows\system32\p6aavkkfvv.exe
HKCU-Run-kkfvk - c:\windows\system32\vppkaav1.exe
HKCU-Run-upkkfu - c:\windows\system32\ffz5pkkf.exe
HKCU-Run-ppkkf - c:\windows\system32\pkkfz9u0pk.exe
HKCU-Run-kkfvv - c:\windows\system32\7pkf9aa.exe
HKCU-Run-vppkaa1 - c:\windows\system32\fav5pffa.exe
HKCU-Run-aavvpkk - c:\windows\system32\aavkkfvka.exe
HKCU-Run-llgaa - c:\windows\system32\l1gaavl98.exe
HKCU-Run-kaav1 - c:\windows\system32\kaav1qkkfv.exe
HKCU-Run-vqf5a - c:\windows\system32\4v2qkaa.exe
HKCU-Run-aavvqkk - c:\windows\system32\0vq0k0f.exe
HKCU-Run-ffa1p - c:\windows\system32\kf5a1pkaa1k.exe
HKCU-Run-vvpkk7 - c:\windows\system32\pkkfvv1f.exe
HKCU-Run-aavppk0 - c:\windows\system32\pkk7favv.exe
HKCU-Run-rrlbbw1 - c:\windows\system32\lb9wwrl9g0b.exe
HKCU-Run-kffa1p - c:\windows\system32\431pkaa.exe
HKCU-Run-vvpp6 - c:\windows\system32\6a7vpkk.exe
HKCU-Run-aavvq1f - c:\windows\system32\avvqf9a0vq.exe
HKCU-Run-pvvpkk7 - c:\windows\system32\fappkkfv.exe
HKCU-Run-bgqbbv - c:\windows\system32\qqvqg6vbvbl.exe
HKCU-Run-lvqll7v - c:\windows\system32\qllqa5la1v.exe
HKCU-Run-kkfaa - c:\windows\system32\6a7vpkk.exe
HKCU-Run-ytiid - c:\windows\system32\tiidtiyy1i.exe
HKCU-Run-kfaa7 - c:\windows\system32\av1pkkfv.exe
HKCU-Run-pkaavkk - c:\windows\system32\faavkkfv.exe
HKCU-Run-yyiddit - c:\windows\system32\tn1tyidtidy.exe
HKCU-Run-kffav - c:\windows\system32\f2vv1ffaavk.exe
HKCU-Run-appkaa - c:\windows\system32\fvkaa1k0ff.exe
HKCU-Run-ddiydyt - c:\windows\system32\ntd3yynni1.exe
HKCU-Run-vvqkkf - c:\windows\system32\aavkkfv98qk.exe
HKCU-Run-fqf9a - c:\windows\system32\q1qkkfv9.exe
HKCU-Run-kkeezuu - c:\windows\system32\21eezzu.exe
HKCU-Run-xssnc - c:\windows\system32\xnc0xxsh9.exe
HKCU-Run-vkkff - c:\windows\system32\k0ffap9k0.exe
HKCU-Run-faavkkf - c:\windows\system32\v1pkkfvkaa.exe
HKCU-Run-ppffap9 - c:\windows\system32\vk0ffap9k0.exe
HKCU-Run-pffap9k - c:\windows\system32\ffap9k0f.exe
HKCU-Run-fappk2a - c:\windows\system32\4f2avkk.exe
HKCU-Run-favvp5f - c:\windows\system32\21k0ffa.exe
HKCU-Run-ccxmmh - c:\windows\system32\cxx6h5c2.exe
HKCU-Run-faavk - c:\windows\system32\p6aavkkfvv.exe
HKCU-Run-hrhhcc - c:\windows\system32\mcc1m0hhcr9.exe
HKCU-Run-kfaavk - c:\windows\system32\avvp5faav.exe
HKCU-Run-kffap - c:\windows\system32\kappkkfvvp.exe
HKCU-Run-fpf9a - c:\windows\system32\fvvpf9aavp9.exe
HKCU-Run-vkaavk0 - c:\windows\system32\p6kfaa7vp.exe
HKCU-Run-vppk0f - c:\windows\system32\p2av5pff.exe
HKCU-Run-ppkf9a - c:\windows\system32\fv5pffappkk.exe
HKCU-Run-favv1 - c:\windows\system32\fvv1p2ffa.exe
HKCU-Run-pffaavk - c:\windows\system32\2kf5a1p.exe
HKCU-Run-ppkaav1 - c:\windows\system32\0aav1pk.exe
HKCU-Run-ojjdy - c:\windows\system32\o6idyy7to.exe
HKCU-Run-ggb5v - c:\windows\system32\gbbvl9ggbv.exe
HKCU-Run-ysiid1 - c:\windows\system32\6iids4n.exe
HKCU-Run-xnnsnn - c:\windows\system32\ssnns7sni0.exe
HKCU-Run-aavvp - c:\windows\system32\pffappkkf.exe
HKCU-Run-avkkf - c:\windows\system32\ffaavpp6kv.exe
HKCU-Run-kkfvvqq - c:\windows\system32\pkk7favv.exe
HKCU-Run-hhcrrm0 - c:\windows\system32\5mmhx5r.exe
HKCU-Run-hcxmcc1 - c:\windows\system32\hxmcc1m0h.exe
HKCU-Run-pfvvppk - c:\windows\system32\ppkkfvv1ffa.exe
HKCU-Run-kkff6q - c:\windows\system32\9k0faav.exe
HKCU-Run-pkkfvvp - c:\windows\system32\0vvpf9a.exe
HKCU-Run-avllf - c:\windows\system32\faavll1vvq.exe
HKCU-Run-pappk0f - c:\windows\system32\kffap9k0faa.exe
HKCU-Run-appk2 - c:\windows\system32\kk7favvp5fa.exe
HKCU-Run-vkkfv - c:\windows\system32\1kkfvvp.exe
HKCU-Run-dttiy - c:\windows\system32\3idyydt.exe
HKCU-Run-lmggbww - c:\windows\system32\ggbrrlb9wwr.exe
HKCU-Run-dttod9 - c:\windows\system32\t9oojd9y0to.exe
HKCU-Run-qffaavq - c:\windows\system32\p6aavk4fvv.exe
HKCU-Run-qkffaqq - c:\windows\system32\av5q1faqqkk.exe
HKCU-Run-didtd - c:\windows\system32\ttiy0odood.exe
HKCU-Run-avvpk - c:\windows\system32\f9aavp9k0fa.exe
HKCU-Run-tdnniy - c:\windows\system32\id1tint7d.exe
HKCU-Run-dydnyyd - c:\windows\system32\483tntn.exe
HKCU-Run-pffaav - c:\windows\system32\ppffap9k0.exe
HKCU-Run-ttytjjd - c:\windows\system32\ojddjyd6t1.exe
HKCU-Run-kkfaav - c:\windows\system32\5pffapp.exe
HKCU-Run-vqqk0 - c:\windows\system32\kfvvqf9a.exe
HKCU-Run-fav5q - c:\windows\system32\qkaa1kkffaq.exe
HKCU-Run-avvqf5 - c:\windows\system32\1qkkfv9.exe
HKCU-Run-kffaq0 - c:\windows\system32\vvqkkffa7.exe
HKCU-Run-qkkfv - c:\windows\system32\f5a2qkaa1.exe
HKCU-Run-zppkz - c:\windows\system32\kk7fzuu7pkf.exe
HKCU-Run-ufuupup - c:\windows\system32\kfuupff1.exe
HKCU-Run-fvvqqkf - c:\windows\system32\k0faav1q.exe
HKCU-Run-kkffaq0 - c:\windows\system32\vv6f5a2qka.exe
HKCU-Run-vvqffa0 - c:\windows\system32\a1kkffaq0.exe
HKCU-Run-kvkkfv - c:\windows\system32\kff6ppk2.exe
HKCU-Run-fvkaa - c:\windows\system32\fav5pffa.exe
HKCU-Run-avvpf - c:\windows\system32\vpf9aavp.exe
HKCU-Run-vvpf5a - c:\windows\system32\avkkfvka.exe
HKCU-Run-aavvpk - c:\windows\system32\fpf9aavp9k.exe
HKCU-Run-favvq1f - c:\windows\system32\k0faav1qkk.exe
HKCU-Run-avkkff - c:\windows\system32\pf9aavp9k.exe
HKCU-Run-vkapp - c:\windows\system32\1ap9k0f.exe
HKCU-Run-kfaav - c:\windows\system32\vvp5faav.exe
HKCU-Run-vvkkp - c:\windows\system32\ppfkfk76a.exe
HKCU-Run-qkkfaav - c:\windows\system32\0aav1qk.exe
HKCU-Run-vfvvp - c:\windows\system32\1pf9aav.exe
HKCU-Run-fvkkffa - c:\windows\system32\kaavkkfv.exe
HKCU-Run-vqqkaa1 - c:\windows\system32\a1pkaa1kkf.exe
HKCU-Run-avvqff - c:\windows\system32\fvkaa1kkffa.exe
HKCU-Run-nddyyt - c:\windows\system32\dtytn5dyytn.exe
HKCU-Run-fpfukk - c:\windows\system32\pp6zzu2kfu.exe
HKCU-Run-upff1p - c:\windows\system32\u0pkkf1z.exe
HKCU-Run-kffaa - c:\windows\system32\vvp5faavpp6.exe
HKCU-Run-vpf5a - c:\windows\system32\av1pkkfvkaa.exe
HKCU-Run-kkffap9 - c:\windows\system32\9kkfvka.exe
HKCU-Run-vkkfvv1 - c:\windows\system32\kffap9k0faa.exe
HKCU-Run-tnnyt5 - c:\windows\system32\dt6i6ny1.exe
HKCU-Run-yniddi - c:\windows\system32\dt6ty7nyy1d.exe
HKCU-Run-dydyttn - c:\windows\system32\tiyy1tndd.exe
HKCU-Run-ffkv1 - c:\windows\system32\ffkv1kavpff.exe
HKCU-Run-appkkfa - c:\windows\system32\0vvpf9a.exe
HKCU-Run-ffap9k - c:\windows\system32\faavpp6kf.exe
HKCU-Run-fap9k - c:\windows\system32\pkkfvvpf9.exe
HKCU-Run-wwrrm1 - c:\windows\system32\r5m1bwmm.exe
HKCU-Run-aavkk1v - c:\windows\system32\pf9aavp9k.exe
HKCU-Run-yysii - c:\windows\system32\snniyyssn.exe
HKCU-Run-dssnni - c:\windows\system32\s0nniy0s0.exe
HKCU-Run-wwqqlg - c:\windows\system32\llbbwl9g0.exe
HKCU-Run-cxxs1h - c:\windows\system32\xxs1hssx.exe
HKCU-Run-ddydydn - c:\windows\system32\dnytnnyi.exe
HKCU-Run-qkkfaa - c:\windows\system32\k0faav1qkk.exe
HKCU-Run-fappkkf - c:\windows\system32\fappkkfvvp.exe
HKCU-Run-vpf9a - c:\windows\system32\k8av1pkkfvk.exe
HKCU-Run-avppkaa - c:\windows\system32\pkkfvkaa1k.exe
HKCU-Run-uuoee - c:\windows\system32\oeujzz1uoo.exe
HKCU-Run-uuoj9e - c:\windows\system32\ujzz1uoo.exe
HKCU-Run-faavp - c:\windows\system32\kf5a1pkaa.exe
HKCU-Run-iniyidy - c:\windows\system32\td2ttyti6.exe
HKCU-Run-kaavkk1 - c:\windows\system32\kaa1k0ffap9.exe
HKCU-Run-tytnytn - c:\windows\system32\i1ynyiy1nd.exe
HKCU-Run-ddtitdd - c:\windows\system32\ddttti6ddn.exe
HKCU-Run-pkkfvv - c:\windows\system32\v1pkaa1k0.exe
HKCU-Run-ccmxrmc - c:\windows\system32\rmmrhm3r.exe
HKCU-Run-crrxx1r - c:\windows\system32\h5cxrhhx.exe
HKCU-Run-kkfvvq - c:\windows\system32\avvqffaav.exe
HKCU-Run-vqkkfv9 - c:\windows\system32\kkff6qqk2.exe
HKCU-Run-kffa2q - c:\windows\system32\av1pkkfvkaa.exe
HKCU-Run-aavvqk - c:\windows\system32\v1qkkfv98q.exe
HKCU-Run-kkffaq - c:\windows\system32\faqqkkfvvq.exe
HKCU-Run-ddyytno - c:\windows\system32\d9yytn9i0dy.exe
HKCU-Run-vppkaav - c:\windows\system32\a1k0ffap9.exe
HKCU-Run-ytiidt - c:\windows\system32\5iidt5n.exe
HKCU-Run-newsecureapp70700.exe - c:\users\susie\AppData\Roaming\BE8B3FC6258474AD6D04DC97C4A6889B\newsecureapp70700.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 16:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\1e70acc0]
"imagepath"="\??\c:\windows\TEMP\BBD7.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3028532644-920559856-4189036104-1001\Software\Kingsoft\Ñ‘q\ë_Ñ‹ *2*0*0*2*\Option]
"ProfDictID"=dword:ffffffff
"UseDictionary"=dword:00000000
"CurrentCode"=dword:ffffffff
"UseSystemFont"=dword:00000000
"AutoHideBar"=dword:00000001
"DictHotkey"=dword:00030070
"TransHotkey"=dword:00020078
"InterfaceHotkey"=dword:0002007a
"RestoreEnglishHotkey"=dword:00020079
"PackageHotkey"=dword:00020077
"UseDFKC"=dword:00000000
"DFKCPath"=""
"UseUserDict"=dword:00000000
"UseChnEngMenu"=dword:00000000
"InterfaceType"=dword:00000000
"UseGameTrans"=dword:00000001
"InterfaceStyle"=dword:00000000
"ShowNavBar"=dword:00000000
"ShowTrackBar"=dword:00000000

[HKEY_USERS\S-1-5-21-3028532644-920559856-4189036104-1001\Software\Microsoft\Internet Explorer\MenuExt\ûm R0RQ*Q*hˆÅ`]
@="c:\\Program Files\\Tencent\\QQ\\AddEmotion.htm"
"contexts"=dword:00000002

[HKEY_USERS\S-1-5-21-3028532644-920559856-4189036104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Q*Q*8nb]
"Order"=hex:08,00,00,00,02,00,00,00,10,01,00,00,01,00,00,00,02,00,00,00,7e,00,
00,00,00,00,00,00,70,00,00,00,41,75,67,4d,04,00,00,00,01,00,00,00,00,00,01,\
.
Completion time: 2010-12-07 16:48:45
ComboFix-quarantined-files.txt 2010-12-08 00:48

Pre-Run: 151,857,508,352 bytes free
Post-Run: 152,536,801,280 bytes free

- - End Of File - - 13B1E821F4E1621C6A82D57F8D827038


Attachments:
ComboFix.txt [29.04 KiB]
Downloaded 62 times

IP:
top
Top
 Profile Send private message  
 
TeMerc
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Tue Dec 07, 2010 11:54 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15966
Location: PHX, AZ
That looks good, kindly update Malwarebytes and rescan the system, using the default 'Quick' scan option.

Also send me a new HijackThis log as well

_________________
Image


IP:
top
Top
 Profile Send private message  
 
KiryuMkX
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Wed Dec 08, 2010 1:25 am 
Offline

Joined: Mon Dec 06, 2010 3:03 am
Posts: 6
For some reason I can't use Firefox after I used ComboFix. It says
The proxy server is refusing connections
* Check the proxy settings to make sure that they are correct.
* Contact your network administrator to make sure the proxy server is working.
I was just wondering if something in my computer is causing this problem.
Below is the HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:38 AM, on 12/8/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\susie\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Steam\Steam.exe
C:\Users\susie\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:62848
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ½ðɽ¿ìÒë(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\susie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: 0oee2yt.exe
O4 - Startup: 6a7vpkk.exe
O4 - Startup: 79k0faa.exe
O4 - Startup: a1pkaa1k0f.exe
O4 - Startup: aavpp6kfaa7.exe
O4 - Startup: dysndny1y2.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: vpffap9k0f.exe
O4 - Startup: ÄË°TQQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ¥ÎQQ±m«Hµo°e¸Ó¹Ï¤ù - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: ²K¥[¨ìQQ¦Û©w¸q­±ªO - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ²K¥[¨ìQQªí±¡ - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SoftPerfect Bandwidth Manager (bwmservice) - Unknown owner - C:\Program Files\SoftPerfect Bandwidth Manager\bwmsvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10141 bytes



IP:
top
Top
 Profile Send private message  
 
TeMerc
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Thu Dec 09, 2010 12:20 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15966
Location: PHX, AZ
Thanks for the log. The system still has a proxy hijack on it.

Open HiJackThis and run another scan.

Once it's completed the scan, look over the following entries I have listed, place a check in the boxes next to them as listed(some may not be present due to previous instructions): and press the 'fix' button. When you are doing it, make sure you have no browser windows open, including this one.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:62848
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: ½ðɽ¿ìÒë(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll (file missing)
O4 - Startup: 0oee2yt.exe
O4 - Startup: 6a7vpkk.exe
O4 - Startup: 79k0faa.exe
O4 - Startup: a1pkaa1k0f.exe
O4 - Startup: aavpp6kfaa7.exe
O4 - Startup: dysndny1y2.exe
O4 - Startup: vpffap9k0f.exe

Reboot, run another scan with HJT and **attach** the log and advise of any ongoing or new problems as well as providing any info and or logs requested above.

_________________
Image


IP:
top
Top
 Profile Send private message  
 
KiryuMkX
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Thu Dec 09, 2010 8:59 pm 
Offline

Joined: Mon Dec 06, 2010 3:03 am
Posts: 6
So far I haven't noticed any symptoms other than the same Firefox problem. I'm guessing I got rid of the hijacker but getting rid of it did something to my Firefox?


Attachments:
hijackthis.log [8.71 KiB]
Downloaded 65 times

IP:
top
Top
 Profile Send private message  
 
TeMerc
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Thu Dec 09, 2010 11:13 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15966
Location: PHX, AZ
KiryuMkX wrote:
So far I haven't noticed any symptoms other than the same Firefox problem. I'm guessing I got rid of the hijacker but getting rid of it did something to my Firefox?

That looks good, nice work.

Just uninstall and reinstall Firefox, something likely got corrupted.

Anything else needing attention?

_________________
Image


IP:
top
Top
 Profile Send private message  
 
KiryuMkX
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Fri Dec 10, 2010 12:26 am 
Offline

Joined: Mon Dec 06, 2010 3:03 am
Posts: 6
I uninstalled Firefox and reinstalled it but it still doesn't work



IP:
top
Top
 Profile Send private message  
 
TeMerc
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Fri Dec 10, 2010 12:40 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15966
Location: PHX, AZ
KiryuMkX wrote:
I uninstalled Firefox and reinstalled it but it still doesn't work

Check the proxy settings. If unsure how, then check their FAQ page

_________________
Image


IP:
top
Top
 Profile Send private message  
 
KiryuMkX
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Fri Dec 10, 2010 12:48 am 
Offline

Joined: Mon Dec 06, 2010 3:03 am
Posts: 6
I learned from another forum that I had to delete the Mozilla Firefox folder in program files to fix it and it worked. My computer works fine now. Thanks for your help.



IP:
top
Top
 Profile Send private message  
 
TeMerc
 Post subject: Re: I have multiple symptoms but not sure of the cause
PostPosted: Fri Dec 10, 2010 4:32 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15966
Location: PHX, AZ
Glad we could be of assistance. 8)

Guess it's time we cleaned up some of the tools we used and then our recommendations to remain malware free.

Please download OTListIt2 from the link below:
http://oldtimer.geekstogo.com/OTL.exe
Save the file to your desktop.
Once on the desktop double click OTListit.exe and the application will open.
Then click the 'Clean Up' button

Also, adhere to these recommendations:
NEVER open any unknown emails
NEVER use P2P file sharing sites
NEVER install anything that just 'pops' up
NEVER use cracked or warez\pirated software
NEVER click links from IM contacts before authenticating

And:
ALWAYS keep Windows updated
ALWAYS update software before scanning with any security tool
ALWAYS use Google to research new software before installing.
ALWAYS use caution on all socail networking sites, none of them fully vet all those 'free' games and downloads.

And either of the two following hosts file databases will keep an even stronger layer of defense:
* MVPS Hosts
http://www.mvps.org/winhelp2002/hosts.htm
*hpHosts
http://hosts-file.net/?s=Download

To manage your hosts file we recommend using either HostsMan or HostsXpert. With either tool you can download the latest updates, merge them with another hosts file, edit entries and much more. It's freeware and works very well on all systems
HostsXpert:
http://www.funkytoad.com/content/view/13/31/

HostsMan(W7 & 64bit systems:
http://www.abelhadigital.com/

And to prevent unknown applications from being installed on your machine install WinPatrol. WinPatrol is also great at controlling which applications start with Windows. It's even got a nifty 'delay' feature.

Keep track of updates for ALL your security needs here:
Calendar of Updates

Happy surfing!!
Tom :D

As your infection removal here in this forum has been completed, we hope you take the time to look around and get involved in some of the other forums. The forums grow and become even more helpful with input from all of our members. We can all help everyone together as a community.

And if we've helped you out and you'd like to contribute to the costs maintaining the site please use the PayPal button as displayed at the top of the page. Image

This is 100% optional as all our help to you has always been free and will continue be free forever.

_________________
Image


IP:
top
Top
 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 12 posts ] 

Board index » HiJackThis! Log Assessment-Spyware Help » Countermeasures: HijackThis! Spyware Help

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  

Who is online
Who is online In total there is 1 user online :: 0 registered, 0 hidden and 1 guest (based on users active over the past 5 minutes)
Most users ever online was 282 on Tue Sep 25, 2012 11:30 am

Users browsing this forum: No registered users and 1 guest

New posts    No new posts    Forum locked
cron
Powered by phpBB