Author Topic: Computer Hang (Read 35829 times)

kschina · « **on:** June 27, 2008, 09:08:58 AM »

Hi,

My computer always hang, please help. Below is Logfile of HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:52:58 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WT32EXE.EXE
C:\Program Files\UitvDll\msrv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\tblmouse.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ngp\Desktop\HijackThis.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D3E6D2D-ED58-43D2-9D17-98F584B14D3B} - C:\WINDOWS\DDIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Skype] C:\Program Files\skype\Phone\Skype.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [yyxxi] C:\Program Files\yyxxi\English.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [TBLFUNC] tblmouse.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UUCallMini] "C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" -autorun
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [fmsiocps] C:\WINDOWS\fmsiocps.exe
O4 - HKLM\..\Run: [anistio] C:\WINDOWS\anistio.exE
O4 - HKLM\..\Run: [dionpis] C:\WINDOWS\dionpis.exe
O4 - HKLM\..\Run: [hefcndy] C:\WINDOWS\hefcndy.exe
O4 - HKLM\..\Run: [tciocp64] C:\WINDOWS\tciocp64.exe
O4 - HKLM\..\Run: [bincdwsa] C:\WINDOWS\bincdwsa.exe
O4 - HKLM\..\Run: [dbhlp32] C:\WINDOWS\dbhlp32.exe
O4 - HKLM\..\Run: [fmsjhif] C:\WINDOWS\fmsjhif.exe
O4 - HKLM\..\Run: [paaeokan] C:\WINDOWS\aeknylgs.exe
O4 - HKLM\..\Run: [ptshell] C:\WINDOWS\ptshell.exe
O4 - HKLM\..\Run: [ticisms] C:\WINDOWS\ticisms.exe
O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe
O4 - HKLM\..\Run: [yuiabct] C:\WINDOWS\yuiabct.exe
O4 - HKLM\..\Run: [mfchlp64] C:\WINDOWS\mfchlp64.exe
O4 - HKLM\..\Run: [dndsioc] C:\WINDOWS\dndsioc.exe
O4 - HKLM\..\Run: [fmbiost] C:\WINDOWS\fmbiost.exe
O4 - HKLM\..\Run: [isndntio] C:\WINDOWS\isndntio.exe
O4 - HKLM\..\Run: [wipicdec] C:\WINDOWS\wipicdec.exe
O4 - HKLM\..\Run: [leeboo.exe] C:\Program Files\Leeboo\leeboo.exe Auto
O4 - HKLM\..\Run: [udtablet] C:\WINDOWS\udtablet\UDSetup.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - Startup: 开屏桌面画报.lnk = C:\Program Files\Coopen\Coopen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &使用 leeboo 加速下载 - C:\Program Files\Leeboo\getUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3384F595-9B10-4139-9893-7E4CB1F11875} (RegReader 1.2 Class) - http://10.145.204.12/wincc/Install/WebClientInstall.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213928656789
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\Software\..\Telephony: DomainName = snaponglobal.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{96878E1D-3CFE-4F5B-9D5D-22F38DD5A44E}: NameServer = 61.177.7.1 221.228.255.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = snaponglobal.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: SysDaJHv.dll,msosjtio00.dll,nicozftp00.dll,fmsiocps.dll,
msosmnsf00.dll,msoscqit00.dll,msosdrop00.dll,msosmhfp00.dll,msosdohs00.dll,
wipicdec.dll,msosfmsq00.dll,eefzba.dll,bipdac.dll,livnju.dll,ipcpku.dll,lbanmi.dll,
guadcw.dll,awzpqq.dll,ufbnmk.dll,efnkxi.dll,ibjkdg.dll,qlcoxi.dll,zvqeug.dll,mdcxvt.dll,
rwkulz.dll,akgfzu.dll,fgzpsx.dll,bbcbml.dll,ycmgqp.dll,mfhnds.dll,wyspbe.dll,dszyzt.dll,
icldbb.dll,ngfaim.dll,mlhtjt.dll,akmuad.dll,nkuvhn.dll,soykcn.dll,hnihey.dll,rosjrr.dll,
mxlgoz.dll,hyttoz.dll,uexefj.dll,oqkvmh.dll,lecysk.dll,swlaxz.dll,oclhlo.dll,sjbqbs.dll,
kgjbdw.dll,gdxxme.dll,cyjuns.dll,yumbza.dll,ivsvak.dll,tfvose.dll,draure.dll,kkvura.dll,
zqtvbw.dll,kpbnel.dll,epxdzi.dll,ouskkk.dll,kglxiq.dll,vdgizg.dll,xelwxf.dll,totewi.dll,
trwaft.dll,qquyye.dll,sgadnx.dll,rupipl.dll,ojxqbt.dll,sndmaj.dll,zilpiy.dll,phessc.dll,
neymlp.dll,capwpu.dll,wqftss.dll,ddqyyp.dll,iynyjo.dll,tjseud.dll,almkcm.dll,vofpwh.dll,
ujtixh.dll,avebdg.dll,ciiljh.dll,ncjgtr.dll,zdxyuh.dll,zvlaaw.dll,gxjoce.dll,ukqcgj.dl
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\system32\WT32EXE.EXE
O23 - Service: Windows Network Media Service (UiPlayer) - Unknown owner - C:\Program Files\UitvDll\msrv.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

kpac · « **Reply #1 on:** June 27, 2008, 09:40:45 AM »

Just wait and shortly one of the forum's malware removal specialists will analyse the log.

evilfantasy · « **Reply #2 on:** June 27, 2008, 02:05:55 PM »

Start here > http://www.computerhope.com/forum/index.php/topic,46313.0.html

kschina · « **Reply #3 on:** June 28, 2008, 11:16:56 AM »

I have scanned my computer with SuperAntiSpyware, CCleaner and and also Anti-Malware but the problem still remain.
Below is logfile after above scanning:

Logfile of HijackThis v1.99.1
Scan saved at 1:09:48 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WT32EXE.EXE
C:\Program Files\UitvDll\msrv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\tblmouse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ngp\Desktop\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D3E6D2D-ED58-43D2-9D17-98F584B14D3B} - C:\WINDOWS\DDIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [yyxxi] C:\Program Files\yyxxi\English.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [TBLFUNC] tblmouse.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UUCallMini] "C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" -autorun
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [isndntio] C:\WINDOWS\isndntio.exe
O4 - HKLM\..\Run: [Skype] C:\Program Files\skype\Phone\Skype.exe
O4 - HKLM\..\Run: [leeboo.exe] C:\Program Files\Leeboo\leeboo.exe Auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [udtablet] C:\WINDOWS\udtablet\UDSetup.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: 开屏桌面画报.lnk = C:\Program Files\Coopen\Coopen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &使用 leeboo 加速下载 - C:\Program Files\Leeboo\getUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3384F595-9B10-4139-9893-7E4CB1F11875} (RegReader 1.2 Class) - http://10.145.204.12/wincc/Install/WebClientInstall.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213928656789
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\Software\..\Telephony: DomainName = snaponglobal.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{96878E1D-3CFE-4F5B-9D5D-22F38DD5A44E}: NameServer = 61.177.7.1 221.228.255.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = snaponglobal.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: SysDaJHv.dll,msosjtio00.dll,nicozftp00.dll,fmsiocps.dll,msosmnsf00.dll,msoscqit00.dll,
msosdrop00.dll,msosmhfp00.dll,msosdohs00.dll,wipicdec.dll,msosfmsq00.dll,
eefzba.dll,bipdac.dll,livnju.dll,ipcpku.dll,lbanmi.dll,guadcw.dll,awzpqq.dll,ufbnmk.dll,
efnkxi.dll,ibjkdg.dll,qlcoxi.dll,zvqeug.dll,mdcxvt.dll,rwkulz.dll,akgfzu.dll,fgzpsx.dll,
bbcbml.dll,ycmgqp.dll,mfhnds.dll,wyspbe.dll,dszyzt.dll,icldbb.dll,ngfaim.dll,mlhtjt.dll,
akmuad.dll,nkuvhn.dll,soykcn.dll,hnihey.dll,rosjrr.dll,mxlgoz.dll,hyttoz.dll,uexefj.dll,
oqkvmh.dll,lecysk.dll,swlaxz.dll,oclhlo.dll,sjbqbs.dll,kgjbdw.dll,gdxxme.dll,cyjuns.dll,
yumbza.dll,ivsvak.dll,tfvose.dll,draure.dll,kkvura.dll,zqtvbw.dll,kpbnel.dll,epxdzi.dll,
ouskkk.dll,kglxiq.dll,vdgizg.dll,xelwxf.dll,totewi.dll,trwaft.dll,qquyye.dll,sgadnx.dll,
rupipl.dll,ojxqbt.dll,sndmaj.dll,zilpiy.dll,phessc.dll,neymlp.dll,capwpu.dll,wqftss.dll,
ddqyyp.dll,iynyjo.dll,tjseud.dll,almkcm.dll,vofpwh.dll,ujtixh.dll,avebdg.dll,ciiljh.dll,
ncjgtr.dll,zdxyuh.dll,zvlaaw.dll,gxjoce.dll,ukqcgj.dl
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\system32\WT32EXE.EXE
O23 - Service: Windows Network Media Service (UiPlayer) - Unknown owner - C:\Program Files\UitvDll\msrv.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

evilfantasy · « **Reply #4 on:** June 28, 2008, 05:01:00 PM »

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Now then reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
Finally copy and paste the contents of the results file Report.txt with a NEW HijackThis log in your next reply.

If SDFix won't run or you get errors, follow the link for instructions on running SDFix. How to use SDFix

kschina · « **Reply #5 on:** June 28, 2008, 08:43:17 PM »

Hi evilfantasy,

Below are the logfiles.

SDFix: Version 1.198
Run by ngp on 06/29/2008 Sun at 10:16 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 10:24:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000d8
"TracesSuccessful"=dword:0000000f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\h黓
"禊T\x20ac???"=dword:00000001
"禊9eQ???"=dword:00000001
"\20?nO:y??"=dword:00000001
"\26Y\1xO:y?"=dword:00000001
"]zz<h?"=dword:00000000
"IQ\ah朑??"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\厅]
"禊T\x20ac???"=dword:00000001
"禊9eQ???"=dword:00000001
"\20?nO:y??"=dword:00000001
"\26Y\1xO:y?"=dword:00000001
"]zz<h?"=dword:00000000
"IQ\ah朑??"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe"="C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe:*:Disabled:java"
"C:\\Program Files\\Globe7\\Globe7.exe"="C:\\Program Files\\Globe7\\Globe7.exe:LocalSubNet:Enabled:Globe7"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS网络电视"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\21cn\\VGO\\Clt.exe"="C:\\Program Files\\21cn\\VGO\\Clt.exe:*:Enabled:21CN VGO 智能客户端"
"C:\\Program Files\\STV\\STV.exe"="C:\\Program Files\\STV\\STV.exe:*:Enabled:STV-深蓝卫星网络电视"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Gizmo Project\\mDNSResponder.exe"="C:\\Program Files\\Gizmo Project\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Gizmo Project\\Gizmo.exe"="C:\\Program Files\\Gizmo Project\\Gizmo.exe:*:Enabled:Gizmo Project"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\skype\\Phone\\Skype.exe"="C:\\Program Files\\skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"="C:\\Program Files\\Skype1\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"
"C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe:*:Enabled:Flashget2"
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdate.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Globe7\\Globe7.exe"="C:\\Program Files\\Globe7\\Globe7.exe:*:Enabled:Globe7"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream P2P流媒体播放器"
"C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe"="C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe:*:Enabled:java"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe"="C:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe:*:Enabled:Web 迅雷"
"C:\\Program Files\\skype\\Phone\\Skype.exe"="C:\\Program Files\\skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"="C:\\Program Files\\Skype1\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"

Remaining Files :

Files with Hidden Attributes :

Fri 4 Aug 2006 24,064 ...H. --- "C:\Documents and Settings\ngp\Desktop\~WRL3055.tmp"
Fri 4 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 24 Jan 2007 0 ...H. --- "C:\Documents and Settings\ngp\Application Data\Microsoft\Word\~WRL3232.tmp"

Finished!

_______________________________________ _________________________

evilfantasy · « **Reply #6 on:** June 28, 2008, 09:11:20 PM »

Download Vundofix.exe to your desktop.

Important! If using Windows Vista be sure to Run As Administrator

Double-click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

If you receive this error: "Run-time error '339': Component 'comdlg32.ocx' or one its dependencies not correctly registered: a file is missing or invalid", a new copy and instructions on where to put it can be found here

Please let VundoFix finish, sometimes it can take multiple passes

kschina · « **Reply #7 on:** June 28, 2008, 09:44:41 PM »

I already scanned my computer with VundoFix.exe but no infected file is found.

evilfantasy · « **Reply #8 on:** June 28, 2008, 10:12:28 PM »

Download Combofix by sUBs from one of the below links.

Important! Combofix.exe MUST be saved to and ran from the Desktop.

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
Double click combofix.exe & follow the prompts.

Choose Yes to accept the Disclaimers.

When finished, it will produce a log for you.
Post that log in your next reply.

Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall

If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of Combofix.

----------

Next post add
Combofix log

kschina · « **Reply #9 on:** June 28, 2008, 10:52:07 PM »

The logfile is too big. I will put it in 2 posting.

ComboFix 08-06-20.4 - ngp 2008-06-29 12:32:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.193 [GMT 8:00]
Running from: C:\Documents and Settings\ngp\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\dell\Favorites\链接
C:\Documents and Settings\ngp\Local Settings\Application Data\baidu
C:\Program Files\baidu
C:\Program Files\Common Files\sogou pxp
C:\Program Files\Common Files\sogou pxp\p2psvr.exe
C:\Program Files\internet explorer\options.dll
C:\riched32.dll
C:\WINDOWS\isndntio.exe
C:\WINDOWS\Nt_File_Temp
C:\WINDOWS\Nt_File_Temp\0.bmp
C:\WINDOWS\Nt_File_Temp\1.bmp
C:\WINDOWS\Nt_File_Temp\edit.bmp
C:\WINDOWS\options.dll
C:\WINDOWS\system32\ajoafx.dll
C:\WINDOWS\system32\almkcm.dll
C:\WINDOWS\system32\avebdg.dll
C:\WINDOWS\system32\baecev.dll
C:\WINDOWS\system32\bcqpqy.dll
C:\WINDOWS\system32\bnesxc.dll
C:\WINDOWS\system32\bucykk.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\capwpu.dll
C:\WINDOWS\system32\ciiljh.dll
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\dbhlp32.dlL
C:\WINDOWS\system32\dcvbmv.dll
C:\WINDOWS\system32\ddqyyp.dll
C:\WINDOWS\system32\dfwgug.dll
C:\WINDOWS\system32\dhmfil.dll
C:\WINDOWS\system32\dndsioc.dll
C:\WINDOWS\system32\epxdzi.dll
C:\WINDOWS\system32\eypxfq.dll
C:\WINDOWS\system32\fackaczl.dll
C:\WINDOWS\system32\fmsjhif.dll
C:\WINDOWS\system32\gljqrr.dll
C:\WINDOWS\system32\gvvgwm.dll
C:\WINDOWS\system32\gxjoce.dll
C:\WINDOWS\system32\hpeman.dll
C:\WINDOWS\system32\htcxgl.dll
C:\WINDOWS\system32\ieafxk.dll
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\ikokuv.dll
C:\WINDOWS\system32\ilrxup.dll
C:\WINDOWS\system32\ipcpku.dll
C:\WINDOWS\system32\isndntio.dll
C:\WINDOWS\system32\istvaj.dll
C:\WINDOWS\system32\iuodek.dll
C:\WINDOWS\system32\iuvfdm.dll
C:\WINDOWS\system32\iynyjo.dll
C:\WINDOWS\system32\kglxiq.dll
C:\WINDOWS\system32\kkvura.dll
C:\WINDOWS\system32\kpbnel.dll
C:\WINDOWS\system32\lughda.dll
C:\WINDOWS\system32\msoscqit.dat
C:\WINDOWS\system32\msosdohs.dat
C:\WINDOWS\system32\msosdrop.dat
C:\WINDOWS\system32\msosfmsq.dat
C:\WINDOWS\system32\msosjtio.dat
C:\WINDOWS\system32\msosmhfp.dat
C:\WINDOWS\system32\msosmnsf.dat
C:\WINDOWS\system32\mwyftj.dll
C:\WINDOWS\system32\ncjgtr.dll
C:\WINDOWS\system32\neymlp.dll
C:\WINDOWS\system32\nicozftp.dat
C:\WINDOWS\system32\njvqyt.dll
C:\WINDOWS\system32\njwibq.dll
C:\WINDOWS\system32\ojxqbt.dll
C:\WINDOWS\system32\ouskkk.dll
C:\WINDOWS\system32\phessc.dll
C:\WINDOWS\system32\ptshell.dll
C:\WINDOWS\system32\qfpysu.dll
C:\WINDOWS\system32\qquyye.dll
C:\WINDOWS\system32\rhjmdp.dll
C:\WINDOWS\system32\rupipl.dll
C:\WINDOWS\system32\sgadnx.dll
C:\WINDOWS\system32\sgpdvy.dll
C:\WINDOWS\system32\sndmaj.dll
C:\WINDOWS\system32\sqxuyp.dll
C:\WINDOWS\system32\sryxmo.dll
C:\WINDOWS\system32\syshash.dll
C:\WINDOWS\system32\syskey.dll
C:\WINDOWS\system32\Systemhost.dll
C:\WINDOWS\system32\tirmsr.dll
C:\WINDOWS\system32\tjseud.dll
C:\WINDOWS\system32\tluiyg.dll
C:\WINDOWS\system32\tnpctz.dll
C:\WINDOWS\system32\totewi.dll
C:\WINDOWS\system32\trwaft.dll
C:\WINDOWS\system32\ujtixh.dll
C:\WINDOWS\system32\ukqcgj.dll
C:\WINDOWS\system32\vdgizg.dll
C:\WINDOWS\system32\vgpikb.dll
C:\WINDOWS\system32\vofpwh.dll
C:\WINDOWS\system32\wokfjz.dll
C:\WINDOWS\system32\wpynzh.dll
C:\WINDOWS\system32\wqftss.dll
C:\WINDOWS\system32\xbubum.dll
C:\WINDOWS\system32\xelwxf.dll
C:\WINDOWS\system32\xnnaru.dll
C:\WINDOWS\system32\yfknsi.dll
C:\WINDOWS\system32\yuiabct.dll
C:\WINDOWS\system32\zdxyuh.dll
C:\WINDOWS\system32\zhybio.dll
C:\WINDOWS\system32\zilpiy.dll
C:\WINDOWS\system32\zinmfa.dll
C:\WINDOWS\system32\zkphbt.dll
C:\WINDOWS\system32\zqtvbw.dll
C:\WINDOWS\system32\zvlaaw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CQIT
-------\Legacy_DROP
-------\Legacy_FMSQ
-------\Legacy_JTIO
-------\Legacy_MSFPFIS64
-------\Legacy_MSP2P32
-------\Legacy_P4P_SERVICE
-------\Service_cqit
-------\Service_drop
-------\Service_fmsq
-------\Service_jtio

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 11:29 . 2008-06-29 11:29   <DIR>   d--------   C:\VundoFix Backups
2008-06-29 10:10 . 2008-06-29 10:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-06-29 09:37 . 2008-06-29 10:26   <DIR>   d--------   C:\SDFix
2008-06-28 23:44 . 2008-06-28 23:43   410,976   --a------   C:\WINDOWS\system32\deploytk.dll
2008-06-28 23:44 . 2008-06-28 23:43   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-06-28 22:50 . 2008-06-28 22:50   23,600   --a------   C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-06-28 22:37 . 2008-06-28 22:37   <DIR>   d--------   C:\Program Files\CCleaner
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-19 17:48   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 19:39 . 2008-06-19 17:47   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 18:58 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-06-20 18:58 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-06-12 21:03 . 2008-06-12 21:03   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLive
2008-06-09 19:10 . 2008-06-09 21:36   297   --a------   C:\WINDOWS\system32\admshare.dat
2008-06-09 19:07 . 2008-06-09 19:07   <DIR>   d--------   C:\Program Files\KuGou
2008-06-09 19:07 . 2008-06-27 22:46   <DIR>   d--------   C:\Program Files\Google
2008-06-09 19:07 . 2008-06-09 21:36   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\BITS
2008-06-09 19:05 . 2008-06-09 19:05   <DIR>   d--------   C:\Program Files\FlashGet Network
2008-05-31 20:16 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQUpdate
2008-05-31 20:04 . 2008-05-31 20:04   <DIR>   d--------   C:\WINDOWS\system32\qqedit
2008-05-31 20:04 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQ
2008-05-31 20:03 . 2008-05-31 20:04   <DIR>   d--------   C:\Program Files\Tencent
2008-05-30 23:48 . 2008-05-30 23:48   <DIR>   d--------   C:\Documents and Settings\ngp\.zone1511
2008-05-30 23:41 . 2007-01-25 11:48   297,984   -ra------   C:\WINDOWS\system32\Midas.dll
2008-05-30 23:40 . 2008-05-30 23:45   <DIR>   d--------   C:\Program Files\ZoiPPE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 20:32   ---------   d-----w   C:\Program Files\PPLive
2008-06-28 15:43   ---------   d-----w   C:\Program Files\Java
2008-06-27 14:33   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-06-24 00:35   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Skype
2008-06-22 13:45   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\ppStream
2008-06-16 10:21   ---------   d-----w   C:\Program Files\UitvDll
2008-06-15 09:27   ---------   d-----w   C:\Program Files\PPStream
2008-06-12 08:39   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\VoipCheapCom
2008-06-10 07:05   ---------   d-----w   C:\Program Files\VTTV
2008-05-27 13:54   ---------   d-----w   C:\Program Files\KULflights
2008-05-06 16:15   ---------   d-----w   C:\Program Files\MSN Messenger
2008-04-30 13:54   ---------   d-----w   C:\Program Files\同花顺2008
2008-04-28 16:10   ---------   d-----w   C:\Program Files\亿诺软件
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Coopen
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\All Users.WINDOWS\Application Data\Coopen
2008-04-28 15:09   ---------   d-----w   C:\Program Files\开屏桌面画报
.

kschina · « **Reply #10 on:** June 28, 2008, 10:52:55 PM »

------- Sigcheck -------

2006-04-20 20:18 360576 b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-05-14 22:48 359040 ebeab4c47642cd68d7fd23187eeca1b0   C:\WINDOWS\system32\backup\tcpip.sys
2004-08-04 20:00 359040 9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 20:00 359040 3bb4b08619c111c7be8bda07aa0de6a2   C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D3E6D2D-ED58-43D2-9D17-98F584B14D3B}]
         C:\WINDOWS\DDIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-06-28 23:43   34816   --a------   C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-06-28 23:43   73728   --a------   C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-25 06:53 307200]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" [ ]
"VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [ ]
"PPS Accelerator"="C:\Program Files\PPStream\ppsap.exe" [2008-04-24 18:09 162976]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 16:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 16:01 110592]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 23:04 53248]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-09-21 22:00 135224]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 11:00 94208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"yyxxi"="C:\Program Files\yyxxi\English.exe" [2007-01-02 15:15 0]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"DXDllRegExe"="dxdllreg.exe" []
"TBLFUNC"="tblmouse.exe" [2001-08-21 13:56 49152 C:\WINDOWS\system32\tblmouse.exe]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 20:00 44032]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-21 01:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-21 01:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-21 01:36 114688]
"UUCallMini"="C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" [ ]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13 2695168]
"GCXX-Manager-Class"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2004-11-24 11:06 802921]
"Skype"="C:\Program Files\skype\Phone\Skype.exe" [ ]
"leeboo.exe"="C:\Program Files\Leeboo\leeboo.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-06-28 23:43 136600]
"udtablet"="C:\WINDOWS\udtablet\UDSetup.EXE" [2001-10-29 18:52 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 20:00 44544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 13:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-09-28 12:22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 10:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=SysDaJHv.dll,msosjtio00.dll,nicozftp00.dll,fmsiocps.dll,msosmnsf00.dll,
msoscqit00.dll,msosdrop00.dll,msosmhfp00.dll,msosdohs00.dll,wipicdec.dll,
msosfmsq00.dll,eefzba.dll,bipdac.dll,livnju.dll,ipcpku.dll,lbanmi.dll,guadcw.dll,
awzpqq.dll,ufbnmk.dll,efnkxi.dll,ibjkdg.dll,qlcoxi.dll,zvqeug.dll,mdcxvt.dll,rwkulz.dll,
akgfzu.dll,fgzpsx.dll,bbcbml.dll,ycmgqp.dll,mfhnds.dll,wyspbe.dll,dszyzt.dll,icldbb.dll,
ngfaim.dll,mlhtjt.dll,akmuad.dll,nkuvhn.dll,soykcn.dll,hnihey.dll,rosjrr.dll,mxlgoz.dll,
hyttoz.dll,uexefj.dll,oqkvmh.dll,lecysk.dll,swlaxz.dll,oclhlo.dll,sjbqbs.dll,kgjbdw.dll,
gdxxme.dll,cyjuns.dll,yumbza.dll,ivsvak.dll,tfvose.dll,draure.dll,kkvura.dll,zqtvbw.dll,
kpbnel.dll,epxdzi.dll,ouskkk.dll,kglxiq.dll,vdgizg.dll,xelwxf.dll,totewi.dll,trwaft.dll,
qquyye.dll,sgadnx.dll,rupipl.dll,ojxqbt.dll,sndmaj.dll,zilpiy.dll,phessc.dll,neymlp.dll,
capwpu.dll,wqftss.dll,ddqyyp.dll,iynyjo.dll,tjseud.dll,almkcm.dll,vofpwh.dll,ujtixh.dll,
avebdg.dll,ciiljh.dll,ncjgtr.dll,zdxyuh.dll,zvlaaw.dll,gxjoce.dll,ukqcgj.dll,wokfjz.dll,
njvqyt.dll,gljqrr.dll,ikokuv.dll,istvaj.dll,htcxgl.dll,bnesxc.dll,lughda.dll,bcqpqy.dll,
ajoafx.dll,zhybio.dll,mwyftj.dll,sgpdvy.dll,baecev.dll,sqxuyp.dll,zinmfa.dll,gvvgwm.dll,
njwibq.dll,eypxfq.dll,tirmsr.dll,vgpikb.dll,iuodek.dll,dfwgug.dll,xnnaru.dll,tnpctz.dll,
qfpysu.dll,hpeman.dll,iuvfdm.dll,dhmfil.dll,sryxmo.dll,tluiyg.dll,ilrxup.dll,ieafxk.dll,
zkphbt.dll,xbubum.dll,wpynzh.dll,rhjmdp.dll,bucykk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\PPStream\\PPSAP.exe"=
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:G
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21]
R2 UiPlayer;Windows Network Media Service;C:\Program Files\UitvDll\msrv.exe [2007-11-30 15:46]
R2 WZCBDLService;WZCBDL Service;"C:\Program Files\WZCBDL Service\WZCBDLS.exe" [2002-03-19 12:15]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-06-01 02:46]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2004-11-05 19:08]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2004-11-05 19:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309a1df2-bdd2-11db-a216-00166f7503a0}]
\Shell\AutoRun\command - F:\idstick.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 04:43:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 12:42:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\Wt32exe.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-06-29 12:44:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 04:44:35

Pre-Run: 7,984,979,968 bytes free
Post-Run: 7,955,677,184 bytes free

326   --- E O F ---   2008-06-27 17:18:14

evilfantasy · « **Reply #11 on:** June 28, 2008, 11:06:14 PM »

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

Click Start , then Run
Type notepad.exe in the Run Box.

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

After posting the Combofix log go HERE and run the Superantispyware and Malwarebytes scans then also post a new hijackthis log along with those two logs.

kschina · « **Reply #12 on:** June 28, 2008, 11:48:28 PM »

ComboFix 08-06-20.4 - ngp 2008-06-29 13:34:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.260 [GMT 8:00]
Running from: C:\Documents and Settings\ngp\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ngp\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 11:29 . 2008-06-29 11:29   <DIR>   d--------   C:\VundoFix Backups
2008-06-29 10:10 . 2008-06-29 10:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-06-29 09:37 . 2008-06-29 10:26   <DIR>   d--------   C:\SDFix
2008-06-28 23:44 . 2008-06-28 23:43   410,976   --a------   C:\WINDOWS\system32\deploytk.dll
2008-06-28 23:44 . 2008-06-28 23:43   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-06-28 22:50 . 2008-06-28 22:50   23,600   --a------   C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-06-28 22:37 . 2008-06-28 22:37   <DIR>   d--------   C:\Program Files\CCleaner
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-19 17:48   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 19:39 . 2008-06-19 17:47   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 18:58 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-06-20 18:58 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-06-12 21:03 . 2008-06-12 21:03   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLive
2008-06-09 19:10 . 2008-06-09 21:36   297   --a------   C:\WINDOWS\system32\admshare.dat
2008-06-09 19:07 . 2008-06-09 19:07   <DIR>   d--------   C:\Program Files\KuGou
2008-06-09 19:07 . 2008-06-27 22:46   <DIR>   d--------   C:\Program Files\Google
2008-06-09 19:07 . 2008-06-09 21:36   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\BITS
2008-06-09 19:05 . 2008-06-09 19:05   <DIR>   d--------   C:\Program Files\FlashGet Network
2008-05-31 20:16 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQUpdate
2008-05-31 20:04 . 2008-05-31 20:04   <DIR>   d--------   C:\WINDOWS\system32\qqedit
2008-05-31 20:04 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQ
2008-05-31 20:03 . 2008-05-31 20:04   <DIR>   d--------   C:\Program Files\Tencent
2008-05-30 23:48 . 2008-05-30 23:48   <DIR>   d--------   C:\Documents and Settings\ngp\.zone1511
2008-05-30 23:41 . 2007-01-25 11:48   297,984   -ra------   C:\WINDOWS\system32\Midas.dll
2008-05-30 23:40 . 2008-05-30 23:45   <DIR>   d--------   C:\Program Files\ZoiPPE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 20:32   ---------   d-----w   C:\Program Files\PPLive
2008-06-28 15:43   ---------   d-----w   C:\Program Files\Java
2008-06-27 14:33   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-06-24 00:35   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Skype
2008-06-22 13:45   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\ppStream
2008-06-16 10:21   ---------   d-----w   C:\Program Files\UitvDll
2008-06-15 09:27   ---------   d-----w   C:\Program Files\PPStream
2008-06-12 08:39   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\VoipCheapCom
2008-06-10 07:05   ---------   d-----w   C:\Program Files\VTTV
2008-05-27 13:54   ---------   d-----w   C:\Program Files\KULflights
2008-05-06 16:15   ---------   d-----w   C:\Program Files\MSN Messenger
2008-04-30 13:54   ---------   d-----w   C:\Program Files\同花顺2008
2008-04-28 16:10   ---------   d-----w   C:\Program Files\亿诺软件
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Coopen
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\All Users.WINDOWS\Application Data\Coopen
2008-04-28 15:09   ---------   d-----w   C:\Program Files\开屏桌面画报
.

------- Sigcheck -------

2006-04-20 20:18 360576 b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-05-14 22:48 359040 ebeab4c47642cd68d7fd23187eeca1b0   C:\WINDOWS\system32\backup\tcpip.sys
2004-08-04 20:00 359040 9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 20:00 359040 3bb4b08619c111c7be8bda07aa0de6a2   C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-29_12.44.24.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 04:39:32   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-29 05:38:09   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-29 05:39:19   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D3E6D2D-ED58-43D2-9D17-98F584B14D3B}]
         C:\WINDOWS\DDIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-06-28 23:43   34816   --a------   C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-06-28 23:43   73728   --a------   C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-25 06:53 307200]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" [ ]
"VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [ ]
"PPS Accelerator"="C:\Program Files\PPStream\ppsap.exe" [2008-04-24 18:09 162976]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 16:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 16:01 110592]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 23:04 53248]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-09-21 22:00 135224]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 11:00 94208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"yyxxi"="C:\Program Files\yyxxi\English.exe" [2007-01-02 15:15 0]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"DXDllRegExe"="dxdllreg.exe" []
"TBLFUNC"="tblmouse.exe" [2001-08-21 13:56 49152 C:\WINDOWS\system32\tblmouse.exe]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 20:00 44032]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-21 01:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-21 01:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-21 01:36 114688]
"UUCallMini"="C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" [ ]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13 2695168]
"GCXX-Manager-Class"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2004-11-24 11:06 802921]
"Skype"="C:\Program Files\skype\Phone\Skype.exe" [ ]
"leeboo.exe"="C:\Program Files\Leeboo\leeboo.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-06-28 23:43 136600]
"udtablet"="C:\WINDOWS\udtablet\UDSetup.EXE" [2001-10-29 18:52 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 20:00 44544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 13:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-09-28 12:22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 10:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\PPStream\\PPSAP.exe"=
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:G
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21]
R2 UiPlayer;Windows Network Media Service;C:\Program Files\UitvDll\msrv.exe [2007-11-30 15:46]
R2 WZCBDLService;WZCBDL Service;"C:\Program Files\WZCBDL Service\WZCBDLS.exe" [2002-03-19 12:15]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-06-01 02:46]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2004-11-05 19:08]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2004-11-05 19:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309a1df2-bdd2-11db-a216-00166f7503a0}]
\Shell\AutoRun\command - F:\idstick.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 05:41:19 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 13:41:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Wt32exe.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-06-29 13:44:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 05:44:01
ComboFix2.txt 2008-06-29 04:44:41

Pre-Run: 7,924,178,944 bytes free
Post-Run: 7,927,816,192 bytes free

208   --- E O F ---   2008-06-27 17:18:14

evilfantasy · « **Reply #13 on:** June 29, 2008, 12:07:28 AM »

Looking much better. i found something else also, you need to run this tool and insert any flash drives you have when it asks for them. If you don't have any run the tool anyway.

Download Flash_Disinfector.exe by sUBs and save it to your desktop:

Double-click Flash_Disinfector.exe to run it.
Your desktop and icons may disappear. This is normal.
It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
Follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
There will be no GUI interface or log file produced.
Reboot your computer when done.

.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

----------

Does the PC seem to be doing better now?

kschina · « **Reply #14 on:** June 29, 2008, 01:17:00 AM »

Hi evilfantasy,
Thanks.
You are really an expert. My computer is running better now.

SUPERantispyware deleted about 800 threats.
Anti-Malware never deteded any infected file.
Below are the logfile.

Malwarebytes' Anti-Malware 1.19
Database version: 901
Windows 5.1.2600 Service Pack 2

15:04:47 2008-06-29
mbam-log-6-29-2008 (15-04-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 138132
Time elapsed: 25 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_______________________________________ ______

Logfile of HijackThis v1.99.1
Scan saved at 15:06, on 2008-06-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WT32EXE.EXE
C:\Program Files\UitvDll\msrv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\tblmouse.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PPStream\ppsap.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ngp\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D3E6D2D-ED58-43D2-9D17-98F584B14D3B} - C:\WINDOWS\DDIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [yyxxi] C:\Program Files\yyxxi\English.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [TBLFUNC] tblmouse.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UUCallMini] "C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" -autorun
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [Skype] C:\Program Files\skype\Phone\Skype.exe
O4 - HKLM\..\Run: [leeboo.exe] C:\Program Files\Leeboo\leeboo.exe Auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [udtablet] C:\WINDOWS\udtablet\UDSetup.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: 开屏桌面画报.lnk = C:\Program Files\Coopen\Coopen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &使用 leeboo 加速下载 - C:\Program Files\Leeboo\getUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3384F595-9B10-4139-9893-7E4CB1F11875} (RegReader 1.2 Class) - http://10.145.204.12/wincc/Install/WebClientInstall.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213928656789
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\Software\..\Telephony: DomainName = snaponglobal.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{96878E1D-3CFE-4F5B-9D5D-22F38DD5A44E}: NameServer = 61.177.7.1 221.228.255.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = snaponglobal.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\system32\WT32EXE.EXE
O23 - Service: Windows Network Media Service (UiPlayer) - Unknown owner - C:\Program Files\UitvDll\msrv.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

Computer Hope Forum

News:

Author Topic: Computer Hang (Read 35829 times)

kschina

Computer Hang

kpac

Re: Computer Hang

evilfantasy

Re: Computer Hang

kschina

Re: Computer Hang

evilfantasy

Re: Computer Hang

kschina

Re: Computer Hang

evilfantasy

Re: Computer Hang

kschina

Re: Computer Hang

evilfantasy

Re: Computer Hang

kschina

Re: Computer Hang

kschina

Re: Computer Hang

evilfantasy

Re: Computer Hang

kschina

Re: Computer Hang

evilfantasy

Re: Computer Hang

kschina

Re: Computer Hang