Author Topic: Computer Hang (Read 35870 times)

kschina · « **on:** June 27, 2008, 09:08:58 AM »

Hi,

My computer always hang, please help. Below is Logfile of HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:52:58 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WT32EXE.EXE
C:\Program Files\UitvDll\msrv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\tblmouse.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ngp\Desktop\HijackThis.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D3E6D2D-ED58-43D2-9D17-98F584B14D3B} - C:\WINDOWS\DDIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Skype] C:\Program Files\skype\Phone\Skype.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [yyxxi] C:\Program Files\yyxxi\English.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [TBLFUNC] tblmouse.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UUCallMini] "C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" -autorun
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [fmsiocps] C:\WINDOWS\fmsiocps.exe
O4 - HKLM\..\Run: [anistio] C:\WINDOWS\anistio.exE
O4 - HKLM\..\Run: [dionpis] C:\WINDOWS\dionpis.exe
O4 - HKLM\..\Run: [hefcndy] C:\WINDOWS\hefcndy.exe
O4 - HKLM\..\Run: [tciocp64] C:\WINDOWS\tciocp64.exe
O4 - HKLM\..\Run: [bincdwsa] C:\WINDOWS\bincdwsa.exe
O4 - HKLM\..\Run: [dbhlp32] C:\WINDOWS\dbhlp32.exe
O4 - HKLM\..\Run: [fmsjhif] C:\WINDOWS\fmsjhif.exe
O4 - HKLM\..\Run: [paaeokan] C:\WINDOWS\aeknylgs.exe
O4 - HKLM\..\Run: [ptshell] C:\WINDOWS\ptshell.exe
O4 - HKLM\..\Run: [ticisms] C:\WINDOWS\ticisms.exe
O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe
O4 - HKLM\..\Run: [yuiabct] C:\WINDOWS\yuiabct.exe
O4 - HKLM\..\Run: [mfchlp64] C:\WINDOWS\mfchlp64.exe
O4 - HKLM\..\Run: [dndsioc] C:\WINDOWS\dndsioc.exe
O4 - HKLM\..\Run: [fmbiost] C:\WINDOWS\fmbiost.exe
O4 - HKLM\..\Run: [isndntio] C:\WINDOWS\isndntio.exe
O4 - HKLM\..\Run: [wipicdec] C:\WINDOWS\wipicdec.exe
O4 - HKLM\..\Run: [leeboo.exe] C:\Program Files\Leeboo\leeboo.exe Auto
O4 - HKLM\..\Run: [udtablet] C:\WINDOWS\udtablet\UDSetup.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - Startup: 开屏桌面画报.lnk = C:\Program Files\Coopen\Coopen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &使用 leeboo 加速下载 - C:\Program Files\Leeboo\getUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3384F595-9B10-4139-9893-7E4CB1F11875} (RegReader 1.2 Class) - http://10.145.204.12/wincc/Install/WebClientInstall.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213928656789
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\Software\..\Telephony: DomainName = snaponglobal.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{96878E1D-3CFE-4F5B-9D5D-22F38DD5A44E}: NameServer = 61.177.7.1 221.228.255.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = snaponglobal.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: SysDaJHv.dll,msosjtio00.dll,nicozftp00.dll,fmsiocps.dll,
msosmnsf00.dll,msoscqit00.dll,msosdrop00.dll,msosmhfp00.dll,msosdohs00.dll,
wipicdec.dll,msosfmsq00.dll,eefzba.dll,bipdac.dll,livnju.dll,ipcpku.dll,lbanmi.dll,
guadcw.dll,awzpqq.dll,ufbnmk.dll,efnkxi.dll,ibjkdg.dll,qlcoxi.dll,zvqeug.dll,mdcxvt.dll,
rwkulz.dll,akgfzu.dll,fgzpsx.dll,bbcbml.dll,ycmgqp.dll,mfhnds.dll,wyspbe.dll,dszyzt.dll,
icldbb.dll,ngfaim.dll,mlhtjt.dll,akmuad.dll,nkuvhn.dll,soykcn.dll,hnihey.dll,rosjrr.dll,
mxlgoz.dll,hyttoz.dll,uexefj.dll,oqkvmh.dll,lecysk.dll,swlaxz.dll,oclhlo.dll,sjbqbs.dll,
kgjbdw.dll,gdxxme.dll,cyjuns.dll,yumbza.dll,ivsvak.dll,tfvose.dll,draure.dll,kkvura.dll,
zqtvbw.dll,kpbnel.dll,epxdzi.dll,ouskkk.dll,kglxiq.dll,vdgizg.dll,xelwxf.dll,totewi.dll,
trwaft.dll,qquyye.dll,sgadnx.dll,rupipl.dll,ojxqbt.dll,sndmaj.dll,zilpiy.dll,phessc.dll,
neymlp.dll,capwpu.dll,wqftss.dll,ddqyyp.dll,iynyjo.dll,tjseud.dll,almkcm.dll,vofpwh.dll,
ujtixh.dll,avebdg.dll,ciiljh.dll,ncjgtr.dll,zdxyuh.dll,zvlaaw.dll,gxjoce.dll,ukqcgj.dl
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\system32\WT32EXE.EXE
O23 - Service: Windows Network Media Service (UiPlayer) - Unknown owner - C:\Program Files\UitvDll\msrv.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

kpac · « **Reply #1 on:** June 27, 2008, 09:40:45 AM »

Just wait and shortly one of the forum's malware removal specialists will analyse the log.

evilfantasy · « **Reply #2 on:** June 27, 2008, 02:05:55 PM »

Start here > http://www.computerhope.com/forum/index.php/topic,46313.0.html

kschina · « **Reply #3 on:** June 28, 2008, 11:16:56 AM »

I have scanned my computer with SuperAntiSpyware, CCleaner and and also Anti-Malware but the problem still remain.
Below is logfile after above scanning:

Logfile of HijackThis v1.99.1
Scan saved at 1:09:48 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WT32EXE.EXE
C:\Program Files\UitvDll\msrv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\tblmouse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ngp\Desktop\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D3E6D2D-ED58-43D2-9D17-98F584B14D3B} - C:\WINDOWS\DDIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [yyxxi] C:\Program Files\yyxxi\English.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [TBLFUNC] tblmouse.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UUCallMini] "C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" -autorun
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [isndntio] C:\WINDOWS\isndntio.exe
O4 - HKLM\..\Run: [Skype] C:\Program Files\skype\Phone\Skype.exe
O4 - HKLM\..\Run: [leeboo.exe] C:\Program Files\Leeboo\leeboo.exe Auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [udtablet] C:\WINDOWS\udtablet\UDSetup.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: 开屏桌面画报.lnk = C:\Program Files\Coopen\Coopen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &使用 leeboo 加速下载 - C:\Program Files\Leeboo\getUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3384F595-9B10-4139-9893-7E4CB1F11875} (RegReader 1.2 Class) - http://10.145.204.12/wincc/Install/WebClientInstall.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213928656789
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\Software\..\Telephony: DomainName = snaponglobal.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{96878E1D-3CFE-4F5B-9D5D-22F38DD5A44E}: NameServer = 61.177.7.1 221.228.255.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = snaponglobal.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: SysDaJHv.dll,msosjtio00.dll,nicozftp00.dll,fmsiocps.dll,msosmnsf00.dll,msoscqit00.dll,
msosdrop00.dll,msosmhfp00.dll,msosdohs00.dll,wipicdec.dll,msosfmsq00.dll,
eefzba.dll,bipdac.dll,livnju.dll,ipcpku.dll,lbanmi.dll,guadcw.dll,awzpqq.dll,ufbnmk.dll,
efnkxi.dll,ibjkdg.dll,qlcoxi.dll,zvqeug.dll,mdcxvt.dll,rwkulz.dll,akgfzu.dll,fgzpsx.dll,
bbcbml.dll,ycmgqp.dll,mfhnds.dll,wyspbe.dll,dszyzt.dll,icldbb.dll,ngfaim.dll,mlhtjt.dll,
akmuad.dll,nkuvhn.dll,soykcn.dll,hnihey.dll,rosjrr.dll,mxlgoz.dll,hyttoz.dll,uexefj.dll,
oqkvmh.dll,lecysk.dll,swlaxz.dll,oclhlo.dll,sjbqbs.dll,kgjbdw.dll,gdxxme.dll,cyjuns.dll,
yumbza.dll,ivsvak.dll,tfvose.dll,draure.dll,kkvura.dll,zqtvbw.dll,kpbnel.dll,epxdzi.dll,
ouskkk.dll,kglxiq.dll,vdgizg.dll,xelwxf.dll,totewi.dll,trwaft.dll,qquyye.dll,sgadnx.dll,
rupipl.dll,ojxqbt.dll,sndmaj.dll,zilpiy.dll,phessc.dll,neymlp.dll,capwpu.dll,wqftss.dll,
ddqyyp.dll,iynyjo.dll,tjseud.dll,almkcm.dll,vofpwh.dll,ujtixh.dll,avebdg.dll,ciiljh.dll,
ncjgtr.dll,zdxyuh.dll,zvlaaw.dll,gxjoce.dll,ukqcgj.dl
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\system32\WT32EXE.EXE
O23 - Service: Windows Network Media Service (UiPlayer) - Unknown owner - C:\Program Files\UitvDll\msrv.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

evilfantasy · « **Reply #4 on:** June 28, 2008, 05:01:00 PM »

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Now then reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
Finally copy and paste the contents of the results file Report.txt with a NEW HijackThis log in your next reply.

If SDFix won't run or you get errors, follow the link for instructions on running SDFix. How to use SDFix

kschina · « **Reply #5 on:** June 28, 2008, 08:43:17 PM »

Hi evilfantasy,

Below are the logfiles.

SDFix: Version 1.198
Run by ngp on 06/29/2008 Sun at 10:16 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 10:24:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000d8
"TracesSuccessful"=dword:0000000f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\h黓
"禊T\x20ac???"=dword:00000001
"禊9eQ???"=dword:00000001
"\20?nO:y??"=dword:00000001
"\26Y\1xO:y?"=dword:00000001
"]zz<h?"=dword:00000000
"IQ\ah朑??"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\厅]
"禊T\x20ac???"=dword:00000001
"禊9eQ???"=dword:00000001
"\20?nO:y??"=dword:00000001
"\26Y\1xO:y?"=dword:00000001
"]zz<h?"=dword:00000000
"IQ\ah朑??"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe"="C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe:*:Disabled:java"
"C:\\Program Files\\Globe7\\Globe7.exe"="C:\\Program Files\\Globe7\\Globe7.exe:LocalSubNet:Enabled:Globe7"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS网络电视"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\21cn\\VGO\\Clt.exe"="C:\\Program Files\\21cn\\VGO\\Clt.exe:*:Enabled:21CN VGO 智能客户端"
"C:\\Program Files\\STV\\STV.exe"="C:\\Program Files\\STV\\STV.exe:*:Enabled:STV-深蓝卫星网络电视"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Gizmo Project\\mDNSResponder.exe"="C:\\Program Files\\Gizmo Project\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Gizmo Project\\Gizmo.exe"="C:\\Program Files\\Gizmo Project\\Gizmo.exe:*:Enabled:Gizmo Project"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\skype\\Phone\\Skype.exe"="C:\\Program Files\\skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"="C:\\Program Files\\Skype1\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"
"C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe:*:Enabled:Flashget2"
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdate.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Globe7\\Globe7.exe"="C:\\Program Files\\Globe7\\Globe7.exe:*:Enabled:Globe7"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream P2P流媒体播放器"
"C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe"="C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe:*:Enabled:java"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe"="C:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe:*:Enabled:Web 迅雷"
"C:\\Program Files\\skype\\Phone\\Skype.exe"="C:\\Program Files\\skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"="C:\\Program Files\\Skype1\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"

Remaining Files :

Files with Hidden Attributes :

Fri 4 Aug 2006 24,064 ...H. --- "C:\Documents and Settings\ngp\Desktop\~WRL3055.tmp"
Fri 4 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 24 Jan 2007 0 ...H. --- "C:\Documents and Settings\ngp\Application Data\Microsoft\Word\~WRL3232.tmp"

Finished!

_______________________________________ _________________________

evilfantasy · « **Reply #6 on:** June 28, 2008, 09:11:20 PM »

Download Vundofix.exe to your desktop.

Important! If using Windows Vista be sure to Run As Administrator

Double-click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

If you receive this error: "Run-time error '339': Component 'comdlg32.ocx' or one its dependencies not correctly registered: a file is missing or invalid", a new copy and instructions on where to put it can be found here

Please let VundoFix finish, sometimes it can take multiple passes

kschina · « **Reply #7 on:** June 28, 2008, 09:44:41 PM »

I already scanned my computer with VundoFix.exe but no infected file is found.

evilfantasy · « **Reply #8 on:** June 28, 2008, 10:12:28 PM »

Download Combofix by sUBs from one of the below links.

Important! Combofix.exe MUST be saved to and ran from the Desktop.

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
Double click combofix.exe & follow the prompts.

Choose Yes to accept the Disclaimers.

When finished, it will produce a log for you.
Post that log in your next reply.

Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall

If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of Combofix.

----------

Next post add
Combofix log

kschina · « **Reply #9 on:** June 28, 2008, 10:52:07 PM »

The logfile is too big. I will put it in 2 posting.

ComboFix 08-06-20.4 - ngp 2008-06-29 12:32:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.193 [GMT 8:00]
Running from: C:\Documents and Settings\ngp\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\dell\Favorites\链接
C:\Documents and Settings\ngp\Local Settings\Application Data\baidu
C:\Program Files\baidu
C:\Program Files\Common Files\sogou pxp
C:\Program Files\Common Files\sogou pxp\p2psvr.exe
C:\Program Files\internet explorer\options.dll
C:\riched32.dll
C:\WINDOWS\isndntio.exe
C:\WINDOWS\Nt_File_Temp
C:\WINDOWS\Nt_File_Temp\0.bmp
C:\WINDOWS\Nt_File_Temp\1.bmp
C:\WINDOWS\Nt_File_Temp\edit.bmp
C:\WINDOWS\options.dll
C:\WINDOWS\system32\ajoafx.dll
C:\WINDOWS\system32\almkcm.dll
C:\WINDOWS\system32\avebdg.dll
C:\WINDOWS\system32\baecev.dll
C:\WINDOWS\system32\bcqpqy.dll
C:\WINDOWS\system32\bnesxc.dll
C:\WINDOWS\system32\bucykk.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\capwpu.dll
C:\WINDOWS\system32\ciiljh.dll
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\dbhlp32.dlL
C:\WINDOWS\system32\dcvbmv.dll
C:\WINDOWS\system32\ddqyyp.dll
C:\WINDOWS\system32\dfwgug.dll
C:\WINDOWS\system32\dhmfil.dll
C:\WINDOWS\system32\dndsioc.dll
C:\WINDOWS\system32\epxdzi.dll
C:\WINDOWS\system32\eypxfq.dll
C:\WINDOWS\system32\fackaczl.dll
C:\WINDOWS\system32\fmsjhif.dll
C:\WINDOWS\system32\gljqrr.dll
C:\WINDOWS\system32\gvvgwm.dll
C:\WINDOWS\system32\gxjoce.dll
C:\WINDOWS\system32\hpeman.dll
C:\WINDOWS\system32\htcxgl.dll
C:\WINDOWS\system32\ieafxk.dll
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\ikokuv.dll
C:\WINDOWS\system32\ilrxup.dll
C:\WINDOWS\system32\ipcpku.dll
C:\WINDOWS\system32\isndntio.dll
C:\WINDOWS\system32\istvaj.dll
C:\WINDOWS\system32\iuodek.dll
C:\WINDOWS\system32\iuvfdm.dll
C:\WINDOWS\system32\iynyjo.dll
C:\WINDOWS\system32\kglxiq.dll
C:\WINDOWS\system32\kkvura.dll
C:\WINDOWS\system32\kpbnel.dll
C:\WINDOWS\system32\lughda.dll
C:\WINDOWS\system32\msoscqit.dat
C:\WINDOWS\system32\msosdohs.dat
C:\WINDOWS\system32\msosdrop.dat
C:\WINDOWS\system32\msosfmsq.dat
C:\WINDOWS\system32\msosjtio.dat
C:\WINDOWS\system32\msosmhfp.dat
C:\WINDOWS\system32\msosmnsf.dat
C:\WINDOWS\system32\mwyftj.dll
C:\WINDOWS\system32\ncjgtr.dll
C:\WINDOWS\system32\neymlp.dll
C:\WINDOWS\system32\nicozftp.dat
C:\WINDOWS\system32\njvqyt.dll
C:\WINDOWS\system32\njwibq.dll
C:\WINDOWS\system32\ojxqbt.dll
C:\WINDOWS\system32\ouskkk.dll
C:\WINDOWS\system32\phessc.dll
C:\WINDOWS\system32\ptshell.dll
C:\WINDOWS\system32\qfpysu.dll
C:\WINDOWS\system32\qquyye.dll
C:\WINDOWS\system32\rhjmdp.dll
C:\WINDOWS\system32\rupipl.dll
C:\WINDOWS\system32\sgadnx.dll
C:\WINDOWS\system32\sgpdvy.dll
C:\WINDOWS\system32\sndmaj.dll
C:\WINDOWS\system32\sqxuyp.dll
C:\WINDOWS\system32\sryxmo.dll
C:\WINDOWS\system32\syshash.dll
C:\WINDOWS\system32\syskey.dll
C:\WINDOWS\system32\Systemhost.dll
C:\WINDOWS\system32\tirmsr.dll
C:\WINDOWS\system32\tjseud.dll
C:\WINDOWS\system32\tluiyg.dll
C:\WINDOWS\system32\tnpctz.dll
C:\WINDOWS\system32\totewi.dll
C:\WINDOWS\system32\trwaft.dll
C:\WINDOWS\system32\ujtixh.dll
C:\WINDOWS\system32\ukqcgj.dll
C:\WINDOWS\system32\vdgizg.dll
C:\WINDOWS\system32\vgpikb.dll
C:\WINDOWS\system32\vofpwh.dll
C:\WINDOWS\system32\wokfjz.dll
C:\WINDOWS\system32\wpynzh.dll
C:\WINDOWS\system32\wqftss.dll
C:\WINDOWS\system32\xbubum.dll
C:\WINDOWS\system32\xelwxf.dll
C:\WINDOWS\system32\xnnaru.dll
C:\WINDOWS\system32\yfknsi.dll
C:\WINDOWS\system32\yuiabct.dll
C:\WINDOWS\system32\zdxyuh.dll
C:\WINDOWS\system32\zhybio.dll
C:\WINDOWS\system32\zilpiy.dll
C:\WINDOWS\system32\zinmfa.dll
C:\WINDOWS\system32\zkphbt.dll
C:\WINDOWS\system32\zqtvbw.dll
C:\WINDOWS\system32\zvlaaw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CQIT
-------\Legacy_DROP
-------\Legacy_FMSQ
-------\Legacy_JTIO
-------\Legacy_MSFPFIS64
-------\Legacy_MSP2P32
-------\Legacy_P4P_SERVICE
-------\Service_cqit
-------\Service_drop
-------\Service_fmsq
-------\Service_jtio

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 11:29 . 2008-06-29 11:29   <DIR>   d--------   C:\VundoFix Backups
2008-06-29 10:10 . 2008-06-29 10:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-06-29 09:37 . 2008-06-29 10:26   <DIR>   d--------   C:\SDFix
2008-06-28 23:44 . 2008-06-28 23:43   410,976   --a------   C:\WINDOWS\system32\deploytk.dll
2008-06-28 23:44 . 2008-06-28 23:43   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-06-28 22:50 . 2008-06-28 22:50   23,600   --a------   C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-06-28 22:37 . 2008-06-28 22:37   <DIR>   d--------   C:\Program Files\CCleaner
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-19 17:48   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 19:39 . 2008-06-19 17:47   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 18:58 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-06-20 18:58 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-06-12 21:03 . 2008-06-12 21:03   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLive
2008-06-09 19:10 . 2008-06-09 21:36   297   --a------   C:\WINDOWS\system32\admshare.dat
2008-06-09 19:07 . 2008-06-09 19:07   <DIR>   d--------   C:\Program Files\KuGou
2008-06-09 19:07 . 2008-06-27 22:46   <DIR>   d--------   C:\Program Files\Google
2008-06-09 19:07 . 2008-06-09 21:36   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\BITS
2008-06-09 19:05 . 2008-06-09 19:05   <DIR>   d--------   C:\Program Files\FlashGet Network
2008-05-31 20:16 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQUpdate
2008-05-31 20:04 . 2008-05-31 20:04   <DIR>   d--------   C:\WINDOWS\system32\qqedit
2008-05-31 20:04 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQ
2008-05-31 20:03 . 2008-05-31 20:04   <DIR>   d--------   C:\Program Files\Tencent
2008-05-30 23:48 . 2008-05-30 23:48   <DIR>   d--------   C:\Documents and Settings\ngp\.zone1511
2008-05-30 23:41 . 2007-01-25 11:48   297,984   -ra------   C:\WINDOWS\system32\Midas.dll
2008-05-30 23:40 . 2008-05-30 23:45   <DIR>   d--------   C:\Program Files\ZoiPPE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 20:32   ---------   d-----w   C:\Program Files\PPLive
2008-06-28 15:43   ---------   d-----w   C:\Program Files\Java
2008-06-27 14:33   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-06-24 00:35   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Skype
2008-06-22 13:45   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\ppStream
2008-06-16 10:21   ---------   d-----w   C:\Program Files\UitvDll
2008-06-15 09:27   ---------   d-----w   C:\Program Files\PPStream
2008-06-12 08:39   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\VoipCheapCom
2008-06-10 07:05   ---------   d-----w   C:\Program Files\VTTV
2008-05-27 13:54   ---------   d-----w   C:\Program Files\KULflights
2008-05-06 16:15   ---------   d-----w   C:\Program Files\MSN Messenger
2008-04-30 13:54   ---------   d-----w   C:\Program Files\同花顺2008
2008-04-28 16:10   ---------   d-----w   C:\Program Files\亿诺软件
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Coopen
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\All Users.WINDOWS\Application Data\Coopen
2008-04-28 15:09   ---------   d-----w   C:\Program Files\开屏桌面画报
.

kschina · « **Reply #10 on:** June 28, 2008, 10:52:55 PM »

------- Sigcheck -------

2006-04-20 20:18 360576 b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-05-14 22:48 359040 ebeab4c47642cd68d7fd23187eeca1b0   C:\WINDOWS\system32\backup\tcpip.sys
2004-08-04 20:00 359040 9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 20:00 359040 3bb4b08619c111c7be8bda07aa0de6a2   C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D3E6D2D-ED58-43D2-9D17-98F584B14D3B}]
         C:\WINDOWS\DDIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-06-28 23:43   34816   --a------   C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-06-28 23:43   73728   --a------   C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-25 06:53 307200]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" [ ]
"VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [ ]
"PPS Accelerator"="C:\Program Files\PPStream\ppsap.exe" [2008-04-24 18:09 162976]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 16:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 16:01 110592]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 23:04 53248]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-09-21 22:00 135224]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 11:00 94208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"yyxxi"="C:\Program Files\yyxxi\English.exe" [2007-01-02 15:15 0]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"DXDllRegExe"="dxdllreg.exe" []
"TBLFUNC"="tblmouse.exe" [2001-08-21 13:56 49152 C:\WINDOWS\system32\tblmouse.exe]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 20:00 44032]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-21 01:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-21 01:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-21 01:36 114688]
"UUCallMini"="C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" [ ]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13 2695168]
"GCXX-Manager-Class"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2004-11-24 11:06 802921]
"Skype"="C:\Program Files\skype\Phone\Skype.exe" [ ]
"leeboo.exe"="C:\Program Files\Leeboo\leeboo.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-06-28 23:43 136600]
"udtablet"="C:\WINDOWS\udtablet\UDSetup.EXE" [2001-10-29 18:52 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 20:00 44544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 13:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-09-28 12:22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 10:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=SysDaJHv.dll,msosjtio00.dll,nicozftp00.dll,fmsiocps.dll,msosmnsf00.dll,
msoscqit00.dll,msosdrop00.dll,msosmhfp00.dll,msosdohs00.dll,wipicdec.dll,
msosfmsq00.dll,eefzba.dll,bipdac.dll,livnju.dll,ipcpku.dll,lbanmi.dll,guadcw.dll,
awzpqq.dll,ufbnmk.dll,efnkxi.dll,ibjkdg.dll,qlcoxi.dll,zvqeug.dll,mdcxvt.dll,rwkulz.dll,
akgfzu.dll,fgzpsx.dll,bbcbml.dll,ycmgqp.dll,mfhnds.dll,wyspbe.dll,dszyzt.dll,icldbb.dll,
ngfaim.dll,mlhtjt.dll,akmuad.dll,nkuvhn.dll,soykcn.dll,hnihey.dll,rosjrr.dll,mxlgoz.dll,
hyttoz.dll,uexefj.dll,oqkvmh.dll,lecysk.dll,swlaxz.dll,oclhlo.dll,sjbqbs.dll,kgjbdw.dll,
gdxxme.dll,cyjuns.dll,yumbza.dll,ivsvak.dll,tfvose.dll,draure.dll,kkvura.dll,zqtvbw.dll,
kpbnel.dll,epxdzi.dll,ouskkk.dll,kglxiq.dll,vdgizg.dll,xelwxf.dll,totewi.dll,trwaft.dll,
qquyye.dll,sgadnx.dll,rupipl.dll,ojxqbt.dll,sndmaj.dll,zilpiy.dll,phessc.dll,neymlp.dll,
capwpu.dll,wqftss.dll,ddqyyp.dll,iynyjo.dll,tjseud.dll,almkcm.dll,vofpwh.dll,ujtixh.dll,
avebdg.dll,ciiljh.dll,ncjgtr.dll,zdxyuh.dll,zvlaaw.dll,gxjoce.dll,ukqcgj.dll,wokfjz.dll,
njvqyt.dll,gljqrr.dll,ikokuv.dll,istvaj.dll,htcxgl.dll,bnesxc.dll,lughda.dll,bcqpqy.dll,
ajoafx.dll,zhybio.dll,mwyftj.dll,sgpdvy.dll,baecev.dll,sqxuyp.dll,zinmfa.dll,gvvgwm.dll,
njwibq.dll,eypxfq.dll,tirmsr.dll,vgpikb.dll,iuodek.dll,dfwgug.dll,xnnaru.dll,tnpctz.dll,
qfpysu.dll,hpeman.dll,iuvfdm.dll,dhmfil.dll,sryxmo.dll,tluiyg.dll,ilrxup.dll,ieafxk.dll,
zkphbt.dll,xbubum.dll,wpynzh.dll,rhjmdp.dll,bucykk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\PPStream\\PPSAP.exe"=
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:G
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21]
R2 UiPlayer;Windows Network Media Service;C:\Program Files\UitvDll\msrv.exe [2007-11-30 15:46]
R2 WZCBDLService;WZCBDL Service;"C:\Program Files\WZCBDL Service\WZCBDLS.exe" [2002-03-19 12:15]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-06-01 02:46]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2004-11-05 19:08]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2004-11-05 19:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309a1df2-bdd2-11db-a216-00166f7503a0}]
\Shell\AutoRun\command - F:\idstick.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 04:43:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 12:42:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\Wt32exe.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-06-29 12:44:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 04:44:35

Pre-Run: 7,984,979,968 bytes free
Post-Run: 7,955,677,184 bytes free

326   --- E O F ---   2008-06-27 17:18:14

evilfantasy · « **Reply #11 on:** June 28, 2008, 11:06:14 PM »

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

Click Start , then Run
Type notepad.exe in the Run Box.

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

After posting the Combofix log go HERE and run the Superantispyware and Malwarebytes scans then also post a new hijackthis log along with those two logs.

kschina · « **Reply #12 on:** June 28, 2008, 11:48:28 PM »

ComboFix 08-06-20.4 - ngp 2008-06-29 13:34:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.260 [GMT 8:00]
Running from: C:\Documents and Settings\ngp\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ngp\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 11:29 . 2008-06-29 11:29   <DIR>   d--------   C:\VundoFix Backups
2008-06-29 10:10 . 2008-06-29 10:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-06-29 09:37 . 2008-06-29 10:26   <DIR>   d--------   C:\SDFix
2008-06-28 23:44 . 2008-06-28 23:43   410,976   --a------   C:\WINDOWS\system32\deploytk.dll
2008-06-28 23:44 . 2008-06-28 23:43   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-06-28 22:50 . 2008-06-28 22:50   23,600   --a------   C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-06-28 22:37 . 2008-06-28 22:37   <DIR>   d--------   C:\Program Files\CCleaner
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-19 17:48   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 19:39 . 2008-06-19 17:47   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 18:58 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-06-20 18:58 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-06-12 21:03 . 2008-06-12 21:03   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLive
2008-06-09 19:10 . 2008-06-09 21:36   297   --a------   C:\WINDOWS\system32\admshare.dat
2008-06-09 19:07 . 2008-06-09 19:07   <DIR>   d--------   C:\Program Files\KuGou
2008-06-09 19:07 . 2008-06-27 22:46   <DIR>   d--------   C:\Program Files\Google
2008-06-09 19:07 . 2008-06-09 21:36   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\BITS
2008-06-09 19:05 . 2008-06-09 19:05   <DIR>   d--------   C:\Program Files\FlashGet Network
2008-05-31 20:16 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQUpdate
2008-05-31 20:04 . 2008-05-31 20:04   <DIR>   d--------   C:\WINDOWS\system32\qqedit
2008-05-31 20:04 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQ
2008-05-31 20:03 . 2008-05-31 20:04   <DIR>   d--------   C:\Program Files\Tencent
2008-05-30 23:48 . 2008-05-30 23:48   <DIR>   d--------   C:\Documents and Settings\ngp\.zone1511
2008-05-30 23:41 . 2007-01-25 11:48   297,984   -ra------   C:\WINDOWS\system32\Midas.dll
2008-05-30 23:40 . 2008-05-30 23:45   <DIR>   d--------   C:\Program Files\ZoiPPE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 20:32   ---------   d-----w   C:\Program Files\PPLive
2008-06-28 15:43   ---------   d-----w   C:\Program Files\Java
2008-06-27 14:33   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-06-24 00:35   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Skype
2008-06-22 13:45   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\ppStream
2008-06-16 10:21   ---------   d-----w   C:\Program Files\UitvDll
2008-06-15 09:27   ---------   d-----w   C:\Program Files\PPStream
2008-06-12 08:39   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\VoipCheapCom
2008-06-10 07:05   ---------   d-----w   C:\Program Files\VTTV
2008-05-27 13:54   ---------   d-----w   C:\Program Files\KULflights
2008-05-06 16:15   ---------   d-----w   C:\Program Files\MSN Messenger
2008-04-30 13:54   ---------   d-----w   C:\Program Files\同花顺2008
2008-04-28 16:10   ---------   d-----w   C:\Program Files\亿诺软件
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Coopen
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\All Users.WINDOWS\Application Data\Coopen
2008-04-28 15:09   ---------   d-----w   C:\Program Files\开屏桌面画报
.

------- Sigcheck -------

2006-04-20 20:18 360576 b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-05-14 22:48 359040 ebeab4c47642cd68d7fd23187eeca1b0   C:\WINDOWS\system32\backup\tcpip.sys
2004-08-04 20:00 359040 9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 20:00 359040 3bb4b08619c111c7be8bda07aa0de6a2   C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-29_12.44.24.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 04:39:32   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-29 05:38:09   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-29 05:39:19   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D3E6D2D-ED58-43D2-9D17-98F584B14D3B}]
         C:\WINDOWS\DDIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-06-28 23:43   34816   --a------   C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-06-28 23:43   73728   --a------   C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-25 06:53 307200]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" [ ]
"VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [ ]
"PPS Accelerator"="C:\Program Files\PPStream\ppsap.exe" [2008-04-24 18:09 162976]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 16:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 16:01 110592]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 23:04 53248]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-09-21 22:00 135224]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 11:00 94208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"yyxxi"="C:\Program Files\yyxxi\English.exe" [2007-01-02 15:15 0]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"DXDllRegExe"="dxdllreg.exe" []
"TBLFUNC"="tblmouse.exe" [2001-08-21 13:56 49152 C:\WINDOWS\system32\tblmouse.exe]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 20:00 44032]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-21 01:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-21 01:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-21 01:36 114688]
"UUCallMini"="C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" [ ]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13 2695168]
"GCXX-Manager-Class"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2004-11-24 11:06 802921]
"Skype"="C:\Program Files\skype\Phone\Skype.exe" [ ]
"leeboo.exe"="C:\Program Files\Leeboo\leeboo.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-06-28 23:43 136600]
"udtablet"="C:\WINDOWS\udtablet\UDSetup.EXE" [2001-10-29 18:52 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 20:00 44544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 13:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-09-28 12:22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 10:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\PPStream\\PPSAP.exe"=
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:G
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21]
R2 UiPlayer;Windows Network Media Service;C:\Program Files\UitvDll\msrv.exe [2007-11-30 15:46]
R2 WZCBDLService;WZCBDL Service;"C:\Program Files\WZCBDL Service\WZCBDLS.exe" [2002-03-19 12:15]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-06-01 02:46]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2004-11-05 19:08]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2004-11-05 19:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309a1df2-bdd2-11db-a216-00166f7503a0}]
\Shell\AutoRun\command - F:\idstick.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 05:41:19 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 13:41:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Wt32exe.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-06-29 13:44:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 05:44:01
ComboFix2.txt 2008-06-29 04:44:41

Pre-Run: 7,924,178,944 bytes free
Post-Run: 7,927,816,192 bytes free

208   --- E O F ---   2008-06-27 17:18:14

evilfantasy · « **Reply #13 on:** June 29, 2008, 12:07:28 AM »

Looking much better. i found something else also, you need to run this tool and insert any flash drives you have when it asks for them. If you don't have any run the tool anyway.

Download Flash_Disinfector.exe by sUBs and save it to your desktop:

Double-click Flash_Disinfector.exe to run it.
Your desktop and icons may disappear. This is normal.
It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
Follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
There will be no GUI interface or log file produced.
Reboot your computer when done.

.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

----------

Does the PC seem to be doing better now?

kschina · « **Reply #14 on:** June 29, 2008, 01:17:00 AM »

Hi evilfantasy,
Thanks.
You are really an expert. My computer is running better now.

SUPERantispyware deleted about 800 threats.
Anti-Malware never deteded any infected file.
Below are the logfile.

Malwarebytes' Anti-Malware 1.19
Database version: 901
Windows 5.1.2600 Service Pack 2

15:04:47 2008-06-29
mbam-log-6-29-2008 (15-04-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 138132
Time elapsed: 25 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_______________________________________ ______

Logfile of HijackThis v1.99.1
Scan saved at 15:06, on 2008-06-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WT32EXE.EXE
C:\Program Files\UitvDll\msrv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\tblmouse.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PPStream\ppsap.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ngp\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D3E6D2D-ED58-43D2-9D17-98F584B14D3B} - C:\WINDOWS\DDIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [yyxxi] C:\Program Files\yyxxi\English.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [TBLFUNC] tblmouse.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UUCallMini] "C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" -autorun
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [Skype] C:\Program Files\skype\Phone\Skype.exe
O4 - HKLM\..\Run: [leeboo.exe] C:\Program Files\Leeboo\leeboo.exe Auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [udtablet] C:\WINDOWS\udtablet\UDSetup.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: 开屏桌面画报.lnk = C:\Program Files\Coopen\Coopen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &使用 leeboo 加速下载 - C:\Program Files\Leeboo\getUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3384F595-9B10-4139-9893-7E4CB1F11875} (RegReader 1.2 Class) - http://10.145.204.12/wincc/Install/WebClientInstall.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213928656789
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\Software\..\Telephony: DomainName = snaponglobal.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{96878E1D-3CFE-4F5B-9D5D-22F38DD5A44E}: NameServer = 61.177.7.1 221.228.255.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = snaponglobal.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\system32\WT32EXE.EXE
O23 - Service: Windows Network Media Service (UiPlayer) - Unknown owner - C:\Program Files\UitvDll\msrv.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

evilfantasy · « **Reply #15 on:** June 29, 2008, 01:31:08 AM »

Did you see this post?

Looking much better. i found something else also, you need to run this tool and insert any flash drives you have when it asks for them. If you don't have any run the tool anyway.

Download Flash_Disinfector.exe by sUBs and save it to your desktop:

Double-click Flash_Disinfector.exe to run it.
Your desktop and icons may disappear. This is normal.
It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
Follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
There will be no GUI interface or log file produced.
Reboot your computer when done.

.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

----------

Does the PC seem to be doing better now?

evilfantasy · « **Reply #16 on:** June 29, 2008, 01:38:53 AM »

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {1D3E6D2D-ED58-43D2-9D17-98F584B14D3B} - C:\WINDOWS\DDIEHelper.dll (file missing)
O8 - Extra context menu item: &使用 leeboo 加速下载 - C:\Program Files\Leeboo\getUrl.htm
O16 - DPF: {3384F595-9B10-4139-9893-7E4CB1F11875} (RegReader 1.2 Class) - http://10.145.204.12/wincc/Install/WebClientInstall.dll

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Download FixWareout by LonnyRJonesfrom one of the two below links and save it to your desktop.

Link #1
Link #2

Run Fixwareout.
Click Next
then Install
Make sure Run fixit is checked
Click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

When you run fixwareout, just follow the prompts, you will need to restart when prompted.

After rebooting (restart) back into normal boot mode. Make sure you have all web browsers closed.

Go into Control Panel > Network Connections.
Right click on your connection
and click Properties.
On the Properties page, highlight Internet Protocol(TCP/IP)
Click Properties. This will bring up another page.
Select Obtain DNS Server Automatically.
Click the ok button. The page will close.
Press ok on the page in front of you.
Restart the computer.
Reconnect to the Internet using Internet Explorer.
Add the log from fixwareout in your next reply.
It will be located at c:\fixwareout\report.txt

.
----------

Download Dr.Web CureIt! & save it to your desktop.

Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan tab" and UNcheck "Heuristic analysis"
Back at the main window, click "Custom Scan", then "Select drives" (a red dot will show which drives have been chosen).
Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
When done, a message will be displayed at the bottom advising if any viruses were found.
Click "Yes to all" if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your desktop.
Exit Dr.Web Cureit when done.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

You can use Notepad to open the DrWeb.cvs report by right clicking it and selecting Open with > Notepad

----------

Download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
Vista users Right click DSS and Run as Administrator.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open.

main.txt <- this one will be maximized
extra.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply.

.
----------

Next post add
Fix Wareout log
Dr Web log
DSS Main & Extra.txt logs

Note: It might take two posts to get all of the logs to fit.

kschina · « **Reply #17 on:** June 29, 2008, 06:51:26 PM »

Below are the logfiles:

Username "ngp" - 2008-06-29 17:57:04 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"yyxxi"="C:\\Program Files\\yyxxi\\English.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"DXDllRegExe"="dxdllreg.exe"
"TBLFUNC"="tblmouse.exe"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"UUCallMini"="\"C:\\Documents and Settings\\ngp\\Local Settings\\Temporary Internet Files\\Content.IE5\\J94SOQ5U\\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe\" -autorun"
"D-Link Air Utility"="C:\\Program Files\\D-Link\\Air Utility\\AirCFG.exe"
"GCXX-Manager-Class"="\"C:\\Program Files\\Sony Ericsson\\Wireless Manager\\GCXXManager.exe\" -startup"
"Skype"="C:\\Program Files\\skype\\Phone\\Skype.exe"
"leeboo.exe"="C:\\Program Files\\Leeboo\\leeboo.exe Auto"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"udtablet"="C:\\WINDOWS\\udtablet\\UDSetup.EXE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"ProxyWay"="C:\\Program Files\\ProxyWay\\proxyway.exe"
"VoipCheapCom"="\"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe\" -nosplash -minimized"
"PPS Accelerator"="C:\\Program Files\\PPStream\\ppsap.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

_______________________________________ _________________________

kschina · « **Reply #18 on:** June 29, 2008, 06:53:17 PM »

QUAR1.11736;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5417;Deleted.;
QUAR1.14975;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Gamania.10712;Deleted.;
QUAR1.16783;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5416;Deleted.;
QUAR1.20671;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5416;Deleted.;
QUAR1.25790;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5422;Deleted.;
QUAR1.29885;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5416;Deleted.;
QUAR1.30643;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5421;Deleted.;
QUAR1.30727;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5482;Deleted.;
QUAR1.42849;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5418;Deleted.;
QUAR1.83456;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5751;Deleted.;
QUAR1.85829;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Gamania.10712;Deleted.;
QUAR1.89186;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5421;Deleted.;
QUAR1.96553;C:\Documents and Settings\ngp\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.PWS.Wsgame.5424;Deleted.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\ngp\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\ngp\Desktop;Archive contains infected objects;Moved.;
XP_SP2_tcpPatch.exe;C:\Program Files\PPStream;Trojan.WinCrash;Deleted.;
isndntio.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.PWS.Gamania.10415;Deleted.;
0.bmp.vir;C:\QooBox\Quarantine\C\WINDOWS\Nt_File_Temp;Trojan.Siggen.51;Deleted.;
1.bmp.vir;C:\QooBox\Quarantine\C\WINDOWS\Nt_File_Temp;Trojan.Siggen.42;Deleted.;
ajoafx.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
almkcm.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
avebdg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
baecev.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
bcqpqy.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
bnesxc.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
bucykk.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
capwpu.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
ciiljh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
dbhlp32.dlL.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Wsgame.5415;Deleted.;
dcvbmv.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
ddqyyp.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
dfwgug.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
dhmfil.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
dndsioc.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10673;Deleted.;
epxdzi.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
eypxfq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
fackaczl.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.origin;Incurable.Moved.;
fmsjhif.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10667;Deleted.;
gljqrr.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
gvvgwm.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
gxjoce.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
hpeman.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
htcxgl.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
ieafxk.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
ikokuv.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
ilrxup.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
ipcpku.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
isndntio.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10415;Deleted.;
istvaj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
iuodek.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
iuvfdm.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
iynyjo.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
kglxiq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
kkvura.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
kpbnel.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
lughda.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
mwyftj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
ncjgtr.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
neymlp.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
njvqyt.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
njwibq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
ojxqbt.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
ouskkk.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
phessc.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
ptshell.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10669;Deleted.;
qfpysu.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
qquyye.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
rhjmdp.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
rupipl.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
sgadnx.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
sgpdvy.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
sndmaj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
sqxuyp.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
sryxmo.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
tirmsr.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
tjseud.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
tluiyg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
tnpctz.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
totewi.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
trwaft.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
ujtixh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
ukqcgj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
vdgizg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
vgpikb.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
vofpwh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
wokfjz.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
wpynzh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
wqftss.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
xbubum.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
xelwxf.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
xnnaru.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
yfknsi.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
yuiabct.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10672;Deleted.;
zdxyuh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
zhybio.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
zilpiy.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
zinmfa.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
zkphbt.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
zqtvbw.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10807;Deleted.;
zvlaaw.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.10960;Deleted.;
A0050352.dll.Vir;C:\quarantine;Trojan.StartPage.1690;Deleted.;
A0050353.dll.Vir;C:\quarantine;Trojan.StartPage.1690;Deleted.;
add_remove.exe.Vir;C:\quarantine;Joke.Addrem;Moved.;
crazymouse.exe.Vir;C:\quarantine;Joke.CrazyMouse;Moved.;
mont.dll.Vir;C:\quarantine;Trojan.StartPage.1690;Deleted.;
wz041.dll.Vir;C:\quarantine;Trojan.StartPage.1690;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;

kschina · « **Reply #19 on:** June 29, 2008, 06:56:30 PM »

A0014434.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10718;Deleted.;
A0014436.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.4894;Deleted.;
A0014437.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5415;Deleted.;
A0014438.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5364;Deleted.;
A0014439.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10664;Deleted.;
A0014440.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5362;Deleted.;
A0014441.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10669;Deleted.;
A0014442.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10667;Deleted.;
A0014443.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0014444.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5559;Deleted.;
A0014446.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10672;Deleted.;
A0014447.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5363;Deleted.;
A0014448.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10673;Deleted.;
A0014450.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10675;Deleted.;
A0014488.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10718;Deleted.;
A0014489.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.4894;Deleted.;
A0014491.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5364;Deleted.;
A0014492.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5362;Deleted.;
A0014493.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10664;Deleted.;
A0014494.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5415;Deleted.;
A0014495.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10667;Deleted.;
A0014497.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0014498.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10669;Deleted.;
A0014499.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5559;Deleted.;
A0014501.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10672;Deleted.;
A0014502.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5363;Deleted.;
A0014503.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10673;Deleted.;
A0014505.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10675;Deleted.;
A0014546.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10718;Deleted.;
A0014547.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.4894;Deleted.;
A0014549.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5364;Deleted.;
A0014550.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5362;Deleted.;
A0014552.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10664;Deleted.;
A0014553.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5415;Deleted.;
A0014554.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10667;Deleted.;
A0014555.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0014556.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10669;Deleted.;
A0014557.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5559;Deleted.;
A0014559.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10672;Deleted.;
A0014560.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5363;Deleted.;
A0014561.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10675;Deleted.;
A0014562.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10673;Deleted.;
A0014602.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10718;Deleted.;
A0014603.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.4894;Deleted.;
A0014605.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5362;Deleted.;
A0014606.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5364;Deleted.;
A0014607.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10664;Deleted.;
A0014608.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5415;Deleted.;
A0014609.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10667;Deleted.;
A0014610.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0014611.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10669;Deleted.;
A0014612.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5559;Deleted.;
A0014614.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10672;Deleted.;
A0014615.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Wsgame.5363;Deleted.;
A0014616.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10673;Deleted.;
A0014617.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP81;Trojan.PWS.Gamania.10675;Deleted.;
A0014704.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10718;Deleted.;
A0014705.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.4894;Deleted.;
A0014707.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.5362;Deleted.;
A0014708.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10664;Deleted.;
A0014709.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.5364;Deleted.;
A0014710.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.5415;Deleted.;
A0014711.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10667;Deleted.;
A0014712.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.origin;Incurable.Moved.;

kschina · « **Reply #20 on:** June 29, 2008, 06:57:14 PM »

A0014713.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.5559;Deleted.;
A0014714.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10669;Deleted.;
A0014716.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10672;Deleted.;
A0014717.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.5363;Deleted.;
A0014718.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10673;Deleted.;
A0014719.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10675;Deleted.;
A0015705.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10718;Deleted.;
A0015706.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.4894;Deleted.;
A0015708.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.5364;Deleted.;
A0015709.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.5362;Deleted.;
A0015710.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10664;Deleted.;
A0015711.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.5415;Deleted.;
A0015712.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10667;Deleted.;
A0015713.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0015714.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10669;Deleted.;
A0015715.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.5559;Deleted.;
A0015717.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10672;Deleted.;
A0015718.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Wsgame.5363;Deleted.;
A0015719.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10673;Deleted.;
A0015720.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP82;Trojan.PWS.Gamania.10675;Deleted.;
A0015780.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10718;Deleted.;
A0015781.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.4894;Deleted.;
A0015784.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.5364;Deleted.;
A0015785.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.5362;Deleted.;
A0015786.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10664;Deleted.;
A0015787.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.5415;Deleted.;
A0015788.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10667;Deleted.;
A0015789.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0015790.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10669;Deleted.;
A0015791.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.5559;Deleted.;
A0015793.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.5363;Deleted.;
A0015794.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10672;Deleted.;
A0015795.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10673;Deleted.;
A0015796.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10675;Deleted.;
A0018901.exe;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.5362;Deleted.;
A0018904.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10718;Deleted.;
A0018906.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.4894;Deleted.;
A0018907.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.5364;Deleted.;
A0018908.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10664;Deleted.;
A0018909.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.5415;Deleted.;
A0018910.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10667;Deleted.;
A0018911.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0018912.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10669;Deleted.;
A0018913.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.5559;Deleted.;
A0018915.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10672;Deleted.;
A0018916.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Wsgame.5363;Deleted.;
A0018917.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10673;Deleted.;
A0018918.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP83;Trojan.PWS.Gamania.10675;Deleted.;
A0019086.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Gamania.10718;Deleted.;
A0019087.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Wsgame.4894;Deleted.;
A0019088.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Wsgame.5364;Deleted.;
A0019089.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Gamania.10664;Deleted.;
A0019091.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Wsgame.5415;Deleted.;
A0019092.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Gamania.10667;Deleted.;
A0019093.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0019094.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Gamania.10669;Deleted.;
A0019095.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Wsgame.5559;Deleted.;
A0019097.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Gamania.10672;Deleted.;
A0019098.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Wsgame.5363;Deleted.;
A0019099.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Gamania.10673;Deleted.;
A0019100.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP84;Trojan.PWS.Gamania.10675;Deleted.;
A0019135.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Gamania.10718;Deleted.;
A0019137.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Wsgame.4894;Deleted.;
A0019138.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Gamania.10664;Deleted.;
A0019139.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Gamania.10667;Deleted.;
A0019140.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Wsgame.5364;Deleted.;
A0019141.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Wsgame.5415;Deleted.;
A0019142.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0019144.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Wsgame.5559;Deleted.;
A0019145.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Wsgame.5363;Deleted.;
A0019146.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Gamania.10672;Deleted.;
A0019147.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Gamania.10669;Deleted.;
A0019149.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Gamania.10673;Deleted.;
A0019150.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP85;Trojan.PWS.Gamania.10675;Deleted.;
A0019869.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10718;Deleted.;
A0019870.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.4894;Deleted.;
A0019872.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5364;Deleted.;
A0019873.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10664;Deleted.;
A0019874.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5415;Deleted.;
A0019875.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10667;Deleted.;
A0019876.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0019877.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10669;Deleted.;
A0019878.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5559;Deleted.;
A0019880.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10672;Deleted.;
A0019881.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5363;Deleted.;
A0019882.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10673;Deleted.;
A0019883.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10675;Deleted.;
A0020914.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10718;Deleted.;
A0020915.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.4894;Deleted.;
A0020918.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5364;Deleted.;
A0020919.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10664;Deleted.;
A0020920.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5415;Deleted.;
A0020921.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10667;Deleted.;
A0020922.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0020923.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10669;Deleted.;
A0020924.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5559;Deleted.;
A0020926.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10672;Deleted.;
A0020927.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5363;Deleted.;
A0020928.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10673;Deleted.;
A0020929.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10675;Deleted.;
A0021015.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10718;Deleted.;
A0021016.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.4894;Deleted.;
A0021019.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5364;Deleted.;
A0021020.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10664;Deleted.;
A0021021.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5415;Deleted.;
A0021022.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10667;Deleted.;
A0021023.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0021024.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10669;Deleted.;
A0021025.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5559;Deleted.;
A0021027.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10672;Deleted.;
A0021028.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5363;Deleted.;
A0021029.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10673;Deleted.;
A0021030.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10675;Deleted.;
A0023073.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10718;Deleted.;
A0023074.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.4894;Deleted.;
A0023076.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5364;Deleted.;
A0023077.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10664;Deleted.;
A0023078.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5415;Deleted.;
A0023079.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10667;Deleted.;
A0023080.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.origin;Incurable.Moved.;

kschina · « **Reply #21 on:** June 29, 2008, 06:57:47 PM »

A0023081.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10669;Deleted.;
A0023082.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5559;Deleted.;
A0023084.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10672;Deleted.;
A0023085.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5363;Deleted.;
A0023086.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10673;Deleted.;
A0023087.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10675;Deleted.;
A0024063.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10718;Deleted.;
A0024064.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.4894;Deleted.;
A0024065.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5364;Deleted.;
A0024066.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10664;Deleted.;
A0024067.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5415;Deleted.;
A0024068.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10667;Deleted.;
A0024069.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0024070.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10669;Deleted.;
A0024071.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5559;Deleted.;
A0024072.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Wsgame.5363;Deleted.;
A0024074.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10672;Deleted.;
A0024075.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10673;Deleted.;
A0024076.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP86;Trojan.PWS.Gamania.10675;Deleted.;
A0024170.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Gamania.10718;Deleted.;
A0024171.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Wsgame.4894;Deleted.;
A0024173.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Wsgame.5364;Deleted.;
A0024174.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Gamania.10664;Deleted.;
A0024175.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Wsgame.5415;Deleted.;
A0024176.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Gamania.10667;Deleted.;
A0024177.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0024178.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Gamania.10669;Deleted.;
A0024179.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Wsgame.5559;Deleted.;
A0024180.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Gamania.10672;Deleted.;
A0024181.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Wsgame.5363;Deleted.;
A0024182.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Gamania.10673;Deleted.;
A0024185.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP87;Trojan.PWS.Gamania.10675;Deleted.;
A0024288.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Gamania.10718;Deleted.;
A0024289.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Wsgame.4894;Deleted.;
A0024291.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Wsgame.5364;Deleted.;
A0024292.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Gamania.10664;Deleted.;
A0024293.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Wsgame.5415;Deleted.;
A0024294.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Gamania.10667;Deleted.;
A0024295.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0024296.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Gamania.10669;Deleted.;
A0024297.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Wsgame.5559;Deleted.;
A0024299.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Gamania.10672;Deleted.;
A0024300.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Gamania.10673;Deleted.;
A0024301.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Wsgame.5363;Deleted.;
A0024302.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP88;Trojan.PWS.Gamania.10675;Deleted.;
A0024353.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.4894;Deleted.;
A0024354.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10718;Deleted.;
A0024356.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5364;Deleted.;
A0024357.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10664;Deleted.;
A0024358.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5415;Deleted.;
A0024359.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10667;Deleted.;
A0024360.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0024361.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10669;Deleted.;
A0024362.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5559;Deleted.;
A0024364.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10672;Deleted.;
A0024365.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5363;Deleted.;
A0024366.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10675;Deleted.;
A0024367.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10673;Deleted.;
A0024391.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10718;Deleted.;
A0024392.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.4894;Deleted.;
A0024393.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5364;Deleted.;
A0024394.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10664;Deleted.;
A0024395.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5415;Deleted.;
A0024397.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10667;Deleted.;
A0024398.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0024399.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10669;Deleted.;
A0024400.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5559;Deleted.;
A0024402.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10672;Deleted.;
A0024403.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5363;Deleted.;
A0024404.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10673;Deleted.;
A0024405.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10675;Deleted.;
A0025391.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10718;Deleted.;
A0025392.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.4894;Deleted.;
A0025394.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5364;Deleted.;
A0025395.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10664;Deleted.;
A0025396.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5415;Deleted.;
A0025397.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10667;Deleted.;
A0025398.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0025399.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10669;Deleted.;
A0025400.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5559;Deleted.;
A0025402.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10672;Deleted.;
A0025403.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Wsgame.5363;Deleted.;
A0025404.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10673;Deleted.;
A0025405.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP89;Trojan.PWS.Gamania.10675;Deleted.;
A0025503.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Gamania.10718;Deleted.;
A0025504.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Wsgame.4894;Deleted.;
A0025505.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Wsgame.5364;Deleted.;
A0025507.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Gamania.10664;Deleted.;
A0025508.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Wsgame.5415;Deleted.;
A0025509.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Gamania.10667;Deleted.;
A0025510.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Gamania.origin;Incurable.Moved.;

kschina · « **Reply #22 on:** June 29, 2008, 06:58:24 PM »

A0025511.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Gamania.10669;Deleted.;
A0025512.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Wsgame.5559;Deleted.;
A0025514.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Gamania.10672;Deleted.;
A0025515.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Wsgame.5363;Deleted.;
A0025516.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Gamania.10673;Deleted.;
A0025517.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP90;Trojan.PWS.Gamania.10675;Deleted.;
A0025604.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10718;Deleted.;
A0025605.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Wsgame.4894;Deleted.;
A0025607.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Wsgame.5364;Deleted.;
A0025608.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10664;Deleted.;
A0025609.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Wsgame.5415;Deleted.;
A0025610.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10667;Deleted.;
A0025611.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0025612.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10669;Deleted.;
A0025613.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Wsgame.5559;Deleted.;
A0025615.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10672;Deleted.;
A0025616.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Wsgame.5363;Deleted.;
A0025617.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10673;Deleted.;
A0025618.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10675;Deleted.;
A0026504.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10718;Deleted.;
A0026505.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Wsgame.4894;Deleted.;
A0026506.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Wsgame.5364;Deleted.;
A0026507.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10664;Deleted.;
A0026508.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Wsgame.5415;Deleted.;
A0026509.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10667;Deleted.;
A0026510.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0026511.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10669;Deleted.;
A0026512.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Wsgame.5559;Deleted.;
A0026514.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10672;Deleted.;
A0026515.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Wsgame.5363;Deleted.;
A0026516.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10673;Deleted.;
A0026517.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP91;Trojan.PWS.Gamania.10675;Deleted.;
A0026601.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10718;Deleted.;
A0026603.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.4894;Deleted.;
A0026604.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5364;Deleted.;
A0026606.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10664;Deleted.;
A0026607.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5415;Deleted.;
A0026608.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10667;Deleted.;
A0026609.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0026610.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10669;Deleted.;
A0026611.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5559;Deleted.;
A0026613.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10672;Deleted.;
A0026614.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5363;Deleted.;
A0026615.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10673;Deleted.;
A0026616.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10675;Deleted.;
A0026668.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10718;Deleted.;
A0026669.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.4894;Deleted.;
A0026671.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5364;Deleted.;
A0026672.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10664;Deleted.;
A0026673.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5415;Deleted.;
A0026674.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10667;Deleted.;
A0026675.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0026676.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10669;Deleted.;
A0026677.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5559;Deleted.;
A0026679.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10672;Deleted.;
A0026680.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5363;Deleted.;
A0026681.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10673;Deleted.;
A0026682.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10675;Deleted.;
A0027667.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10718;Deleted.;
A0027668.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.4894;Deleted.;
A0027670.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5364;Deleted.;
A0027671.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10664;Deleted.;
A0027672.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5415;Deleted.;
A0027673.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0027674.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10667;Deleted.;
A0027675.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10669;Deleted.;
A0027676.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5559;Deleted.;
A0027679.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10672;Deleted.;
A0027680.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Wsgame.5363;Deleted.;
A0027681.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10673;Deleted.;
A0027682.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP92;Trojan.PWS.Gamania.10675;Deleted.;
A0027728.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Gamania.10718;Deleted.;
A0027729.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Wsgame.4894;Deleted.;
A0027731.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Wsgame.5364;Deleted.;
A0027732.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Gamania.10664;Deleted.;
A0027733.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Wsgame.5415;Deleted.;
A0027734.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Gamania.10667;Deleted.;
A0027735.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0027736.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Gamania.10669;Deleted.;
A0027737.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Wsgame.5559;Deleted.;
A0027739.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Gamania.10672;Deleted.;
A0027740.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Wsgame.5363;Deleted.;
A0027741.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Gamania.10673;Deleted.;
A0027743.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Trojan.PWS.Gamania.10675;Deleted.;

kschina · « **Reply #23 on:** June 29, 2008, 06:59:01 PM »

A0027768.exe\data023;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93\A0027768.exe;Adware.Owlforce.origin;;
A0027768.exe;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Archive contains infected objects;Moved.;
A0027771.exe\data002;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93\A0027771.exe;Trojan.WinCrash;;
A0027771.exe;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP93;Archive contains infected objects;Moved.;
A0027845.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10718;Deleted.;
A0027847.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Wsgame.4894;Deleted.;
A0027848.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Wsgame.5364;Deleted.;
A0027849.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10664;Deleted.;
A0027850.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Wsgame.5415;Deleted.;
A0027851.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10667;Deleted.;
A0027852.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0027853.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10669;Deleted.;
A0027854.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Wsgame.5559;Deleted.;
A0027856.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10672;Deleted.;
A0027857.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Wsgame.5363;Deleted.;
A0027858.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10673;Deleted.;
A0027860.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10675;Deleted.;
A0028670.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10718;Deleted.;
A0028671.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Wsgame.4894;Deleted.;
A0028672.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Wsgame.5364;Deleted.;
A0028673.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10664;Deleted.;
A0028674.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Wsgame.5415;Deleted.;
A0028675.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10667;Deleted.;
A0028677.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0028678.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10669;Deleted.;
A0028679.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Wsgame.5559;Deleted.;
A0028681.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10672;Deleted.;
A0028682.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Wsgame.5363;Deleted.;
A0028683.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10673;Deleted.;
A0028684.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP94;Trojan.PWS.Gamania.10675;Deleted.;
A0028719.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10718;Deleted.;
A0028720.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Wsgame.4894;Deleted.;
A0028721.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Wsgame.5364;Deleted.;
A0028722.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10664;Deleted.;
A0028723.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Wsgame.5415;Deleted.;
A0028724.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10667;Deleted.;
A0028725.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0028726.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10669;Deleted.;
A0028727.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Wsgame.5559;Deleted.;
A0028729.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10672;Deleted.;
A0028730.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Wsgame.5363;Deleted.;
A0028731.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10673;Deleted.;
A0028732.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10675;Deleted.;
A0028763.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10718;Deleted.;
A0028764.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Wsgame.4894;Deleted.;
A0028765.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Wsgame.5364;Deleted.;
A0028767.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10664;Deleted.;
A0028768.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Wsgame.5415;Deleted.;
A0028769.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10667;Deleted.;
A0028770.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0028771.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10669;Deleted.;
A0028772.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Wsgame.5559;Deleted.;
A0028774.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10672;Deleted.;
A0028775.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Wsgame.5363;Deleted.;
A0028776.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10673;Deleted.;
A0028777.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP95;Trojan.PWS.Gamania.10675;Deleted.;
A0029841.dlL;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP97;Trojan.PWS.Wsgame.5415;Deleted.;
A0029842.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP97;Trojan.PWS.Gamania.10667;Deleted.;
A0029843.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP97;Trojan.PWS.Gamania.10669;Deleted.;
A0029844.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP97;Trojan.PWS.Gamania.10672;Deleted.;
A0029846.exe;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP97;Trojan.PWS.Gamania.10415;Deleted.;
A0029941.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP97;Trojan.PWS.Gamania.10673;Deleted.;
A0029942.dll;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP97;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0029978.EXE;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP97;Program.PsExec.170;Moved.;
A0030079.EXE;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Program.PsExec.170;Moved.;
A0030268.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030268.exe;Program.PsExec.171;;
A0030268.exe;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Archive contains infected objects;Moved.;
A0030269.exe;C:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Trojan.WinCrash;Deleted.;
data002\PopSrv140.exe;D:\AikCar\Aik07\Aik C\Aik make money\popinstall.exe\data002;Adware.Apropos.origin;;
data002;D:\AikCar\Aik07\Aik C\Aik make money\popinstall.exe;Archive contains infected objects;;
popinstall.exe;D:\AikCar\Aik07\Aik C\Aik make money;Archive contains infected objects;Moved.;
AVOID.EXE\avoid.exe;D:\AikCar\Aik07\Aik C\Joke\AVOID.EXE;Joke.Avoid;;
AVOID.EXE;D:\AikCar\Aik07\Aik C\Joke;Archive contains infected objects;Moved.;
BURP.EXE\burp.exe;D:\AikCar\Aik07\Aik C\Joke\BURP.EXE;Joke.Burper;;
BURP.EXE;D:\AikCar\Aik07\Aik C\Joke;Archive contains infected objects;Moved.;
FAKEDEL.EXE\fake_del.exe;D:\AikCar\Aik07\Aik C\Joke\FAKEDEL.EXE;Joke.WinDel;;
FAKEDEL.EXE;D:\AikCar\Aik07\Aik C\Joke;Archive contains infected objects;Moved.;
PIRATE.EXE\pirate.exe;D:\AikCar\Aik07\Aik C\Joke\PIRATE.EXE;Joke.Pirate;;
PIRATE.EXE;D:\AikCar\Aik07\Aik C\Joke;Archive contains infected objects;Moved.;
data022\dapie.dll;D:\AikCar\Aik07\AikPro1\Easy R\dap7.exe\data022;Adware.Dap;;
data022\dapns.dll;D:\AikCar\Aik07\AikPro1\Easy R\dap7.exe\data022;Adware.Dap;;
data022;D:\AikCar\Aik07\AikPro1\Easy R\dap7.exe;Archive contains infected objects;;
dap7.exe;D:\AikCar\Aik07\AikPro1\Easy R;Archive contains infected objects;Moved.;
ectk2006.exe\data003;D:\Personal\ectk2006.exe;Trojan.KeyLogger.origin;;
ectk2006.exe;D:\Personal;Archive contains infected objects;Moved.;
ADVB.INC;D:\Personal\Jobs Listing\Sdrc\大型SQL人才网\ADS\IMAGES;BackDoor.Ace;Deleted.;
tzcn.exe;D:\Personal\Jobs Listing\v4647_tzcn.com\downcode.com\tz;Trojan.Click.origin;Incurable.Moved.;
复件 tzcn.exe;D:\Personal\Jobs Listing\v4647_tzcn.com\downcode.com\tz;Trojan.Click.origin;Incurable.Moved.;
data002\PopSrv140.exe;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030270.exe\data002;Adware.Apropos.origin;;
data002;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030270.exe;Archive contains infected objects;;
A0030270.exe;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Archive contains infected objects;Moved.;
A0030271.EXE\avoid.exe;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030271.EXE;Joke.Avoid;;
A0030271.EXE;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Archive contains infected objects;Moved.;
A0030272.EXE\burp.exe;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030272.EXE;Joke.Burper;;
A0030272.EXE;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Archive contains infected objects;Moved.;
A0030273.EXE\fake_del.exe;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030273.EXE;Joke.WinDel;;
A0030273.EXE;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Archive contains infected objects;Moved.;
A0030274.EXE\pirate.exe;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030274.EXE;Joke.Pirate;;
A0030274.EXE;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Archive contains infected objects;Moved.;
data022\dapie.dll;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030275.exe\data022;Adware.Dap;;
data022\dapns.dll;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030275.exe\data022;Adware.Dap;;
data022;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030275.exe;Archive contains infected objects;;
A0030275.exe;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Archive contains infected objects;Moved.;
A0030276.exe\data003;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98\A0030276.exe;Trojan.KeyLogger.origin;;
A0030276.exe;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Archive contains infected objects;Moved.;
A0030277.exe;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Trojan.Click.origin;Incurable.Moved.;
A0030278.exe;D:\System Volume Information\_restore{0F3C243D-D8AF-429F-B382-F316ACC4607E}\RP98;Trojan.Click.origin;Incurable.Moved.;

kschina · « **Reply #24 on:** June 29, 2008, 07:11:53 PM »

Deckard's System Scanner v20071014.68
Run by ngp on 2008-06-30 08:36:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
19: 2008-06-30 00:36:45 UTC - RP99 - Deckard's System Scanner Restore Point
18: 2008-06-29 05:33:57 UTC - RP98 - ComboFix created restore point
17: 2008-06-29 04:31:51 UTC - RP97 - ComboFix created restore point
16: 2008-06-28 15:43:31 UTC - RP96 - Installed Java(TM) 6 Update 10
15: 2008-06-27 17:18:13 UTC - RP95 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-06-08 15:53:41 UTC - RP81 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis (run as ngp.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:37, on 2008-06-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WT32EXE.EXE
C:\Program Files\UitvDll\msrv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\tblmouse.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PPStream\ppsap.exe
C:\Documents and Settings\ngp\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\ngp\Desktop\ngp.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [yyxxi] C:\Program Files\yyxxi\English.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [TBLFUNC] tblmouse.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UUCallMini] "C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" -autorun
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [Skype] C:\Program Files\skype\Phone\Skype.exe
O4 - HKLM\..\Run: [leeboo.exe] C:\Program Files\Leeboo\leeboo.exe Auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [udtablet] C:\WINDOWS\udtablet\UDSetup.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: 开屏桌面画报.lnk = C:\Program Files\Coopen\Coopen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213928656789
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\Software\..\Telephony: DomainName = snaponglobal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = snaponglobal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = snaponglobal.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\system32\WT32EXE.EXE
O23 - Service: Windows Network Media Service (UiPlayer) - Unknown owner - C:\Program Files\UitvDll\msrv.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

-- HijackThis Fixed Entries (C:\DOCUME~1\ngp\Desktop\backups\) -----------------

backup-20061125-011417-358 O11 - Options group: [INTERNATIONAL] International*
backup-20061125-011417-428 O2 - BHO: Owlforce - {37E1A9E5-00D4-4203-8E58-B91F383A3809} - (no file)
backup-20061125-011417-578 O4 - HKLM\..\Run: [A] C:\WINDOWS\system32\rundll32.exe mont.dll s
backup-20080629-174950-137 O16 - DPF: {3384F595-9B10-4139-9893-7E4CB1F11875} (RegReader 1.2 Class) - http://10.145.204.12/wincc/Install/WebClientInstall.dll
backup-20080629-174950-357 O8 - Extra context menu item: &使用 leeboo 加速下载 - C:\Program Files\Leeboo\getUrl.htm
backup-20080629-174950-502 O2 - BHO: (no name) - {1D3E6D2D-ED58-43D2-9D17-98F584B14D3B} - C:\WINDOWS\DDIEHelper.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 NIOC (NIOC Service) - c:\windows\system32\nioc.sys <Not Verified; D-Link Corporation; NIOC (NT5) Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 JavaQuickStarterService (Java Quick Starter) - "c:\program files\java\jre6\bin\jqs.exe" -service -config "c:\program files\java\jre6\lib\deploy\jqs\jqs.conf" <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6 U10>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 TabletService (Tablet Service) - c:\windows\system32\wt32exe.exe <Not Verified; Aiptek; Aiptek wt32exe>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel? Corporation; SSOFSet Service>
R2 WZCBDLService (WZCBDL Service) - "c:\program files\wzcbdl service\wzcbdls.exe" <Not Verified; D-Link; WZCBDLService Launcher (NT)>

kschina · « **Reply #25 on:** June 29, 2008, 07:12:37 PM »

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-30 08:02:08 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-29 22:06:41 0 d-------- C:\Documents and Settings\ngp\DoctorWeb
2008-06-29 14:00:22 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-06-29 12:30:32 68096 --a------ C:\WINDOWS\zip.exe
2008-06-29 12:30:32 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-29 12:30:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 12:30:32 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-29 12:30:32 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-29 12:30:32 98816 --a------ C:\WINDOWS\sed.exe
2008-06-29 12:30:32 80412 --a------ C:\WINDOWS\grep.exe
2008-06-29 12:30:32 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-29 11:29:18 0 d-------- C:\VundoFix Backups
2008-06-29 10:10:38 0 d-------- C:\WINDOWS\ERUNT
2008-06-29 00:12:13 0 dr-h----- C:\Documents and Settings\ngp\Recent
2008-06-28 23:42:47 0 d-------- C:\Documents and Settings\ngp\Application Data\Sun
2008-06-28 22:50:18 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-06-28 22:37:08 0 d-------- C:\Program Files\CCleaner
2008-06-28 19:39:31 0 d-------- C:\Documents and Settings\ngp\Application Data\Malwarebytes
2008-06-28 19:39:27 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-28 19:39:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 01:07:25 0 d-------- C:\WINDOWS\pss
2008-06-12 21:03:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLive
2008-06-09 19:10:34 297 --a------ C:\WINDOWS\system32\admshare.dat
2008-06-09 19:08:45 0 d-------- C:\Documents and Settings\ngp\Application Data\Google
2008-06-09 19:07:46 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-06-09 19:07:29 0 d-------- C:\Program Files\Google
2008-06-09 19:07:28 0 d-------- C:\Program Files\KuGou
2008-06-09 19:07:20 0 d-------- C:\Documents and Settings\ngp\Application Data\BITS
2008-06-09 19:05:52 0 d-------- C:\Program Files\FlashGet Network
2008-05-31 20:16:03 0 d-------- C:\Documents and Settings\ngp\Application Data\QQUpdate
2008-05-31 20:04:39 0 d-------- C:\Documents and Settings\ngp\Application Data\QQ
2008-05-31 20:04:06 0 d-------- C:\WINDOWS\system32\qqedit
2008-05-31 20:03:33 0 d-------- C:\Program Files\Tencent
2008-05-30 23:48:44 0 d-------- C:\Documents and Settings\ngp\.zone1511
2008-05-30 23:41:27 297984 -ra------ C:\WINDOWS\system32\Midas.dll <Not Verified; Borland Software Corporation; Midas support DLL>
2008-05-30 23:40:49 0 d-------- C:\Program Files\ZoiPPE

-- Find3M Report ---------------------------------------------------------------

2008-06-29 23:28:49 0 d-------- C:\Program Files\PPStream
2008-06-29 14:00:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-29 12:33:06 0 d-------- C:\Program Files\Common Files
2008-06-29 04:32:33 0 d-------- C:\Program Files\PPLive
2008-06-28 23:43:35 0 d-------- C:\Program Files\Java
2008-06-24 08:35:59 0 d-------- C:\Documents and Settings\ngp\Application Data\Skype
2008-06-22 21:45:28 0 d-------- C:\Documents and Settings\ngp\Application Data\ppStream
2008-06-16 18:21:17 0 d-------- C:\Program Files\UitvDll
2008-06-12 16:39:02 0 d-------- C:\Documents and Settings\ngp\Application Data\VoipCheapCom
2008-06-10 15:05:40 0 d-------- C:\Program Files\VTTV
2008-05-27 21:54:08 0 d-------- C:\Program Files\KULflights
2008-05-07 00:15:26 0 d-------- C:\Program Files\MSN Messenger
2008-04-30 21:54:19 0 d-------- C:\Program Files\同花顺2008

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-06-28 23:43 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-06-28 23:43 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 16:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 16:01]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 23:04]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-09-21 22:00]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-23 11:00]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]
"yyxxi"="C:\Program Files\yyxxi\English.exe" [2007-01-02 15:15]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"DXDllRegExe"="dxdllreg.exe" []
"TBLFUNC"="tblmouse.exe" [2001-08-21 13:56 C:\WINDOWS\system32\tblmouse.exe]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 20:00]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-21 01:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-21 01:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-21 01:36]
"UUCallMini"="C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" []
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13]
"GCXX-Manager-Class"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2004-11-24 11:06]
"Skype"="C:\Program Files\skype\Phone\Skype.exe" []
"leeboo.exe"="C:\Program Files\Leeboo\leeboo.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-06-28 23:43]
"udtablet"="C:\WINDOWS\udtablet\UDSetup.EXE" [2001-10-29 18:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-25 06:53]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" []
"VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" []
"PPS Accelerator"="C:\Program Files\PPStream\ppsap.exe" [2008-04-24 18:09]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-29 14:00 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-29 14:00 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309a1df2-bdd2-11db-a216-00166f7503a0}]
AutoRun\command- F:\idstick.exe

-- End of Deckard's System Scanner: finished at 2008-06-30 08:38:22 ------------

kschina · « **Reply #26 on:** June 29, 2008, 07:13:51 PM »

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 503.36 MiB / 173.86 MiB
Pagefile Memory (total/avail): 1228.5 MiB / 954.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.97 MiB

C: is Fixed (NTFS) - 20 GiB total, 7.28 GiB free.
D: is Fixed (NTFS) - 54.47 GiB total, 17.38 GiB free.
E: is CDROM (No Media)
J: is Network (Unformatted)
K: is Network (Unformatted)
W: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080AH - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 20 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 54.47 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Globe7\\Globe7.exe"="C:\\Program Files\\Globe7\\Globe7.exe:*:Enabled:Globe7"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream P2P流媒体播放器"
"C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe"="C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe:*:Enabled:java"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe"="C:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe:*:Enabled:Web 迅雷"
"C:\\Program Files\\skype\\Phone\\Skype.exe"="C:\\Program Files\\skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"="C:\\Program Files\\Skype1\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Globe7\\Globe7.exe"="C:\\Program Files\\Globe7\\Globe7.exe:LocalSubNet:Enabled:Globe7"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS¨a???|ì?¨o¨?"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"="C:\\Program Files\\Skype1\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS ¨a?

¨??¨′

"
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\ngp\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KUNSWXP8JYFY1X
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ngp
LOGONSERVER=\\TKYOW23SGDC1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;;P:\BMER\EXE;P:\UTILS\SHARED;C:\BMER\EXE;C:\UTILS\SHARED
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SLclientDir=C:\ScriptLogic
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ngp\LOCALS~1\Temp
TMP=C:\DOCUME~1\ngp\LOCALS~1\Temp
USERDNSDOMAIN=SNAPONGLOBAL.COM
USERDOMAIN=SNAPONGLOBAL
USERNAME=ngp
USERPROFILE=C:\Documents and Settings\ngp
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

guoj (admin)
ngp (admin)
dell.DELL-297E88DF42 (admin)
Administrator (admin)

kschina · « **Reply #27 on:** June 29, 2008, 07:14:36 PM »

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5D PDF Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2A227E0-8DEC-11D2-A564-B2890D000000}\setup.exe" -Uninstall
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-5A64-7E8A45000001}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Air Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{67BB93E2-60DD-49F5-97CB-3187BAE9D4E6}
Broadcom Gigabit Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
D-Link AirPlus Xtreme G --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D7E52B9-06F6-45C9-BE3C-B27AD7FAD5F3}\Setup.exe" -l0x9
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DriverAgent by TouchStone Software --> RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
eDrawings 2007 --> MsiExec.exe /I{AB591386-48C1-4F8F-916C-DB780AF60644}
English Speech Package(XP) --> MsiExec.exe /I{D96DB1B8-87D0-11D6-AF24-F7A021CEBF7F}
Globe7 --> C:\Program Files\Globe7\Uninstal.exe
Gobe7 --> "C:\Program Files\Globe7\UnInstallGlobe7.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\ngp\Desktop\HijackThis.exe /uninstall
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HyperPen --> RmTablet.exe
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java(TM) 6 Update 10 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KL International Airport --> C:\PROGRA~1\KULFLI~1\Unwise32.exe /A C:\PROGRA~1\KULFLI~1\install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NIOC Service --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PPLive 1.9 --> C:\Program Files\PPLive\uninst.exe
PPStream P2P流媒体播放控件 --> "C:\Program Files\PPStream\unins001.exe"
PPS网络电视 --> C:\Program Files\PPStream\uninst.exe
Serif 3DPlus 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A36638C0-D8B9-11D3-9801-00A0CC555167}\setup.exe"
Serif PhotoPlus 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9
SIMATIC WinCC/Web Navigator Client V6.2 --> MsiExec.exe /I{EE2B555A-3244-495E-BAA2-69311A569ED7}
SimpChinese Speech Package --> MsiExec.exe /X{D96DB0AB-87D0-11D6-AF24-F7A021CEBF7F}
Skype? 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sogou PXP Accelerator 2.2.0.19 --> C:\Program Files\Sogou PXP\Uninstall.exe
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson Wireless Manager --> C:\WINDOWS\system32\GCXXMU.exe verbose
Sony Ericsson Wireless Modem --> C:\WINDOWS\system32\GCXXDU.exe verbose
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A4526249-944F-4108-B686-A435B4A62BA5} /l1033
UiPlayer视频播放控件 --> "C:\Program Files\UitvDll\unins000.exe"
VoipStunt --> "C:\Program Files\VoipStunt.com\VoipStunt\unins000.exe"
VTTV 3.0.1 --> C:\Program Files\VTTV\uninst.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WZCBDL Service --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{26595B84-25F5-43E2-9696-B1720E813850}
ZoiPPE --> MsiExec.exe /X{7F5D9CED-E962-486B-BAF9-F3D5664F2D2F}
全国通 2.22 --> "C:\Program Files\全国通\unins000.exe"
同花顺2008(v4.40.52,Build 2008.01.08) --> "C:\Program Files\同花顺2008\unins000.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type20267 / Error
Event Submitted/Written: 06/30/2008 08:34:34 AM
Event ID/Source: 5022 / McLogEvent
Event Description:
MCSCAN32 Engine Initialisation failed.
Engine returned error : The DAT file versions do not match each other.

Event Record #/Type20266 / Error
Event Submitted/Written: 06/30/2008 08:29:29 AM
Event ID/Source: 5022 / McLogEvent
Event Description:
MCSCAN32 Engine Initialisation failed.
Engine returned error : The DAT file versions do not match each other.

Event Record #/Type20265 / Error
Event Submitted/Written: 06/30/2008 08:05:44 AM
Event ID/Source: 5022 / McLogEvent
Event Description:
MCSCAN32 Engine Initialisation failed.
Engine returned error : The DAT file versions do not match each other.

Event Record #/Type20264 / Error
Event Submitted/Written: 06/30/2008 08:02:14 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type20263 / Error
Event Submitted/Written: 06/30/2008 08:01:15 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type101710 / Warning
Event Submitted/Written: 06/30/2008 08:37:31 AM
Event ID/Source: 11197 / DnsApi
Event Description:
The system failed to update and remove host (A) resource records (RRs)
for network adapter
with settings:

Adapter Name : {DBE6E608-7CC9-4BA4-987D-37B5E05F6A9B}

Host Name : kunswyp8jrfy1z

Primary Domain Suffix : snaponglobal.com

DNS server list :

10.6.84.19, 10.0.17.23

Sent update to server : 10.1.1.1

IP Address(es) :

10.145.204.56

The reason the update request failed was because of a system problem.
For specific error code, see the record data displayed below.

Event Record #/Type101708 / Warning
Event Submitted/Written: 06/30/2008 08:36:54 AM / 06/30/2008 08:37:30 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type101707 / Error
Event Submitted/Written: 06/30/2008 08:34:34 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Network Associates McShield service terminated with service-specific error 5022 (0x139E).

Event Record #/Type101701 / Warning
Event Submitted/Written: 06/30/2008 08:31:55 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type101699 / Error
Event Submitted/Written: 06/30/2008 08:29:30 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Network Associates McShield service terminated with service-specific error 5022 (0x139E).

-- End of Deckard's System Scanner: finished at 2008-06-30 08:38:22 ------------

evilfantasy · « **Reply #28 on:** June 29, 2008, 10:52:47 PM »

Let's get a new Combofix log with the new version.

Delete the copy of Combofix from the Desktop and download the updated version.

Download Combofix by sUBs from one of the below links.

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Click this link to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log.
Please save that log to post in your next reply.
Re-enable all of your security programs that were disabled during the running of ComboFix.

Note: Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

----------

Next post
Combofix log

kschina · « **Reply #29 on:** June 30, 2008, 08:29:39 AM »

ComboFix 08-06-20.4 - ngp 2008-06-30 22:11:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.213 [GMT 8:00]
Running from: C:\Documents and Settings\ngp\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-29 22:06 . 2008-06-29 22:27   <DIR>   d--------   C:\Documents and Settings\ngp\DoctorWeb
2008-06-29 22:05 . 2008-06-29 22:05   <DIR>   d--------   C:\Deckard
2008-06-29 17:54 . 2008-06-29 18:03   <DIR>   d--------   C:\fixwareout
2008-06-29 14:00 . 2008-06-29 14:00   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-06-29 11:29 . 2008-06-29 11:29   <DIR>   d--------   C:\VundoFix Backups
2008-06-29 10:10 . 2008-06-29 10:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-06-29 09:37 . 2008-06-29 10:26   <DIR>   d--------   C:\SDFix
2008-06-28 23:44 . 2008-06-28 23:43   410,976   --a------   C:\WINDOWS\system32\deploytk.dll
2008-06-28 23:44 . 2008-06-28 23:43   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-06-28 22:50 . 2008-06-28 22:50   23,600   --a------   C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-06-28 22:37 . 2008-06-28 22:37   <DIR>   d--------   C:\Program Files\CCleaner
2008-06-28 19:39 . 2008-06-29 14:38   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-28 14:16   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 19:39 . 2008-06-28 14:16   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 18:58 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-06-20 18:58 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-06-12 21:03 . 2008-06-12 21:03   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLive
2008-06-09 19:10 . 2008-06-09 21:36   297   --a------   C:\WINDOWS\system32\admshare.dat
2008-06-09 19:07 . 2008-06-09 19:07   <DIR>   d--------   C:\Program Files\KuGou
2008-06-09 19:07 . 2008-06-27 22:46   <DIR>   d--------   C:\Program Files\Google
2008-06-09 19:07 . 2008-06-09 21:36   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\BITS
2008-06-09 19:05 . 2008-06-09 19:05   <DIR>   d--------   C:\Program Files\FlashGet Network
2008-05-31 20:16 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQUpdate
2008-05-31 20:04 . 2008-05-31 20:04   <DIR>   d--------   C:\WINDOWS\system32\qqedit
2008-05-31 20:04 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQ
2008-05-31 20:03 . 2008-05-31 20:04   <DIR>   d--------   C:\Program Files\Tencent
2008-05-30 23:48 . 2008-05-30 23:48   <DIR>   d--------   C:\Documents and Settings\ngp\.zone1511
2008-05-30 23:41 . 2007-01-25 11:48   297,984   -ra------   C:\WINDOWS\system32\Midas.dll
2008-05-30 23:40 . 2008-05-30 23:45   <DIR>   d--------   C:\Program Files\ZoiPPE
2008-05-15 23:58 . 2008-06-30 22:21   41   --a------   C:\WINDOWS\PCDNSetting.ini
2008-05-15 23:58 . 2008-06-30 22:21   27   --a------   C:\WINDOWS\ppssg.ini
2008-05-14 22:51 . 2008-06-22 23:19   45   --a------   C:\WINDOWS\msgtn.ini
2008-05-14 22:48 . 2008-05-14 22:48   <DIR>   d--------   C:\WINDOWS\system32\backup
2008-05-07 00:16 . 2008-05-09 21:59   204   --a------   C:\WINDOWS\struct~.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 15:28   ---------   d-----w   C:\Program Files\PPStream
2008-06-29 06:00   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-06-28 20:32   ---------   d-----w   C:\Program Files\PPLive
2008-06-28 15:43   ---------   d-----w   C:\Program Files\Java
2008-06-24 00:35   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Skype
2008-06-22 13:45   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\ppStream
2008-06-16 10:21   ---------   d-----w   C:\Program Files\UitvDll
2008-06-12 08:39   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\VoipCheapCom
2008-06-10 07:05   ---------   d-----w   C:\Program Files\VTTV
2008-05-27 13:54   ---------   d-----w   C:\Program Files\KULflights
2008-05-06 16:15   ---------   d-----w   C:\Program Files\MSN Messenger
2008-04-30 13:54   ---------   d-----w   C:\Program Files\同花顺2008
2008-04-28 16:10   ---------   d-----w   C:\Program Files\亿诺软件
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Coopen
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\All Users.WINDOWS\Application Data\Coopen
2008-04-28 15:09   ---------   d-----w   C:\Program Files\开屏桌面画报
.

------- Sigcheck -------

2006-04-20 20:18 360576 b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-05-14 22:48 359040 ebeab4c47642cd68d7fd23187eeca1b0   C:\WINDOWS\system32\backup\tcpip.sys
2004-08-04 20:00 359040 9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 20:00 359040 3bb4b08619c111c7be8bda07aa0de6a2   C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-29_12.44.24.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 04:39:32   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-30 14:15:45   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2007-11-20 08:04:32   1,523,536   ----a-w   C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-03-24 11:33:02   1,527,056   ----a-w   C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-03-25 02:32:44   218,496   ----a-r   C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2008-01-29 14:17:11   74,649   ----a-w   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-30 12:57:24   74,649   ----a-w   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-30 14:17:07   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_324.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-06-28 23:43   34816   --a------   C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-06-28 23:43   73728   --a------   C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-25 06:53 307200]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" [ ]
"VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [ ]
"PPS Accelerator"="C:\Program Files\PPStream\ppsap.exe" [2008-04-24 18:09 162976]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 16:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 16:01 110592]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 23:04 53248]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-09-21 22:00 135224]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 11:00 94208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"yyxxi"="C:\Program Files\yyxxi\English.exe" [2007-01-02 15:15 0]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"DXDllRegExe"="dxdllreg.exe" []
"TBLFUNC"="tblmouse.exe" [2001-08-21 13:56 49152 C:\WINDOWS\system32\tblmouse.exe]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 20:00 44032]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-21 01:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-21 01:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-21 01:36 114688]
"UUCallMini"="C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" [ ]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13 2695168]
"GCXX-Manager-Class"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2004-11-24 11:06 802921]
"Skype"="C:\Program Files\skype\Phone\Skype.exe" [ ]
"leeboo.exe"="C:\Program Files\Leeboo\leeboo.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-06-28 23:43 136600]
"udtablet"="C:\WINDOWS\udtablet\UDSetup.EXE" [2001-10-29 18:52 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 20:00 44544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 13:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-29 14:00 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-29 14:00 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\PPStream\\PPSAP.exe"=
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:G
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21]
R2 UiPlayer;Windows Network Media Service;C:\Program Files\UitvDll\msrv.exe [2007-11-30 15:46]
R2 WZCBDLService;WZCBDL Service;"C:\Program Files\WZCBDL Service\WZCBDLS.exe" [2002-03-19 12:15]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-06-01 02:46]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2004-11-05 19:08]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2004-11-05 19:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309a1df2-bdd2-11db-a216-00166f7503a0}]
\Shell\AutoRun\command - F:\idstick.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 14:18:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 22:21:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Wt32exe.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-06-30 22:23:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 14:23:38
ComboFix2.txt 2008-06-29 05:44:06
ComboFix3.txt 2008-06-29 04:44:41

Pre-Run: 7,788,777,472 bytes free
Post-Run: 7,806,238,720 bytes free

219   --- E O F ---   2008-06-27 17:18:14

evilfantasy · « **Reply #30 on:** June 30, 2008, 09:38:37 AM »

Let's do some cleanup and also let me know how the computer is now.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
.

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

.

.
The above procedure will:

Delete:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed)

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

How is everything now?

kschina · « **Reply #31 on:** June 30, 2008, 11:13:55 AM »

Hi evilfantasy,

I have done all the action as instructed by you.
Now my PC is back to normal.
Once again thanks alot for your expertise help.

evilfantasy · « **Reply #32 on:** June 30, 2008, 03:04:59 PM »

Glad it's back to normal. Let us know if anything else comes up.....

Computer Hope Forum

News:

Author Topic: Computer Hang (Read 35870 times)

kschina

kpac

evilfantasy

kschina

evilfantasy

kschina

evilfantasy

kschina

evilfantasy

kschina

kschina

evilfantasy

kschina

evilfantasy

kschina

evilfantasy

evilfantasy

kschina

kschina

kschina

kschina

kschina

kschina

kschina

kschina

kschina

kschina

kschina

evilfantasy

kschina

evilfantasy

kschina

evilfantasy