Software > Computer viruses and spyware

Computer Hang

<< < (6/7) > >>

kschina:

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-30 08:02:08       330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-29 22:06:41         0 d-------- C:\Documents and Settings\ngp\DoctorWeb
2008-06-29 14:00:22         0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-06-29 12:30:32     68096 --a------ C:\WINDOWS\zip.exe
2008-06-29 12:30:32     49152 --a------ C:\WINDOWS\VFind.exe
2008-06-29 12:30:32    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 12:30:32    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-29 12:30:32    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-29 12:30:32     98816 --a------ C:\WINDOWS\sed.exe
2008-06-29 12:30:32     80412 --a------ C:\WINDOWS\grep.exe
2008-06-29 12:30:32     89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-29 11:29:18         0 d-------- C:\VundoFix Backups
2008-06-29 10:10:38         0 d-------- C:\WINDOWS\ERUNT
2008-06-29 00:12:13         0 dr-h----- C:\Documents and Settings\ngp\Recent
2008-06-28 23:42:47         0 d-------- C:\Documents and Settings\ngp\Application Data\Sun
2008-06-28 22:50:18     23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-06-28 22:37:08         0 d-------- C:\Program Files\CCleaner
2008-06-28 19:39:31         0 d-------- C:\Documents and Settings\ngp\Application Data\Malwarebytes
2008-06-28 19:39:27         0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-28 19:39:26         0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 01:07:25         0 d-------- C:\WINDOWS\pss
2008-06-12 21:03:07         0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLive
2008-06-09 19:10:34       297 --a------ C:\WINDOWS\system32\admshare.dat
2008-06-09 19:08:45         0 d-------- C:\Documents and Settings\ngp\Application Data\Google
2008-06-09 19:07:46         0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-06-09 19:07:29         0 d-------- C:\Program Files\Google
2008-06-09 19:07:28         0 d-------- C:\Program Files\KuGou
2008-06-09 19:07:20         0 d-------- C:\Documents and Settings\ngp\Application Data\BITS
2008-06-09 19:05:52         0 d-------- C:\Program Files\FlashGet Network
2008-05-31 20:16:03         0 d-------- C:\Documents and Settings\ngp\Application Data\QQUpdate
2008-05-31 20:04:39         0 d-------- C:\Documents and Settings\ngp\Application Data\QQ
2008-05-31 20:04:06         0 d-------- C:\WINDOWS\system32\qqedit
2008-05-31 20:03:33         0 d-------- C:\Program Files\Tencent
2008-05-30 23:48:44         0 d-------- C:\Documents and Settings\ngp\.zone1511
2008-05-30 23:41:27    297984 -ra------ C:\WINDOWS\system32\Midas.dll <Not Verified; Borland Software Corporation; Midas support DLL>
2008-05-30 23:40:49         0 d-------- C:\Program Files\ZoiPPE


-- Find3M Report ---------------------------------------------------------------

2008-06-29 23:28:49         0 d-------- C:\Program Files\PPStream
2008-06-29 14:00:23         0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-29 12:33:06         0 d-------- C:\Program Files\Common Files
2008-06-29 04:32:33         0 d-------- C:\Program Files\PPLive
2008-06-28 23:43:35         0 d-------- C:\Program Files\Java
2008-06-24 08:35:59         0 d-------- C:\Documents and Settings\ngp\Application Data\Skype
2008-06-22 21:45:28         0 d-------- C:\Documents and Settings\ngp\Application Data\ppStream
2008-06-16 18:21:17         0 d-------- C:\Program Files\UitvDll
2008-06-12 16:39:02         0 d-------- C:\Documents and Settings\ngp\Application Data\VoipCheapCom
2008-06-10 15:05:40         0 d-------- C:\Program Files\VTTV
2008-05-27 21:54:08         0 d-------- C:\Program Files\KULflights
2008-05-07 00:15:26         0 d-------- C:\Program Files\MSN Messenger
2008-04-30 21:54:19         0 d-------- C:\Program Files\同花顺2008


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-06-28 23:43   34816   --a------   C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-06-28 23:43   73728   --a------   C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 16:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 16:01]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 23:04]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-09-21 22:00]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-23 11:00]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]
"yyxxi"="C:\Program Files\yyxxi\English.exe" [2007-01-02 15:15]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"DXDllRegExe"="dxdllreg.exe" []
"TBLFUNC"="tblmouse.exe" [2001-08-21 13:56 C:\WINDOWS\system32\tblmouse.exe]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 20:00]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-21 01:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-21 01:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-21 01:36]
"UUCallMini"="C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" []
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13]
"GCXX-Manager-Class"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2004-11-24 11:06]
"Skype"="C:\Program Files\skype\Phone\Skype.exe" []
"leeboo.exe"="C:\Program Files\Leeboo\leeboo.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-06-28 23:43]
"udtablet"="C:\WINDOWS\udtablet\UDSetup.EXE" [2001-10-29 18:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-25 06:53]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" []
"VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" []
"PPS Accelerator"="C:\Program Files\PPStream\ppsap.exe" [2008-04-24 18:09]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-29 14:00 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-29 14:00 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309a1df2-bdd2-11db-a216-00166f7503a0}]
AutoRun\command- F:\idstick.exe




-- End of Deckard's System Scanner: finished at 2008-06-30 08:38:22 ------------

kschina:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 503.36 MiB / 173.86 MiB
Pagefile Memory (total/avail): 1228.5 MiB / 954.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.97 MiB

C: is Fixed (NTFS) - 20 GiB total, 7.28 GiB free.
D: is Fixed (NTFS) - 54.47 GiB total, 17.38 GiB free.
E: is CDROM (No Media)
J: is Network (Unformatted)
K: is Network (Unformatted)
W: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080AH - 74.53 GiB - 3 partitions
  \PARTITION0 - Unknown - 62.72 MiB
  \PARTITION1 (bootable) - Installable File System - 20 GiB - C:
  \PARTITION2 - Extended w/Extended Int 13 - 54.47 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Globe7\\Globe7.exe"="C:\\Program Files\\Globe7\\Globe7.exe:*:Enabled:Globe7"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream P2P流媒体播放器"
"C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe"="C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe:*:Enabled:java"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe"="C:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe:*:Enabled:Web 迅雷"
"C:\\Program Files\\skype\\Phone\\Skype.exe"="C:\\Program Files\\skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"="C:\\Program Files\\Skype1\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Globe7\\Globe7.exe"="C:\\Program Files\\Globe7\\Globe7.exe:LocalSubNet:Enabled:Globe7"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPSa???|?o?"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"="C:\\Program Files\\Skype1\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS a??????′???"
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\ngp\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KUNSWXP8JYFY1X
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ngp
LOGONSERVER=\\TKYOW23SGDC1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;;P:\BMER\EXE;P:\UTILS\SHARED;C:\BMER\EXE;C:\UTILS\SHARED
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SLclientDir=C:\ScriptLogic
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ngp\LOCALS~1\Temp
TMP=C:\DOCUME~1\ngp\LOCALS~1\Temp
USERDNSDOMAIN=SNAPONGLOBAL.COM
USERDOMAIN=SNAPONGLOBAL
USERNAME=ngp
USERPROFILE=C:\Documents and Settings\ngp
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

guoj (admin)
ngp (admin)
dell.DELL-297E88DF42 (admin)
Administrator (admin)

kschina:
-- Add/Remove Programs ---------------------------------------------------------

 --> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5D PDF Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2A227E0-8DEC-11D2-A564-B2890D000000}\setup.exe"  -Uninstall
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-5A64-7E8A45000001}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Air Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{67BB93E2-60DD-49F5-97CB-3187BAE9D4E6}
Broadcom Gigabit Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
D-Link AirPlus Xtreme G --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D7E52B9-06F6-45C9-BE3C-B27AD7FAD5F3}\Setup.exe" -l0x9
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DriverAgent by TouchStone Software --> RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
eDrawings 2007 --> MsiExec.exe /I{AB591386-48C1-4F8F-916C-DB780AF60644}
English Speech Package(XP) --> MsiExec.exe /I{D96DB1B8-87D0-11D6-AF24-F7A021CEBF7F}
Globe7 --> C:\Program Files\Globe7\Uninstal.exe
Gobe7 --> "C:\Program Files\Globe7\UnInstallGlobe7.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\ngp\Desktop\HijackThis.exe /uninstall
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HyperPen --> RmTablet.exe
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java(TM) 6 Update 10 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KL International Airport --> C:\PROGRA~1\KULFLI~1\Unwise32.exe /A C:\PROGRA~1\KULFLI~1\install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NIOC Service --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
PPLive 1.9 --> C:\Program Files\PPLive\uninst.exe
PPStream P2P流媒体播放控件 --> "C:\Program Files\PPStream\unins001.exe"
PPS网络电视 --> C:\Program Files\PPStream\uninst.exe
Serif 3DPlus 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A36638C0-D8B9-11D3-9801-00A0CC555167}\setup.exe"
Serif PhotoPlus 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9
SIMATIC WinCC/Web Navigator Client V6.2 --> MsiExec.exe /I{EE2B555A-3244-495E-BAA2-69311A569ED7}
SimpChinese Speech Package --> MsiExec.exe /X{D96DB0AB-87D0-11D6-AF24-F7A021CEBF7F}
Skype? 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sogou PXP Accelerator 2.2.0.19 --> C:\Program Files\Sogou PXP\Uninstall.exe
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson Wireless Manager --> C:\WINDOWS\system32\GCXXMU.exe verbose
Sony Ericsson Wireless Modem --> C:\WINDOWS\system32\GCXXDU.exe verbose
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A4526249-944F-4108-B686-A435B4A62BA5} /l1033
UiPlayer视频播放控件 --> "C:\Program Files\UitvDll\unins000.exe"
VoipStunt --> "C:\Program Files\VoipStunt.com\VoipStunt\unins000.exe"
VTTV 3.0.1 --> C:\Program Files\VTTV\uninst.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WZCBDL Service --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{26595B84-25F5-43E2-9696-B1720E813850}
ZoiPPE --> MsiExec.exe /X{7F5D9CED-E962-486B-BAF9-F3D5664F2D2F}
全国通 2.22 --> "C:\Program Files\全国通\unins000.exe"
同花顺2008(v4.40.52,Build 2008.01.08) --> "C:\Program Files\同花顺2008\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type20267 / Error
Event Submitted/Written: 06/30/2008 08:34:34 AM
Event ID/Source: 5022 / McLogEvent
Event Description:
MCSCAN32 Engine Initialisation failed.
Engine returned error : The DAT file versions do not match each other.

Event Record #/Type20266 / Error
Event Submitted/Written: 06/30/2008 08:29:29 AM
Event ID/Source: 5022 / McLogEvent
Event Description:
MCSCAN32 Engine Initialisation failed.
Engine returned error : The DAT file versions do not match each other.

Event Record #/Type20265 / Error
Event Submitted/Written: 06/30/2008 08:05:44 AM
Event ID/Source: 5022 / McLogEvent
Event Description:
MCSCAN32 Engine Initialisation failed.
Engine returned error : The DAT file versions do not match each other.

Event Record #/Type20264 / Error
Event Submitted/Written: 06/30/2008 08:02:14 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type20263 / Error
Event Submitted/Written: 06/30/2008 08:01:15 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type101710 / Warning
Event Submitted/Written: 06/30/2008 08:37:31 AM
Event ID/Source: 11197 / DnsApi
Event Description:
The system failed to update and remove host (A) resource records (RRs)
for network adapter
with settings:


  Adapter Name : {DBE6E608-7CC9-4BA4-987D-37B5E05F6A9B}

  Host Name : kunswyp8jrfy1z

  Primary Domain Suffix : snaponglobal.com

  DNS server list :

       10.6.84.19, 10.0.17.23

  Sent update to server : 10.1.1.1

  IP Address(es) :

    10.145.204.56


The reason the update request failed was because of a system problem.
For specific error code, see the record data displayed below.

Event Record #/Type101708 / Warning
Event Submitted/Written: 06/30/2008 08:36:54 AM / 06/30/2008 08:37:30 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down.  Check to make sure the network cable is properly connected.

Event Record #/Type101707 / Error
Event Submitted/Written: 06/30/2008 08:34:34 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Network Associates McShield service terminated with service-specific error 5022 (0x139E).

Event Record #/Type101701 / Warning
Event Submitted/Written: 06/30/2008 08:31:55 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down.  Check to make sure the network cable is properly connected.

Event Record #/Type101699 / Error
Event Submitted/Written: 06/30/2008 08:29:30 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Network Associates McShield service terminated with service-specific error 5022 (0x139E).



-- End of Deckard's System Scanner: finished at 2008-06-30 08:38:22 ------------

evilfantasy:
Let's get a new Combofix log with the new version.

Delete the copy of Combofix from the Desktop and download the updated version.

Download Combofix by sUBs from one of the below links.

[*]Link #1
[*] Link #2[/list]

[*] You must download it to and run it from your Desktop
[*] Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
[*] Click this link to see a list of security programs that should be disabled and how to disable them.
[*] Double click combofix.exe & follow the prompts.
[*] When finished, it will produce a log.
[*]Please save that log to post in your next reply.
[*] Re-enable all of your security programs that were disabled during the running of ComboFix.[/list]
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall.
       
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

----------

Next post
Combofix log

kschina:
ComboFix 08-06-20.4 - ngp 2008-06-30 22:11:52.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.936.86.1033.18.213 [GMT 8:00]
Running from: C:\Documents and Settings\ngp\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-30  )))))))))))))))))))))))))))))))
.

2008-06-29 22:06 . 2008-06-29 22:27   <DIR>   d--------   C:\Documents and Settings\ngp\DoctorWeb
2008-06-29 22:05 . 2008-06-29 22:05   <DIR>   d--------   C:\Deckard
2008-06-29 17:54 . 2008-06-29 18:03   <DIR>   d--------   C:\fixwareout
2008-06-29 14:00 . 2008-06-29 14:00   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-06-29 11:29 . 2008-06-29 11:29   <DIR>   d--------   C:\VundoFix Backups
2008-06-29 10:10 . 2008-06-29 10:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-06-29 09:37 . 2008-06-29 10:26   <DIR>   d--------   C:\SDFix
2008-06-28 23:44 . 2008-06-28 23:43   410,976   --a------   C:\WINDOWS\system32\deploytk.dll
2008-06-28 23:44 . 2008-06-28 23:43   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-06-28 22:50 . 2008-06-28 22:50   23,600   --a------   C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-06-28 22:37 . 2008-06-28 22:37   <DIR>   d--------   C:\Program Files\CCleaner
2008-06-28 19:39 . 2008-06-29 14:38   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-28 19:39   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-28 19:39 . 2008-06-28 14:16   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 19:39 . 2008-06-28 14:16   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 18:58 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-06-20 18:58 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-06-12 21:03 . 2008-06-12 21:03   <DIR>   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLive
2008-06-09 19:10 . 2008-06-09 21:36   297   --a------   C:\WINDOWS\system32\admshare.dat
2008-06-09 19:07 . 2008-06-09 19:07   <DIR>   d--------   C:\Program Files\KuGou
2008-06-09 19:07 . 2008-06-27 22:46   <DIR>   d--------   C:\Program Files\Google
2008-06-09 19:07 . 2008-06-09 21:36   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\BITS
2008-06-09 19:05 . 2008-06-09 19:05   <DIR>   d--------   C:\Program Files\FlashGet Network
2008-05-31 20:16 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQUpdate
2008-05-31 20:04 . 2008-05-31 20:04   <DIR>   d--------   C:\WINDOWS\system32\qqedit
2008-05-31 20:04 . 2008-06-16 00:13   <DIR>   d--------   C:\Documents and Settings\ngp\Application Data\QQ
2008-05-31 20:03 . 2008-05-31 20:04   <DIR>   d--------   C:\Program Files\Tencent
2008-05-30 23:48 . 2008-05-30 23:48   <DIR>   d--------   C:\Documents and Settings\ngp\.zone1511
2008-05-30 23:41 . 2007-01-25 11:48   297,984   -ra------   C:\WINDOWS\system32\Midas.dll
2008-05-30 23:40 . 2008-05-30 23:45   <DIR>   d--------   C:\Program Files\ZoiPPE
2008-05-15 23:58 . 2008-06-30 22:21   41   --a------   C:\WINDOWS\PCDNSetting.ini
2008-05-15 23:58 . 2008-06-30 22:21   27   --a------   C:\WINDOWS\ppssg.ini
2008-05-14 22:51 . 2008-06-22 23:19   45   --a------   C:\WINDOWS\msgtn.ini
2008-05-14 22:48 . 2008-05-14 22:48   <DIR>   d--------   C:\WINDOWS\system32\backup
2008-05-07 00:16 . 2008-05-09 21:59   204   --a------   C:\WINDOWS\struct~.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 15:28   ---------   d-----w   C:\Program Files\PPStream
2008-06-29 06:00   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-06-28 20:32   ---------   d-----w   C:\Program Files\PPLive
2008-06-28 15:43   ---------   d-----w   C:\Program Files\Java
2008-06-24 00:35   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Skype
2008-06-22 13:45   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\ppStream
2008-06-16 10:21   ---------   d-----w   C:\Program Files\UitvDll
2008-06-12 08:39   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\VoipCheapCom
2008-06-10 07:05   ---------   d-----w   C:\Program Files\VTTV
2008-05-27 13:54   ---------   d-----w   C:\Program Files\KULflights
2008-05-06 16:15   ---------   d-----w   C:\Program Files\MSN Messenger
2008-04-30 13:54   ---------   d-----w   C:\Program Files\同花顺2008
2008-04-28 16:10   ---------   d-----w   C:\Program Files\亿诺软件
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\ngp\Application Data\Coopen
2008-04-28 15:13   ---------   d-----w   C:\Documents and Settings\All Users.WINDOWS\Application Data\Coopen
2008-04-28 15:09   ---------   d-----w   C:\Program Files\开屏桌面画报
.

------- Sigcheck -------

2006-04-20 20:18  360576  b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-05-14 22:48  359040  ebeab4c47642cd68d7fd23187eeca1b0   C:\WINDOWS\system32\backup\tcpip.sys
2004-08-04 20:00  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 20:00  359040  3bb4b08619c111c7be8bda07aa0de6a2   C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   [email protected]_12.44.24.18   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 04:39:32   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-30 14:15:45   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2007-11-20 08:04:32   1,523,536   ----a-w   C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-03-24 11:33:02   1,527,056   ----a-w   C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-03-25 02:32:44   218,496   ----a-r   C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2008-01-29 14:17:11   74,649   ----a-w   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-30 12:57:24   74,649   ----a-w   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-30 14:17:07   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_324.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-06-28 23:43   34816   --a------   C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-06-28 23:43   73728   --a------   C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-25 06:53 307200]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" [ ]
"VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [ ]
"PPS Accelerator"="C:\Program Files\PPStream\ppsap.exe" [2008-04-24 18:09 162976]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 16:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 16:01 110592]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 23:04 53248]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-09-21 22:00 135224]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 11:00 94208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"yyxxi"="C:\Program Files\yyxxi\English.exe" [2007-01-02 15:15 0]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"DXDllRegExe"="dxdllreg.exe" []
"TBLFUNC"="tblmouse.exe" [2001-08-21 13:56 49152 C:\WINDOWS\system32\tblmouse.exe]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 20:00 44032]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-21 01:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-21 01:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-21 01:36 114688]
"UUCallMini"="C:\Documents and Settings\ngp\Local Settings\Temporary Internet Files\Content.IE5\J94SOQ5U\UUCall%E7%BD%91%E7%BB%9C%E7%94%B5%E8%AF%9D3[1].exe" [ ]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13 2695168]
"GCXX-Manager-Class"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2004-11-24 11:06 802921]
"Skype"="C:\Program Files\skype\Phone\Skype.exe" [ ]
"leeboo.exe"="C:\Program Files\Leeboo\leeboo.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-06-28 23:43 136600]
"udtablet"="C:\WINDOWS\udtablet\UDSetup.EXE" [2001-10-29 18:52 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 20:00 44544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 13:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-29 14:00 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-29 14:00 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype1\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\PPStream\\PPSAP.exe"=
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:G
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21]
R2 UiPlayer;Windows Network Media Service;C:\Program Files\UitvDll\msrv.exe [2007-11-30 15:46]
R2 WZCBDLService;WZCBDL Service;"C:\Program Files\WZCBDL Service\WZCBDLS.exe" [2002-03-19 12:15]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-06-01 02:46]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2004-11-05 19:08]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2004-11-05 19:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309a1df2-bdd2-11db-a216-00166f7503a0}]
\Shell\AutoRun\command - F:\idstick.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 14:18:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 22:21:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Wt32exe.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-06-30 22:23:43 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-30 14:23:38
ComboFix2.txt  2008-06-29 05:44:06
ComboFix3.txt  2008-06-29 04:44:41

Pre-Run: 7,788,777,472 bytes free
Post-Run: 7,806,238,720 bytes free

219   --- E O F ---   2008-06-27 17:18:14

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version