[XP slow - Most running processes duplicated]

yifanwang99 · 2007/12/30

First, hi all, I'm the new boy here. I can use the basic functions of a pc and can surf and game a bit but know nothing about removing spywares.

Just about yesterday I noticed windows XP home started really really slowly. I opened the task manager and was astonished to see that almost all running processes are opened TWICE, thus the extreme slowless. In fact, every time I open a new application, another (smaller) one opens in the process

I cannot post a screenie so I can put some examples down here:

fts .exe
fts.exe
firefox.exe
firefox.exe
UpdaterUI .exe
UpdaterUI.exe
MsnMsg .exe
MsnMsg.exe
Ituneshelper .exe
Ituneshelper.exe

etc etc

The HJT log is here
Logfile of HijackThis v1.99.1
Scan saved at 20:22:36, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\VoyagerTest\fts .exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD .exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2 .EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Common Files\AOL\1158172591\ee\aolsoftware.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Common Files\AOL\1158172591\ee\aolsoftware .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkjg.exe
O1 - Hosts: 58.215.74.131 sky001.e11.163ns.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158172591\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44 "
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [csrss] C:\Progra~1\Eset\csrss.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ???ˉ??Ã Ã—5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??Ã Ã—5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Ã¬Ãº??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQÃ¬?2Ãª1¤??Ã¬?Ã©Ã¨?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21A55E06-0987-70C5-7DAA-0A0B56BA8D50} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {31B075AC-CE55-63D8-1669-49EA13600DC7} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yifanwang99.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1198748166421
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B301AB3C-127D-4FE1-AFF6-8CFBCEDD2445}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: QQIEHelper - {E16A6111-85DD-4966-8E67-017B01D39359} - (no file)
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - (no file)
O21 - SSODL: QQMusic - {E16A6111-85DD-4877-8E67-017B0193D359} - C:\WINDOWS\QQMusic.dll (file missing)
O21 - SSODL: IPicture - {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod ???^ (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MRTServ - Unknown owner - C:\WINDOWS\system32\MRTServ.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I also notice that the one with the space before the . are the real processes and the one without are actually fake ones. There must be something wrong but I just dont even know what......please help me, any help is much appreciated!

PeteC · 2007/12/30

yifanwang99 - Welcome to the Board

Please observe Posting Rules #3 - Meaningful Subject - I have adjusted your title.

Please read this and post the appropriate logs. These may need to be spread over 2 or more posts .....

http://www.windowsbbs.com/announcement.php?f=41

noahdfear · 2007/12/30

Welcome to WindowsBBS yifanwang99

You've got a nasty new variant of Vundo, which infects legitimate files. First you need to do a couple of things. Please download the HijackThis Installer from here, then run a scan and save the log. Close it for now.

Next, Download Deckard's System Scanner (dss.exe) and save it to your desktop.

Close all applications and windows.

Double click on dss.exe to run it and follow the prompts.

When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now, then we can get busy cleaning the infection.

yifanwang99 · 2007/12/30

sorry about double post...did not know that it wasnt visible straight away

yifanwang99 · 2007/12/30

the log of main.txt

Deckard's System Scanner v20071014.68
Run by Yifan on 2007-12-30 20:33:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
70: 2007-12-30 20:33:48 UTC - RP449 - Deckard's System Scanner Restore Point
69: 2007-12-27 22:05:13 UTC - RP448 - Software Distribution Service 3.0
68: 2007-12-27 15:40:31 UTC - RP447 - Software Distribution Service 3.0
67: 2007-12-27 10:16:44 UTC - RP446 - Installed NTFSDOS Professional
66: 2007-12-27 09:50:09 UTC - RP445 - Software Distribution Service 3.0

-- First Restore Point --
1: 2007-12-25 15:57:17 UTC - RP380 - Removed Conquer 2.0

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as Yifan.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-30 20:35:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent .exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\VoyagerTest\fts .exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2 .EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Common Files\AOL\1158172591\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Common Files\AOL\1158172591\ee\aolsoftware .exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Yifan\My Documents\best editor!\dss.exe
C:\WINDOWS\system32\conime.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/uk/?
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O1 - Hosts: 58.215.74.131 sky001.e11.163ns.com
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: (no name) - {8A614A5E-1468-4347-BA4C-51651A5EDD96} - C:\WINDOWS\system32\jkkjg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94204837-0871-4E6A-A426-7F75B1B731F0} - C:\WINDOWS\system32\gebcdba.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158172591\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44 "
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [csrss] C:\Progra~1\Eset\csrss.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exe
O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\isnotify.exe
O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe
O4 - HKLM\..\Policies\Explorer\Run: [KAV] rundll32.exe "C:\Program Files\Kav\Kav.dll ",AntiVirus
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21A55E06-0987-70C5-7DAA-0A0B56BA8D50} () - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {31B075AC-CE55-63D8-1669-49EA13600DC7} () - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} () -
O16 - DPF: {33331111-1111-1111-1111-611111193429} () -
O16 - DPF: {43331111-1111-1111-1111-611111195622} () -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yifanwang99.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1198748166421
O16 - DPF: {64311111-1111-1121-1111-111191113457} () - file://c:\eied_s7.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B301AB3C-127D-4FE1-AFF6-8CFBCEDD2445}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\system32\winzdn32.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: QQIEHelper - {E16A6111-85DD-4966-8E67-017B01D39359} - (no file)
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - (no file)
O21 - SSODL: QQMusic - {E16A6111-85DD-4877-8E67-017B0193D359} - C:\WINDOWS\QQMusic.dll (file missing)
O21 - SSODL: IPicture - {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll (file missing)
O22 - SharedTaskScheduler: {93ac7c30-3878-4eaa-9420-7977285df5b1} - cinnamomum - (no file)
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 督昢 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: MRTServ - Unknown owner - C:\WINDOWS\system32\MRTServ.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 16445 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20071230-202812-444 F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkjg.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys

S2 npkcrypt - c:\program files\tencent\qq\npkcrypt.sys (file missing)
S3 KSDT1983 - c:\windows\system32\drivers\ksdt1983.sys (file missing)
S3 nocashio - c:\windows\system32\drivers\nocashio.sys
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys (file missing)
S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
S3 SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se27mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Device Management>
S3 se27nd5 (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)) - c:\windows\system32\drivers\se27nd5.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
S3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 PackethSvc (Virtual NIC Service) - c:\windows\system32\packethsvc.exe <Not Verified; America Online, Inc.; America Online>

S2 MRTServ - c:\windows\system32\mrtserv.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Conexant SoftK56 Modem(M)
Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_8D8B155D&REV_01\4&3B90381F&0&58F0
Manufacturer: Conexant
Name: Conexant SoftK56 Modem(M)
PNP Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_8D8B155D&REV_01\4&3B90381F&0&58F0
Service: Modem

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Network Driver
Device ID: ROOT\NET\0001
Manufacturer: America Online, Inc.
Name: WAN Network Driver
PNP Device ID: ROOT\NET\0001
Service: wandrv

-- Scheduled Tasks -------------------------------------------------------------

2007-12-30 19:50:03 260 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

-- Files created between 2007-11-30 and 2007-12-30 -----------------------------

2007-12-30 20:03:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 20:03:44 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 20:03:40 0 d-------- C:\WINDOWS\LastGood
2007-12-30 19:50:10 106 --a------ C:\delete.bat
2007-12-30 12:14:25 0 d-------- C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-27 11:50:53 50299 --ahs---- C:\WINDOWS\system32\gjkkj.ini2
2007-12-27 10:16:45 0 d-------- C:\Program Files\Winternals
2007-12-27 10:08:59 0 d-------- C:\Program Files\Windows Live Favorites
2007-12-27 09:10:56 326656 --a------ C:\WINDOWS\system32\jkkjg.exe
2007-12-26 19:51:27 323072 --a------ C:\WINDOWS\system32\jkkjg.dll
2007-12-26 19:16:02 0 d-------- C:\VundoFix Backups
2007-12-26 18:54:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-26 18:54:12 0 d-------- C:\Documents and Settings\Yifan\Application Data\PrevxCSI
2007-12-15 16:08:08 0 d-------- C:\Documents and Settings\Yifan\Application Data\InstallShield
2007-12-06 20:37:54 0 d-------- C:\Program Files\SystemRequirementsLab
2007-12-06 20:37:42 0 d-------- C:\Documents and Settings\Yifan\Application Data\SystemRequirementsLab
2007-12-03 13:43:06 0 d-------- C:\Program Files\Eudemons Online
2007-12-01 09:31:06 0 d-------- C:\Program Files\PCPitstop

-- Find3M Report ---------------------------------------------------------------

2007-12-30 19:56:12 0 d-------- C:\Program Files\QuickTime
2007-12-30 19:55:23 0 d-------- C:\Program Files\iTunes
2007-12-30 19:55:12 0 d-------- C:\Program Files\VoyagerTest
2007-12-30 19:55:12 0 d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2007-12-30 19:55:06 0 d-------- C:\Program Files\DAEMON Tools
2007-12-30 19:55:05 0 d-------- C:\Program Files\MSN Messenger
2007-12-30 12:17:19 12567 --a------ C:\WINDOWS\system32\cid_store.dat
2007-12-27 10:16:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-27 10:12:43 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-22 22:20:53 0 d-------- C:\Documents and Settings\Yifan\Application Data\uTorrent
2007-12-22 20:40:17 0 d-------- C:\Program Files\eMule
2007-12-22 17:44:46 0 d-------- C:\Program Files\FlashGet
2007-12-21 13:42:06 0 d-------- C:\Program Files\Conquer 2.0
2007-11-27 20:11:44 0 d-------- C:\Program Files\Java
2007-11-18 20:17:51 0 d-------- C:\Documents and Settings\Yifan\Application Data\AdobeUM
2007-11-17 14:22:13 0 d-------- C:\Program Files\Clash N Slash
2007-11-17 14:14:16 0 d-------- C:\Program Files\ReflexiveArcade
2007-11-15 17:51:44 0 d-------- C:\Program Files\Youdagames
2007-11-15 17:51:25 0 d-------- C:\Documents and Settings\Yifan\Application Data\Youdagames
2007-11-11 09:57:38 0 d-------- C:\Program Files\AOL 9.0
2007-11-09 08:41:33 0 d-------- C:\Program Files\Age of Wonders Shadow Magic
2007-11-03 09:30:46 0 d-------- C:\Program Files\Common Files
2007-10-24 14:06:32 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A614A5E-1468-4347-BA4C-51651A5EDD96}]
26/12/2007 19:51 323072 --a------ C:\WINDOWS\system32\jkkjg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94204837-0871-4E6A-A426-7F75B1B731F0}]
C:\WINDOWS\system32\gebcdba.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey "= "mHotkey.exe" [23/07/2002 11:09 C:\WINDOWS\mHotkey.exe]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [30/12/2007 19:55]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [30/12/2007 19:55]
"AOLDialer "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [30/12/2007 19:55]
"DSLSTATEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [30/12/2007 19:55]
"DSLAGENTEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [30/12/2007 19:55]
"%FP%Friendly fts.exe "= "C:\Program Files\VoyagerTest\fts.exe" [30/12/2007 19:55]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:31]
"MSPY2002 "= "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [29/08/2002 12:00]
"PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [29/08/2002 12:00]
"PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [29/08/2002 12:00]
"AdaptecDirectCD "= "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [30/12/2007 19:55]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [30/12/2007 19:55]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" []
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" []
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [30/12/2007 19:55]
"StormCodec_Helper "= "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [30/12/2007 19:55]
"HostManager "= "C:\Program Files\Common Files\AOL\1158172591\ee\AOLSoftware.exe" [30/12/2007 19:55]
"EPSON Stylus C44 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [30/12/2007 19:55]
"MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [30/12/2007 19:55]
"@ "=" " []
"Sony Ericsson PC Suite "= "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [30/12/2007 19:55]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask .exe" [30/12/2007 19:56]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [30/12/2007 19:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 07:56]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [30/12/2007 19:55]
"csrss "= "C:\Progra~1\Eset\csrss.exe" []
"igndlm.exe "= "C:\Program Files\IGN\Download Manager\DLM.exe" [30/12/2007 19:55]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [30/12/2007 19:55]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/12/2007 19:55]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 21:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [15/06/2006 20:55:42]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [22/03/1999 01:00:00]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [16/09/2006 08:20:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe "=ishost.exe
"kernel32.dll "=C:\WINDOWS\system32\isnotify.exe
"issearch.exe "=issearch.exe
"KAV "=rundll32.exe "C:\Program Files\Kav\Kav.dll ",AntiVirus

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{94204837-0871-4E6A-A426-7F75B1B731F0} "= C:\WINDOWS\system32\gebcdba.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"QQMusic "= {E16A6111-85DD-4877-8E67-017B0193D359} - C:\WINDOWS\QQMusic.dll [ ]
"IPicture "= {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
winzdn32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\system32\jkkjg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02F8BDF0-37B8-E891-0505-020305070501}]
C:\WINDOWS\system32\windocx.exe

-- Hosts -----------------------------------------------------------------------

58.215.74.131 sky001.e11.163ns.com

-- End of Deckard's System Scanner: finished at 2007-12-30 20:37:10 ------------

noahdfear · 2007/12/30

Download ComboFix by sUBs from here, saving the file to your desktop.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

As soon as you've posted the ComboFix log, download RenV.exe and save it to your desktop.

Double click to run it.

Post the log it produces.

yifanwang99 · 2007/12/30

Combofix's log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-30 21:10 . 2007-12-30 21:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 21:10 . 2007-12-30 21:10 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-30 21:08 . 2007-12-30 21:08 323,072 --------- C:\WINDOWS\system32\jkkjg.dll
2007-12-30 20:33 . 2007-12-30 20:33 <DIR> d-------- C:\Deckard
2007-12-30 20:03 . 2007-12-30 20:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 20:03 . 2007-12-30 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 19:56 . 2007-12-30 21:08 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-30 19:55 . 2007-12-30 19:55 326,656 --a------ C:\WINDOWS\system32\RCX58.tmp
2007-12-30 19:50 . 2007-12-30 19:50 106 --a------ C:\delete.bat
2007-12-30 12:14 . 2007-12-30 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-29 09:53 . 2007-12-29 09:53 326,656 --a------ C:\WINDOWS\system32\RCX52.tmp
2007-12-28 21:11 . 2007-12-28 21:11 326,656 --a------ C:\WINDOWS\system32\RCX44.tmp
2007-12-27 19:30 . 2007-12-27 19:30 326,656 --a------ C:\WINDOWS\system32\RCX4F.tmp
2007-12-27 10:16 . 2007-12-27 10:16 <DIR> d-------- C:\Program Files\Winternals
2007-12-27 10:08 . 2007-12-27 10:09 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-12-27 09:49 . 2007-01-08 19:07 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-27 09:46 . 2007-07-09 13:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-27 09:33 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-27 09:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-27 09:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-27 09:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-27 09:33 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-27 09:10 . 2007-12-30 21:10 326,656 --a------ C:\WINDOWS\system32\jkkjg.exe
2007-12-26 20:32 . 2007-12-26 20:32 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-26 19:16 . 2007-12-27 13:35 <DIR> d-------- C:\VundoFix Backups
2007-12-26 18:54 . 2007-12-26 20:17 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\PrevxCSI
2007-12-26 18:54 . 2007-12-26 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-25 19:42 . 2007-12-25 19:42 326,656 --a------ C:\WINDOWS\system32\RCX54.tmp
2007-12-25 19:42 . 2007-12-26 18:25 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-25 19:42 . 2007-12-26 18:25 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-15 16:08 . 2007-12-15 16:08 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\InstallShield
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\SystemRequirementsLab
2007-12-03 13:43 . 2007-12-22 15:56 <DIR> d-------- C:\Program Files\Eudemons Online
2007-12-01 09:31 . 2007-12-01 09:31 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-17 14:14 . 2007-11-17 14:14 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-17 13:37 . 2007-11-17 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-17 13:36 . 2007-11-17 14:22 <DIR> d-------- C:\Program Files\Clash N Slash
2007-11-16 22:06 . 2007-11-16 22:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 17:51 . 2007-11-15 17:51 <DIR> d-------- C:\Program Files\Youdagames
2007-11-15 17:51 . 2007-11-15 17:51 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\Youdagames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 21:10 --------- d-----w C:\Program Files\QuickTime
2007-12-30 21:10 --------- d-----w C:\Program Files\iTunes
2007-12-30 21:09 --------- d-----w C:\Program Files\VoyagerTest
2007-12-30 21:09 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 21:09 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-30 21:09 --------- d-----w C:\Program Files\BT Voyager 105 ADSL Modem
2007-12-27 10:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:12 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-22 22:20 --------- d-----w C:\Documents and Settings\Yifan\Application Data\uTorrent
2007-12-22 20:40 --------- d-----w C:\Program Files\eMule
2007-12-22 17:44 --------- d-----w C:\Program Files\FlashGet
2007-12-21 13:42 --------- d-----w C:\Program Files\Conquer 2.0
2007-11-27 20:11 --------- d-----w C:\Program Files\Java
2007-11-18 20:17 --------- d-----w C:\Documents and Settings\Yifan\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 09:57 --------- d-----w C:\Program Files\AOL 9.0
2007-11-09 08:41 --------- d-----w C:\Program Files\Age of Wonders Shadow Magic
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 14:06 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-30 18:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-17 09:17 8,712 ----a-w C:\Documents and Settings\Yifan\Server.dat
2007-05-17 09:17 4 ----a-w C:\Documents and Settings\Yifan\version.dat
2007-04-29 23:09 737,280 ----a-w C:\Documents and Settings\Yifan\C3_CORE_DLL.dll
2007-04-29 23:09 53,248 ----a-w C:\Documents and Settings\Yifan\DataThread.dll
2007-04-29 23:09 208,896 ----a-w C:\Documents and Settings\Yifan\GameData.dll
2007-04-29 23:09 196,608 ----a-w C:\Documents and Settings\Yifan\GraphicData.dll
2007-04-29 23:09 176,128 ----a-w C:\Documents and Settings\Yifan\graphic.dll
2007-04-29 23:09 139,264 ----a-w C:\Documents and Settings\Yifan\Role3D.dll
2007-04-29 23:09 114,688 ----a-w C:\Documents and Settings\Yifan\RoleView.dll
2007-04-29 07:25 1,724,450 ----a-w C:\Documents and Settings\Yifan\Conquer.exe
2007-03-23 22:00 286,720 ----a-w C:\Documents and Settings\Yifan\AutoPatch.exe
2006-11-22 13:54 593,920 ----a-w C:\Documents and Settings\Yifan\AMInstal.exe
1999-10-14 00:53 113,792 -c--a-w C:\Documents and Settings\Yifan\shw32.dll
2006-07-24 18:52 8 --sh--r C:\WINDOWS\system32\59C897F0EC.sys
2006-07-24 18:52 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{720C82C3-1A2A-40C6-97B2-EE870B5D266B}]
2007-12-30 21:08 323072 --------- C:\WINDOWS\system32\jkkjg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-12-30 19:55]
"igndlm.exe "= "C:\Program Files\IGN\Download Manager\DLM.exe" [2007-12-30 19:55]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-30 19:55]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2007-12-30 21:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey "= "mHotkey.exe" [2002-07-23 11:09 C:\WINDOWS\mHotkey.exe]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2007-12-30 19:55]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2007-12-30 19:55]
"AOLDialer "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-30 19:55]
"DSLSTATEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2007-12-30 19:55]
"DSLAGENTEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2007-12-30 19:55]
"%FP%Friendly fts.exe "= "C:\Program Files\VoyagerTest\fts.exe" [2007-12-30 19:55]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:31]
"MSPY2002 "= "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 12:00]
"PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 12:00]
"PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 12:00]
"AdaptecDirectCD "= "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2007-12-30 19:55]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-30 19:55]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" []
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" []
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-30 19:55]
"StormCodec_Helper "= "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2007-12-30 21:10]
"HostManager "= "C:\Program Files\Common Files\AOL\1158172591\ee\AOLSoftware.exe" [2007-12-30 19:55]
"EPSON Stylus C44 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2007-12-30 19:55]
"MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2007-12-30 21:10]
"Sony Ericsson PC Suite "= "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-30 19:55]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask .exe" [2007-12-30 21:10]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 19:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-06-15 20:55:42]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-22 01:00:00]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2006-09-16 08:20:41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"QQMusic "= {E16A6111-85DD-4877-8E67-017B0193D359} - C:\WINDOWS\QQMusic.dll [ ]
"IPicture "= {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
winzdn32.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load "=C:\WINDOWS\system32\jkkjg.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkjg

R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 15:52]
S2 MRTServ;MRTServ;C:\WINDOWS\system32\MRTServ.exe []
S3 KSDT1983;KSDT1983;C:\WINDOWS\system32\drivers\KSDT1983.sys []
S3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2005-01-12 16:36]
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys [2007-03-22 10:40]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02F8BDF0-37B8-E891-0505-020305070501}]
C:\WINDOWS\system32\windocx.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 20:50:24 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 21:11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\gjkkj.ini 6516 bytes
C:\WINDOWS\system32\gjkkj.ini2 6516 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2007-12-30 21:15:17 - machine was rebooted
.
2007-12-27 22:06:42 --- E O F ---

and the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 21:18:22, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat .exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\VoyagerTest\fts .exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\AOL\1158172591\ee\aolsoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2 .EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\AOL\1158172591\ee\aolsoftware .exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkjg.exe
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158172591\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44 "
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ???ˉ??Ã Ã—5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??Ã Ã—5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21A55E06-0987-70C5-7DAA-0A0B56BA8D50} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {31B075AC-CE55-63D8-1669-49EA13600DC7} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yifanwang99.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1198748166421
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B301AB3C-127D-4FE1-AFF6-8CFBCEDD2445}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: QQIEHelper - {E16A6111-85DD-4966-8E67-017B01D39359} - (no file)
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - (no file)
O21 - SSODL: QQMusic - {E16A6111-85DD-4877-8E67-017B0193D359} - C:\WINDOWS\QQMusic.dll (file missing)
O21 - SSODL: IPicture - {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod ???^ (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MRTServ - Unknown owner - C:\WINDOWS\system32\MRTServ.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I assume its the "jkkjg" stuff as the nasties

yifanwang99 · 2007/12/30

RenV log:

Code:

Ran on 30/12/2007 - 21:20:15.87

----a-w           675,840 2007-12-30 21:08:26  C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD .exe
----a-w           313,472 2007-12-30 19:56:42  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w            16,384 2007-12-30 21:08:18  C:\Program Files\BT Voyager 105 ADSL Modem\dslagent .exe
----a-w         1,658,965 2007-12-30 21:08:19  C:\Program Files\BT Voyager 105 ADSL Modem\dslstat .exe
----a-w            50,736 2007-12-30 21:08:37  C:\Program Files\Common Files\AOL\1158172591\ee\aolsoftware .exe
----a-w            71,216 2007-12-30 21:08:17  C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
----a-w           180,269 2007-12-30 21:08:38  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           171,464 2007-12-30 21:09:24  C:\Program Files\DAEMON Tools\daemon .exe
----a-w         1,103,480 2007-12-30 21:09:30  C:\Program Files\IGN\Download Manager\DLM .exe
----a-w           271,672 2007-12-30 21:08:47  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2007-12-30 21:08:26  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w         1,048,576 2007-12-30 21:08:50  C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
----a-w         5,674,352 2007-12-30 21:09:15  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w           135,251 2007-12-30 21:08:18  C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
----a-w            81,990 2007-12-30 21:08:17  C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
----a-w           640,512 2007-12-30 21:10:43  C:\Program Files\QuickTime\qttask                         .exe
----a-w           640,512 2007-12-30 19:55:22  C:\Program Files\QuickTime\qttask                        .exe
----a-w           640,512 2007-12-30 19:34:11  C:\Program Files\QuickTime\qttask                       .exe
----a-w           640,512 2007-12-30 13:50:18  C:\Program Files\QuickTime\qttask                      .exe
----a-w           640,512 2007-12-30 09:26:45  C:\Program Files\QuickTime\qttask                     .exe
----a-w           640,512 2007-12-29 19:38:34  C:\Program Files\QuickTime\qttask                    .exe
----a-w           640,512 2007-12-29 14:15:03  C:\Program Files\QuickTime\qttask                   .exe
----a-w           640,512 2007-12-29 09:53:14  C:\Program Files\QuickTime\qttask                  .exe
----a-w           640,512 2007-12-28 21:20:01  C:\Program Files\QuickTime\qttask                 .exe
----a-w           640,512 2007-12-28 21:11:23  C:\Program Files\QuickTime\qttask                .exe
----a-w           640,512 2007-12-28 13:27:23  C:\Program Files\QuickTime\qttask               .exe
----a-w           640,512 2007-12-28 10:42:39  C:\Program Files\QuickTime\qttask              .exe
----a-w           640,512 2007-12-28 09:12:07  C:\Program Files\QuickTime\qttask             .exe
----a-w           640,512 2007-12-27 19:30:02  C:\Program Files\QuickTime\qttask            .exe
----a-w           640,512 2007-12-27 15:32:04  C:\Program Files\QuickTime\qttask           .exe
----a-w           640,512 2007-12-27 14:43:26  C:\Program Files\QuickTime\qttask          .exe
----a-w           640,512 2007-12-27 10:13:56  C:\Program Files\QuickTime\qttask         .exe
----a-w           640,512 2007-12-27 09:10:54  C:\Program Files\QuickTime\qttask        .exe
----a-w           640,512 2007-12-26 20:33:43  C:\Program Files\QuickTime\qttask       .exe
----a-w           640,512 2007-12-26 19:26:25  C:\Program Files\QuickTime\qttask      .exe
----a-w           640,512 2007-12-26 18:24:37  C:\Program Files\QuickTime\qttask     .exe
----a-w           640,512 2007-12-26 16:50:47  C:\Program Files\QuickTime\qttask    .exe
----a-w           640,512 2007-12-26 09:25:14  C:\Program Files\QuickTime\qttask   .exe
----a-w           640,512 2007-12-26 09:21:04  C:\Program Files\QuickTime\qttask  .exe
----a-w           640,512 2007-12-26 09:01:22  C:\Program Files\QuickTime\qttask .exe
----a-w           452,945 2007-12-30 21:08:38  C:\Program Files\Ringz Studio\Storm Codec\StormSet .exe
----a-w           159,744 2007-12-30 21:08:38  C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
----a-w            72,192 2007-12-30 21:08:17  C:\Program Files\VoyagerTest\fts .exe
----a-w           208,952 2007-12-30 19:55:32  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
----a-w            15,360 2007-12-30 21:08:46  C:\WINDOWS\system32\ctfmon .exe
----a-w           126,976 2007-12-26 18:25:44  C:\WINDOWS\system32\hkcmd .exe
----a-w           155,648 2007-12-26 18:25:33  C:\WINDOWS\system32\igfxtray .exe
----a-w            59,392 2007-12-30 19:55:34  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
----a-w           455,168 2007-12-30 19:55:35  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
----a-w            75,776 2007-12-30 21:08:36  C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2 .EXE

 Entries:               50  (50)
 Directories:            0  Files:            50
 Bytes:         29,381,116  Blocks:       57,394

noahdfear · 2007/12/30

Please drag the Log.txt created by Renv onto RenV.exe and drop it. It will run and produce a new log. Post it's contents please.

yifanwang99 · 2007/12/30

new RenV log

Code:

Ran on 30/12/2007 - 21:32:28.62

------w            50,736 2007-12-30 21:08:37  C:\Program Files\Common Files\AOL\1158172591\ee\aolsoftware .exe
------w            81,990 2007-12-30 21:08:17  C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE

 Entries:                2  (2)
 Directories:            0  Files:             2
 Bytes:            132,726  Blocks:          261

noahdfear · 2007/12/30

Please shutdown any instances of the processes aolsoftware.exe and Virusscan's SHSTAT.EXE, then drag-n-drop the new log on RenV. Post the new log it creates.

yifanwang99 · 2007/12/30

new log

Code:

Ran on 30/12/2007 - 21:42:37.51

------w            81,990 2007-12-30 21:08:17  C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE

 Entries:                1  (1)
 Directories:            0  Files:             1
 Bytes:             81,990  Blocks:          161

Tried to close the SHSTAT.EXE in process yet cannot find it in the processes in task manager

noahdfear · 2007/12/30

Please replace your copy of ComboFix with one from here.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\RCX58.tmp
C:\WINDOWS\system32\RCX52.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX4F.tmp
C:\WINDOWS\system32\jkkjg.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\RCX54.tmp
C:\WINDOWS\QQMusic.dll
c:\program files\internet explorer\PLUGINS\IPictureEx.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{720C82C3-1A2A-40C6-97B2-EE870B5D266B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
 "load "=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
 "Authentication Packages "=hex(7):6d,73,76,31,5f,30,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
 "QQMusic "=-
 "IPicture "=-
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

noahdfear · 2007/12/30

Please make sure you post the entire contents of the new ComboFix log. You cropped the top off of the last one, which prevents me from seeing information useful to me.

Thanks!

yifanwang99 · 2007/12/30

new combofix
ComboFix 07-12-30.3 - Yifan 2007-12-30 21:50:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.936.86.1033.18.240 [GMT 0:00]
Running from: C:\Documents and Settings\Yifan\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Yifan\Desktop\CFScript.txt
* Created a new restore point

FILE
c:\program files\internet explorer\PLUGINS\IPictureEx.dll
C:\WINDOWS\QQMusic.dll
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\jkkjg.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX4F.tmp
C:\WINDOWS\system32\RCX52.tmp
C:\WINDOWS\system32\RCX54.tmp
C:\WINDOWS\system32\RCX58.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\jkkjg.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX4F.tmp
C:\WINDOWS\system32\RCX52.tmp
C:\WINDOWS\system32\RCX54.tmp
C:\WINDOWS\system32\RCX58.tmp

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-30 21:10 . 2007-12-30 21:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 21:10 . 2007-12-30 21:10 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-30 20:33 . 2007-12-30 20:33 <DIR> d-------- C:\Deckard
2007-12-30 20:03 . 2007-12-30 20:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 20:03 . 2007-12-30 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 19:50 . 2007-12-30 19:50 106 --a------ C:\delete.bat
2007-12-30 12:14 . 2007-12-30 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-27 10:16 . 2007-12-27 10:16 <DIR> d-------- C:\Program Files\Winternals
2007-12-27 10:08 . 2007-12-27 10:09 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-12-27 09:49 . 2007-01-08 19:07 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-27 09:46 . 2007-07-09 13:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-27 09:33 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-27 09:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-27 09:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-27 09:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-27 09:33 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-26 19:16 . 2007-12-27 13:35 <DIR> d-------- C:\VundoFix Backups
2007-12-26 18:54 . 2007-12-26 20:17 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\PrevxCSI
2007-12-26 18:54 . 2007-12-26 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-15 16:08 . 2007-12-15 16:08 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\InstallShield
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\SystemRequirementsLab
2007-12-03 13:43 . 2007-12-22 15:56 <DIR> d-------- C:\Program Files\Eudemons Online
2007-12-01 09:31 . 2007-12-01 09:31 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-17 14:14 . 2007-11-17 14:14 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-17 13:37 . 2007-11-17 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-17 13:36 . 2007-11-17 14:22 <DIR> d-------- C:\Program Files\Clash N Slash
2007-11-16 22:06 . 2007-11-16 22:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 17:51 . 2007-11-15 17:51 <DIR> d-------- C:\Program Files\Youdagames
2007-11-15 17:51 . 2007-11-15 17:51 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\Youdagames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 21:39 --------- d-----w C:\Program Files\VoyagerTest
2007-12-30 21:39 --------- d-----w C:\Program Files\QuickTime
2007-12-30 21:39 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 21:39 --------- d-----w C:\Program Files\iTunes
2007-12-30 21:39 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-30 21:39 --------- d-----w C:\Program Files\BT Voyager 105 ADSL Modem
2007-12-27 10:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:12 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-22 22:20 --------- d-----w C:\Documents and Settings\Yifan\Application Data\uTorrent
2007-12-22 20:40 --------- d-----w C:\Program Files\eMule
2007-12-22 17:44 --------- d-----w C:\Program Files\FlashGet
2007-12-21 13:42 --------- d-----w C:\Program Files\Conquer 2.0
2007-11-27 20:11 --------- d-----w C:\Program Files\Java
2007-11-18 20:17 --------- d-----w C:\Documents and Settings\Yifan\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 09:57 --------- d-----w C:\Program Files\AOL 9.0
2007-11-09 08:41 --------- d-----w C:\Program Files\Age of Wonders Shadow Magic
2007-05-17 09:17 8,712 ----a-w C:\Documents and Settings\Yifan\Server.dat
2007-05-17 09:17 4 ----a-w C:\Documents and Settings\Yifan\version.dat
2007-04-29 23:09 737,280 ----a-w C:\Documents and Settings\Yifan\C3_CORE_DLL.dll
2007-04-29 23:09 53,248 ----a-w C:\Documents and Settings\Yifan\DataThread.dll
2007-04-29 23:09 208,896 ----a-w C:\Documents and Settings\Yifan\GameData.dll
2007-04-29 23:09 196,608 ----a-w C:\Documents and Settings\Yifan\GraphicData.dll
2007-04-29 23:09 176,128 ----a-w C:\Documents and Settings\Yifan\graphic.dll
2007-04-29 23:09 139,264 ----a-w C:\Documents and Settings\Yifan\Role3D.dll
2007-04-29 23:09 114,688 ----a-w C:\Documents and Settings\Yifan\RoleView.dll
2007-04-29 07:25 1,724,450 ----a-w C:\Documents and Settings\Yifan\Conquer.exe
2007-03-23 22:00 286,720 ----a-w C:\Documents and Settings\Yifan\AutoPatch.exe
2006-11-22 13:54 593,920 ----a-w C:\Documents and Settings\Yifan\AMInstal.exe
1999-10-14 00:53 113,792 -c--a-w C:\Documents and Settings\Yifan\shw32.dll
2006-07-24 18:52 8 --sh--r C:\WINDOWS\system32\59C897F0EC.sys
2006-07-24 18:52 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
Code:
------w            81,990 2007-12-30 21:46:06  C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
((((((((((((((((((((((((((((( snapshot@2007-12-30_21.13.52.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 10:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
- 2004-08-04 05:31:59 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
+ 2007-12-30 19:55:32 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
- 2004-08-04 07:56:48 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2007-12-30 21:08:46 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2004-08-04 07:56:48 15,360 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2007-12-30 21:08:46 15,360 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
- 2004-08-04 05:31:59 208,952 -c--a-w C:\WINDOWS\system32\dllcache\imjpmig.exe
+ 2007-12-30 19:55:32 208,952 -c--a-w C:\WINDOWS\system32\dllcache\imjpmig.exe
- 2002-08-29 12:00:00 59,392 -c--a-w C:\WINDOWS\system32\dllcache\imscinst.exe
+ 2007-12-30 19:55:34 59,392 -c--a-w C:\WINDOWS\system32\dllcache\imscinst.exe
- 2002-08-29 12:00:00 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe
+ 2007-12-30 19:55:35 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe
- 2002-08-29 12:00:00 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
+ 2007-12-30 19:55:34 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
- 2002-08-29 12:00:00 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
+ 2007-12-30 19:55:35 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
- 2007-12-13 21:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 08:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2007-12-30 21:08 15360]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"igndlm.exe "= "C:\Program Files\IGN\Download Manager\DLM.exe" [ ]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey "= "mHotkey.exe" [2002-07-23 11:09 477184 C:\WINDOWS\mHotkey.exe]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [ ]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
"AOLDialer "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ ]
"DSLSTATEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [ ]
"DSLAGENTEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [ ]
"%FP%Friendly fts.exe "= "C:\Program Files\VoyagerTest\fts.exe" [ ]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-12-30 19:55 208952]
"MSPY2002 "= "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2007-12-30 19:55 59392]
"PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2007-12-30 19:55 455168]
"PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2007-12-30 19:55 455168]
"AdaptecDirectCD "= "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [ ]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"StormCodec_Helper "= "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [ ]
"HostManager "= "C:\Program Files\Common Files\AOL\1158172591\ee\AOLSoftware.exe" [ ]
"EPSON Stylus C44 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [ ]
"MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"Sony Ericsson PC Suite "= "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [ ]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\System32\CTFMON.EXE" [2007-12-30 21:08 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-06-15 20:55:42]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-22 01:00:00]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2006-09-16 08:20:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"KAV "= rundll32.exe "C:\Program Files\Kav\Kav.dll ",AntiVirus

R2 PackethSvc;Virtual NIC Service;C:\WINDOWS\system32\PackethSvc.exe [2001-08-09 16:46]
R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 15:52]
S2 MRTServ;MRTServ;C:\WINDOWS\system32\MRTServ.exe []
S3 KSDT1983;KSDT1983;C:\WINDOWS\system32\drivers\KSDT1983.sys []
S3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2005-01-12 16:36]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02F8BDF0-37B8-E891-0505-020305070501}]
C:\WINDOWS\system32\windocx.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 21:50:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 21:58:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-30 22:03:36 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 22:03:28
C:\qoobox\ComboFix2.txt 2007-12-30 21:15:19
.
2007-12-27 22:06:42 --- E O F ---

I really need to go sleep now, looks like the problem has been more or less fixed, as the duplicate no longer pops up. I do need a new antivirus as the old one really ******* me up.

Please post anything further I needed to do, and thanx really a lot for your help, and have a happy new year!

noahdfear · 2007/12/30

Please post this log. C:\qoobox\ComboFix2.txt

Try again, dragging the latest log.txt onto RenV and post the log it creates.

noahdfear · 2007/12/30

Just so you know, if this infection is not completely killed off it will begin to regenerate when the computer is restarted. That said, highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
Folder::
C:\Program Files\Kav
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
 "KAV "=-
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02F8BDF0-37B8-E891-0505-020305070501}]
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Run Renv.exe again. If the VirusScan file shows up again, reboot to safe mode, then drag-n-drop the log.txt file onto RenV. The now log should be empty. Post it here when back in normal mode.

yifanwang99 · 2007/12/31

Combofix2.txt:

ComboFix 07-12-21.4 - Yifan 2007-12-30 20:55:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.936.86.1033.18.212 [GMT 0:00]
Running from: C:\Documents and Settings\Yifan\My Documents\best editor!\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrgtask.ini
C:\WINDOWS\system32\components
C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\jkkjg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-30 21:10 . 2007-12-30 21:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 21:10 . 2007-12-30 21:10 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-30 21:08 . 2007-12-30 21:08 323,072 --------- C:\WINDOWS\system32\jkkjg.dll
2007-12-30 20:33 . 2007-12-30 20:33 <DIR> d-------- C:\Deckard
2007-12-30 20:03 . 2007-12-30 20:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 20:03 . 2007-12-30 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 19:56 . 2007-12-30 21:08 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-30 19:55 . 2007-12-30 19:55 326,656 --a------ C:\WINDOWS\system32\RCX58.tmp
2007-12-30 19:50 . 2007-12-30 19:50 106 --a------ C:\delete.bat
2007-12-30 12:14 . 2007-12-30 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-29 09:53 . 2007-12-29 09:53 326,656 --a------ C:\WINDOWS\system32\RCX52.tmp
2007-12-28 21:11 . 2007-12-28 21:11 326,656 --a------ C:\WINDOWS\system32\RCX44.tmp
2007-12-27 19:30 . 2007-12-27 19:30 326,656 --a------ C:\WINDOWS\system32\RCX4F.tmp
2007-12-27 10:16 . 2007-12-27 10:16 <DIR> d-------- C:\Program Files\Winternals
2007-12-27 10:08 . 2007-12-27 10:09 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-12-27 09:49 . 2007-01-08 19:07 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-27 09:46 . 2007-07-09 13:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-27 09:33 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-27 09:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-27 09:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-27 09:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-27 09:33 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-27 09:10 . 2007-12-30 21:10 326,656 --a------ C:\WINDOWS\system32\jkkjg.exe
2007-12-26 20:32 . 2007-12-26 20:32 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-26 19:16 . 2007-12-27 13:35 <DIR> d-------- C:\VundoFix Backups
2007-12-26 18:54 . 2007-12-26 20:17 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\PrevxCSI
2007-12-26 18:54 . 2007-12-26 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-25 19:42 . 2007-12-25 19:42 326,656 --a------ C:\WINDOWS\system32\RCX54.tmp
2007-12-25 19:42 . 2007-12-26 18:25 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-25 19:42 . 2007-12-26 18:25 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-15 16:08 . 2007-12-15 16:08 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\InstallShield
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\SystemRequirementsLab
2007-12-03 13:43 . 2007-12-22 15:56 <DIR> d-------- C:\Program Files\Eudemons Online
2007-12-01 09:31 . 2007-12-01 09:31 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-17 14:14 . 2007-11-17 14:14 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-17 13:37 . 2007-11-17 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-17 13:36 . 2007-11-17 14:22 <DIR> d-------- C:\Program Files\Clash N Slash
2007-11-16 22:06 . 2007-11-16 22:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 17:51 . 2007-11-15 17:51 <DIR> d-------- C:\Program Files\Youdagames
2007-11-15 17:51 . 2007-11-15 17:51 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\Youdagames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 21:10 --------- d-----w C:\Program Files\QuickTime
2007-12-30 21:10 --------- d-----w C:\Program Files\iTunes
2007-12-30 21:09 --------- d-----w C:\Program Files\VoyagerTest
2007-12-30 21:09 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 21:09 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-30 21:09 --------- d-----w C:\Program Files\BT Voyager 105 ADSL Modem
2007-12-27 10:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:12 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-22 22:20 --------- d-----w C:\Documents and Settings\Yifan\Application Data\uTorrent
2007-12-22 20:40 --------- d-----w C:\Program Files\eMule
2007-12-22 17:44 --------- d-----w C:\Program Files\FlashGet
2007-12-21 13:42 --------- d-----w C:\Program Files\Conquer 2.0
2007-11-27 20:11 --------- d-----w C:\Program Files\Java
2007-11-18 20:17 --------- d-----w C:\Documents and Settings\Yifan\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 09:57 --------- d-----w C:\Program Files\AOL 9.0
2007-11-09 08:41 --------- d-----w C:\Program Files\Age of Wonders Shadow Magic
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 14:06 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-30 18:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-17 09:17 8,712 ----a-w C:\Documents and Settings\Yifan\Server.dat
2007-05-17 09:17 4 ----a-w C:\Documents and Settings\Yifan\version.dat
2007-04-29 23:09 737,280 ----a-w C:\Documents and Settings\Yifan\C3_CORE_DLL.dll
2007-04-29 23:09 53,248 ----a-w C:\Documents and Settings\Yifan\DataThread.dll
2007-04-29 23:09 208,896 ----a-w C:\Documents and Settings\Yifan\GameData.dll
2007-04-29 23:09 196,608 ----a-w C:\Documents and Settings\Yifan\GraphicData.dll
2007-04-29 23:09 176,128 ----a-w C:\Documents and Settings\Yifan\graphic.dll
2007-04-29 23:09 139,264 ----a-w C:\Documents and Settings\Yifan\Role3D.dll
2007-04-29 23:09 114,688 ----a-w C:\Documents and Settings\Yifan\RoleView.dll
2007-04-29 07:25 1,724,450 ----a-w C:\Documents and Settings\Yifan\Conquer.exe
2007-03-23 22:00 286,720 ----a-w C:\Documents and Settings\Yifan\AutoPatch.exe
2006-11-22 13:54 593,920 ----a-w C:\Documents and Settings\Yifan\AMInstal.exe
1999-10-14 00:53 113,792 -c--a-w C:\Documents and Settings\Yifan\shw32.dll
2006-07-24 18:52 8 --sh--r C:\WINDOWS\system32\59C897F0EC.sys
2006-07-24 18:52 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{720C82C3-1A2A-40C6-97B2-EE870B5D266B}]
2007-12-30 21:08 323072 --------- C:\WINDOWS\system32\jkkjg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-12-30 19:55]
"igndlm.exe "= "C:\Program Files\IGN\Download Manager\DLM.exe" [2007-12-30 19:55]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-30 19:55]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2007-12-30 21:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey "= "mHotkey.exe" [2002-07-23 11:09 C:\WINDOWS\mHotkey.exe]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2007-12-30 19:55]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2007-12-30 19:55]
"AOLDialer "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-30 19:55]
"DSLSTATEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2007-12-30 19:55]
"DSLAGENTEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2007-12-30 19:55]
"%FP%Friendly fts.exe "= "C:\Program Files\VoyagerTest\fts.exe" [2007-12-30 19:55]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:31]
"MSPY2002 "= "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 12:00]
"PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 12:00]
"PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 12:00]
"AdaptecDirectCD "= "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2007-12-30 19:55]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-30 19:55]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" []
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" []
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-30 19:55]
"StormCodec_Helper "= "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2007-12-30 21:10]
"HostManager "= "C:\Program Files\Common Files\AOL\1158172591\ee\AOLSoftware.exe" [2007-12-30 19:55]
"EPSON Stylus C44 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2007-12-30 19:55]
"MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2007-12-30 21:10]
"Sony Ericsson PC Suite "= "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-30 19:55]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask .exe" [2007-12-30 21:10]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 19:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-06-15 20:55:42]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-22 01:00:00]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2006-09-16 08:20:41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"QQMusic "= {E16A6111-85DD-4877-8E67-017B0193D359} - C:\WINDOWS\QQMusic.dll [ ]
"IPicture "= {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
winzdn32.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load "=C:\WINDOWS\system32\jkkjg.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkjg

R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 15:52]
S2 MRTServ;MRTServ;C:\WINDOWS\system32\MRTServ.exe []
S3 KSDT1983;KSDT1983;C:\WINDOWS\system32\drivers\KSDT1983.sys []
S3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2005-01-12 16:36]
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys [2007-03-22 10:40]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02F8BDF0-37B8-E891-0505-020305070501}]
C:\WINDOWS\system32\windocx.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 20:50:24 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 21:11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\gjkkj.ini 6516 bytes
C:\WINDOWS\system32\gjkkj.ini2 6516 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2007-12-30 21:15:17 - machine was rebooted
.
2007-12-27 22:06:42 --- E O F ---

Newest RenV log:
Code:
Ran on 31/12/2007 -  9:41:34.79

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0

noahdfear · 2007/12/31

Thank you. Now please complete the CFScript instructions in my last post, then post the new ComboFix log and a fresh HijackThis log.

yifanwang99 · 2007/12/31

New Combofix log:

ComboFix 07-12-30.3 - Yifan 2007-12-31 9:44:55.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.936.86.1033.18.214 [GMT 0:00]
Running from: C:\Documents and Settings\Yifan\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Yifan\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-30 21:10 . 2007-12-30 21:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 21:10 . 2007-12-30 21:10 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-30 20:33 . 2007-12-30 20:33 <DIR> d-------- C:\Deckard
2007-12-30 20:03 . 2007-12-30 20:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 20:03 . 2007-12-30 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 19:50 . 2007-12-30 19:50 106 --a------ C:\delete.bat
2007-12-30 12:14 . 2007-12-30 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-27 10:16 . 2007-12-27 10:16 <DIR> d-------- C:\Program Files\Winternals
2007-12-27 10:08 . 2007-12-27 10:09 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-12-27 09:49 . 2007-01-08 19:07 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-27 09:46 . 2007-07-09 13:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-27 09:33 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-27 09:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-27 09:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-27 09:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-27 09:33 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-26 19:16 . 2007-12-27 13:35 <DIR> d-------- C:\VundoFix Backups
2007-12-26 18:54 . 2007-12-26 20:17 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\PrevxCSI
2007-12-26 18:54 . 2007-12-26 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-15 16:08 . 2007-12-15 16:08 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\InstallShield
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-12-06 20:37 . 2007-12-06 20:37 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\SystemRequirementsLab
2007-12-03 13:43 . 2007-12-22 15:56 <DIR> d-------- C:\Program Files\Eudemons Online
2007-12-01 09:31 . 2007-12-01 09:31 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-17 14:14 . 2007-11-17 14:14 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-17 13:37 . 2007-11-17 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-17 13:36 . 2007-11-17 14:22 <DIR> d-------- C:\Program Files\Clash N Slash
2007-11-16 22:06 . 2007-11-16 22:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 17:51 . 2007-11-15 17:51 <DIR> d-------- C:\Program Files\Youdagames
2007-11-15 17:51 . 2007-11-15 17:51 <DIR> d-------- C:\Documents and Settings\Yifan\Application Data\Youdagames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 21:39 --------- d-----w C:\Program Files\VoyagerTest
2007-12-30 21:39 --------- d-----w C:\Program Files\QuickTime
2007-12-30 21:39 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 21:39 --------- d-----w C:\Program Files\iTunes
2007-12-30 21:39 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-30 21:39 --------- d-----w C:\Program Files\BT Voyager 105 ADSL Modem
2007-12-30 21:08 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-27 10:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:12 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-22 22:20 --------- d-----w C:\Documents and Settings\Yifan\Application Data\uTorrent
2007-12-22 20:40 --------- d-----w C:\Program Files\eMule
2007-12-22 17:44 --------- d-----w C:\Program Files\FlashGet
2007-12-21 13:42 --------- d-----w C:\Program Files\Conquer 2.0
2007-11-27 20:11 --------- d-----w C:\Program Files\Java
2007-11-18 20:17 --------- d-----w C:\Documents and Settings\Yifan\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 09:57 --------- d-----w C:\Program Files\AOL 9.0
2007-11-09 08:41 --------- d-----w C:\Program Files\Age of Wonders Shadow Magic
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 14:06 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-30 18:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-17 09:17 8,712 ----a-w C:\Documents and Settings\Yifan\Server.dat
2007-05-17 09:17 4 ----a-w C:\Documents and Settings\Yifan\version.dat
2007-04-29 23:09 737,280 ----a-w C:\Documents and Settings\Yifan\C3_CORE_DLL.dll
2007-04-29 23:09 53,248 ----a-w C:\Documents and Settings\Yifan\DataThread.dll
2007-04-29 23:09 208,896 ----a-w C:\Documents and Settings\Yifan\GameData.dll
2007-04-29 23:09 196,608 ----a-w C:\Documents and Settings\Yifan\GraphicData.dll
2007-04-29 23:09 176,128 ----a-w C:\Documents and Settings\Yifan\graphic.dll
2007-04-29 23:09 139,264 ----a-w C:\Documents and Settings\Yifan\Role3D.dll
2007-04-29 23:09 114,688 ----a-w C:\Documents and Settings\Yifan\RoleView.dll
2007-04-29 07:25 1,724,450 ----a-w C:\Documents and Settings\Yifan\Conquer.exe
2007-03-23 22:00 286,720 ----a-w C:\Documents and Settings\Yifan\AutoPatch.exe
2006-11-22 13:54 593,920 ----a-w C:\Documents and Settings\Yifan\AMInstal.exe
1999-10-14 00:53 113,792 -c--a-w C:\Documents and Settings\Yifan\shw32.dll
2006-07-24 18:52 8 --sh--r C:\WINDOWS\system32\59C897F0EC.sys
2006-07-24 18:52 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-30_21.13.52.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 10:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
- 2004-08-04 05:31:59 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
+ 2007-12-30 19:55:32 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
- 2004-08-04 07:56:48 15,360 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2007-12-30 21:08:46 15,360 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
- 2004-08-04 05:31:59 208,952 -c--a-w C:\WINDOWS\system32\dllcache\imjpmig.exe
+ 2007-12-30 19:55:32 208,952 -c--a-w C:\WINDOWS\system32\dllcache\imjpmig.exe
- 2002-08-29 12:00:00 59,392 -c--a-w C:\WINDOWS\system32\dllcache\imscinst.exe
+ 2007-12-30 19:55:34 59,392 -c--a-w C:\WINDOWS\system32\dllcache\imscinst.exe
- 2002-08-29 12:00:00 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe
+ 2007-12-30 19:55:35 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe
- 2002-08-29 12:00:00 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
+ 2007-12-30 19:55:34 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
- 2002-08-29 12:00:00 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
+ 2007-12-30 19:55:35 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
- 2007-12-13 21:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 08:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2007-12-30 21:08 15360]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"igndlm.exe "= "C:\Program Files\IGN\Download Manager\DLM.exe" [ ]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey "= "mHotkey.exe" [2002-07-23 11:09 477184 C:\WINDOWS\mHotkey.exe]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2007-12-30 21:46 81990]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
"AOLDialer "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ ]
"DSLSTATEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [ ]
"DSLAGENTEXE "= "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [ ]
"%FP%Friendly fts.exe "= "C:\Program Files\VoyagerTest\fts.exe" [ ]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-12-30 19:55 208952]
"MSPY2002 "= "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2007-12-30 19:55 59392]
"PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2007-12-30 19:55 455168]
"PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2007-12-30 19:55 455168]
"AdaptecDirectCD "= "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [ ]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"StormCodec_Helper "= "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [ ]
"HostManager "= "C:\Program Files\Common Files\AOL\1158172591\ee\AOLSoftware.exe" [ ]
"EPSON Stylus C44 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [ ]
"MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"Sony Ericsson PC Suite "= "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [ ]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\System32\CTFMON.EXE" [2007-12-30 21:08 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-06-15 20:55:42]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-22 01:00:00]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2006-09-16 08:20:41]

R2 PackethSvc;Virtual NIC Service;C:\WINDOWS\system32\PackethSvc.exe [2001-08-09 16:46]
R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 15:52]
S2 MRTServ;MRTServ;C:\WINDOWS\system32\MRTServ.exe []
S3 KSDT1983;KSDT1983;C:\WINDOWS\system32\drivers\KSDT1983.sys []
S3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2005-01-12 16:36]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02F8BDF0-37B8-E891-0505-020305070501}]
C:\WINDOWS\system32\windocx.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 21:50:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 09:48:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 9:49:20
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 09:48:58
C:\qoobox\ComboFix2.txt 2007-12-30 22:03:37
C:\qoobox\ComboFix3.txt 2007-12-30 21:15:19
.
2007-12-27 22:06:42 --- E O F ---

New HJTｌｏｇ：
Logfile of HijackThis v1.99.1
Scan saved at 15:07:24, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158172591\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44 "
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ???ˉ??Ã Ã—5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??Ã Ã—5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21A55E06-0987-70C5-7DAA-0A0B56BA8D50} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {31B075AC-CE55-63D8-1669-49EA13600DC7} - http://85.255.113.214/1/gdnUS2339.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yifanwang99.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1198748166421
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B301AB3C-127D-4FE1-AFF6-8CFBCEDD2445}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: QQIEHelper - {E16A6111-85DD-4966-8E67-017B01D39359} - (no file)
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod ???^ (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MRTServ - Unknown owner - C:\WINDOWS\system32\MRTServ.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Ｉ　ｔｈｉｎｋ　ｉｔｓ　ｆｉｘｅｄ　ａｎｄ　ｍｙ　ｐｃ　ｒｕｎｓ　ａ　ｌｏｔ　ｆａｓｔｅｒ，　ｔｈａｎｋｓ　ａｇａｉｎ

Log in or Sign up

[XP slow - Most running processes duplicated]

yifanwang99 Inactive Thread Starter

PeteC SuperGeek Staff

noahdfear Inactive

yifanwang99 Inactive Thread Starter

yifanwang99 Inactive Thread Starter

noahdfear Inactive

yifanwang99 Inactive Thread Starter

yifanwang99 Inactive Thread Starter

noahdfear Inactive

yifanwang99 Inactive Thread Starter

noahdfear Inactive

yifanwang99 Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

yifanwang99 Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

yifanwang99 Inactive Thread Starter

noahdfear Inactive

yifanwang99 Inactive Thread Starter

Share This Page

Log in or Sign up

[XP slow - Most running processes duplicated]

yifanwang99 Inactive Thread Starter

PeteC SuperGeek Staff

noahdfear Inactive

yifanwang99 Inactive Thread Starter

yifanwang99 Inactive Thread Starter

noahdfear Inactive

yifanwang99 Inactive Thread Starter

yifanwang99 Inactive Thread Starter

noahdfear Inactive

yifanwang99 Inactive Thread Starter

noahdfear Inactive

yifanwang99 Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

yifanwang99 Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

yifanwang99 Inactive Thread Starter

noahdfear Inactive

yifanwang99 Inactive Thread Starter

Share This Page

Useful Searches