Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Automatic Updates Not Working/malware Removal


  • This topic is locked This topic is locked
14 replies to this topic

#1 songbee

songbee

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 11 July 2008 - 08:55 PM

Problems:
1) automatic updates unable to turn on (can't even manually start using services list)
2) On Avant Browser, new windows with content related to open tabs pop up randomly
3) Can't use gmail or google on Firefox (this may be application problem)
4) Frequent pop-ups in Internet 7 browser

Programs:
Used to have Ahnlab V3 Security Center (along with Adaware, Spybot, and Spydoctor (disabled) ), but switched to AVG upon review of this thread with similar problem (located here: http://www.bleepingcomputer.com/forums/t/36589/automatic-update-not-working/ ).
Enabled Spydoctor and added C-Cleaner and did several online scans with programs on said thread.

Computer started getting slow after installing V3
Malware may have found it's way in after installation of the game Peggle. (See AVG log)

I did an AVG scan and spybot scan in Safemode, log is as follows:
AVG 8.0 Anti-Virus command line scanner
Copyright © 1992 - 2008 AVG Technologies
Program version 8.0.134, engine 8.0.0
Virus Database: Version 270.4.7/1546 2008-07-11

HKLM\SOFTWARE\Classes\MayaAsciiFile Found Adware.CommonName
C:\Documents and Settings\Bienna Song\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Bienna Song\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Bienna Song\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Bienna Song\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\hiberfil.sys Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\Common Files\Sandlot Shared\slghex.dll Adware Generic2.GNR Object was moved to Virus Vault.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\adhoysgc.dll Trojan horse Generic10.AYRO Object was moved to Virus Vault.
C:\WINDOWS\system32\adndkjvi.dll Trojan horse Proxy.ACON Object was moved to Virus Vault.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\system32\drivers\sptd.sys Locked file. Not tested.
C:\WINDOWS\system32\faeojknk.dll Trojan horse Generic10.AUTA Object was moved to Virus Vault.
C:\WINDOWS\system32\geBtQihE.dll Trojan horse Generic10.AXRD Object was moved to Virus Vault.
C:\WINDOWS\system32\gkgrmlbl.dll Adware Generic3.HRC Object was moved to Virus Vault.
C:\WINDOWS\system32\hgqiaeqf.dll Trojan horse Generic10.AVUQ Object was moved to Virus Vault.
C:\WINDOWS\system32\holxgreg.dll Trojan horse Generic10.ATWM Object was moved to Virus Vault.
C:\WINDOWS\system32\ioqabnbr.dll Trojan horse Generic10.AXJR Object was moved to Virus Vault.
C:\WINDOWS\system32\kdqpaebb.dll Trojan horse Generic10.AWDO Object was moved to Virus Vault.
C:\WINDOWS\system32\legzxc.dll Trojan horse Generic10.AXMX Object was moved to Virus Vault.
C:\WINDOWS\system32\mafkpkrt.dll Trojan horse Generic10.AXJP Object was moved to Virus Vault.
C:\WINDOWS\system32\mtrepahm.dll Trojan horse Generic10.AVMV Object was moved to Virus Vault.
C:\WINDOWS\system32\ofqggwfw.dll Trojan horse Generic10.AXMX Object was moved to Virus Vault.
C:\WINDOWS\system32\tvnfzu.dll Trojan horse Generic10.AVUQ Object was moved to Virus Vault.
C:\WINDOWS\system32\uiduifhj.dll Trojan horse Generic10.AXJO Object was moved to Virus Vault.
C:\WINDOWS\system32\vcholmyx.dll Trojan horse Generic10.BBFK Object was moved to Virus Vault.
C:\WINDOWS\system32\yexjlgva.dll Trojan horse Generic10.AUXZ Object was moved to Virus Vault.
C:\WINDOWS\system32\yhmsyx.dll Trojan horse Generic10.AYRO Object was moved to Virus Vault.
C:\WINDOWS\system32\yhpzoo.dll Trojan horse Generic10.AXJO Object was moved to Virus Vault.
C:\WINDOWS\TempFile Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 962859
Found infections : 18
Found PUPs : 2
Healed infections : 18
Healed PUPs : 2
Warnings : 1
------------------------------------------------------------


Deckard's System Scan log is as follows:

Deckard's System Scanner v20071014.68
Run by Bienna Song on 2008-07-11 21:40:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
50: 2008-07-12 01:40:39 UTC - RP605 - Deckard's System Scanner Restore Point
49: 2008-07-11 20:11:33 UTC - RP604 - Installed AVG Free 8.0
48: 2008-07-11 13:10:23 UTC - RP603 - Installed Windows Internet Explorer 7.
47: 2008-07-11 13:07:54 UTC - RP602 - Installed Windows IDNMitigationAPIs.
46: 2008-07-11 13:07:08 UTC - RP601 - Installed Windows NLSDownlevelMapping.


-- First Restore Point --
1: 2008-06-24 04:10:06 UTC - RP556 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 502 MiB (512 MiB recommended).
System Drive C: has 8.28 GiB (less than 15%) free.


-- HijackThis (run as Bienna Song.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:07 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Bienna Song\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\BIENNA~1\Desktop\SYSTEM~1\Bienna Song.exe
C:\Program Files\Avant Browser\avant.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {90fc612f-1d17-cd0a-eef4-3253bbec4fb0} - {0bf4cebb-3523-4fee-a0dc-71d1f216cf09} - C:\WINDOWS\system32\oeztjg.dll
O2 - BHO: (no name) - {0E64E841-2463-47C9-8797-DAF2810BBF61} - C:\WINDOWS\system32\opnmmmmj.dll
O2 - BHO: (no name) - {2B3A3C28-215F-400F-B333-634A3AD7896E} - C:\WINDOWS\system32\catsrvp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74735E51-DDBC-45E9-9998-EFDB3F595EFF} - C:\WINDOWS\system32\geBtQihE.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D0C20FA1-0F1C-45A0-8DB8-F50907BC7FC1} - C:\WINDOWS\system32\qoMcbabb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [002d7f3c] rundll32.exe "C:\WINDOWS\system32\xgbdqwtf.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM031e4ca0] Rundll32.exe "C:\WINDOWS\system32\xxfjowep.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {06DAFE64-57FC-48D9-A69E-12C2599DC524} (POLYplay Control) - http://www.smtown.com/MediaService/supply/polyplay.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2D4411C2-5F0F-4182-9599-30CF9B4FB2EE} (PhotoX Class) - http://www.encyber.com/search_w/editor/TABSPhotoEditor.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.c...ersion=1,0,0,10
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://music.godpeople.com/MagicLockOCX.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...206/SBStart.CAB
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,5
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://dfgfile.com/online_games/DinerDash/...sh.1.0.0.58.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: opnmmmmj - C:\WINDOWS\SYSTEM32\opnmmmmj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13474 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\BIENNA~1\Desktop\SYSTEM~1\backups\) ---

backup-20070709-211455-118 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20070709-211455-130 O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
backup-20070709-211456-105 O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
backup-20070709-211456-252 O4 - HKLM\..\Run: [EPSON Stylus C88 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P32 "EPSON Stylus C88 Series (Copy 1)" /O6 "USB001" /M "Stylus C88"
backup-20070709-211456-341 O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://crossmap.contents.mylinker.co.kr/module/MyLinker.cab
backup-20070709-211456-438 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20070709-211458-490 O16 - DPF: {69592228-34C4-4CAF-AC73-C76DFE96BEF0} (MAGODDownload Control) - http://www.csafer.net/activex/magoddownload.cab
backup-20070709-211458-516 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
backup-20070709-211458-779 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
backup-20070709-211459-635 O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20070709-211459-674 O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
backup-20070709-211459-877 O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys
R1 meiudf - c:\windows\system32\drivers\meiudf.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys

S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 gwiopm - d:\gwiopm.sys (file missing)
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe"
R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:\program files\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe"
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe
R2 TabletService - c:\windows\system32\tablet.exe
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe"
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe"

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
S4 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-11 20:55:07 266 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-11 15:48:21 420 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-07-02 15:26:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 19:10:16 0 d--h---c- C:\$AVG8.VAULT$
2008-07-11 17:51:37 80896 --a------ C:\WINDOWS\system32\xgbdqwtf.dll
2008-07-11 17:48:42 101888 --a------ C:\WINDOWS\system32\oeztjg.dll
2008-07-11 17:48:38 101888 --a------ C:\WINDOWS\system32\qhosibdk.dll
2008-07-11 17:47:51 92672 --a------ C:\WINDOWS\system32\xxfjowep.dll
2008-07-11 17:31:52 720797 --ahs---- C:\WINDOWS\system32\bbabcMoq.ini2
2008-07-11 17:31:39 281600 --a------ C:\WINDOWS\system32\qoMcbabb.dll
2008-07-11 17:30:49 0 d-------- C:\WINDOWS\pss
2008-07-11 16:22:39 0 d-------- C:\Documents and Settings\Bienna Song\.housecall6.6
2008-07-11 16:20:09 0 d-------- C:\Program Files\CCleaner
2008-07-11 16:12:03 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-11 16:12:01 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\AVGTOOLBAR
2008-07-11 16:11:37 0 d-------- C:\Program Files\AVG
2008-07-11 16:11:36 0 d------c- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-11 15:46:47 0 d------c- C:\fsaua.data
2008-07-11 09:41:21 0 d-------- C:\Program Files\Lavalys
2008-07-11 09:01:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-11 07:47:04 80896 --a------ C:\WINDOWS\system32\hhbbciob.dll
2008-07-11 07:44:07 101888 --a------ C:\WINDOWS\system32\renazs.dll
2008-07-11 07:44:04 101888 --a------ C:\WINDOWS\system32\nxdpppoa.dll
2008-07-11 07:43:43 92672 --a------ C:\WINDOWS\system32\ejjfxhmw.dll
2008-07-09 22:32:00 101888 --a------ C:\WINDOWS\system32\forbsi.dll
2008-07-09 22:31:54 101888 --a------ C:\WINDOWS\system32\fwmesqpd.dll
2008-07-09 22:28:46 92160 --a------ C:\WINDOWS\system32\cqsxoaiw.dll
2008-07-08 22:24:32 101376 --a------ C:\WINDOWS\system32\teqpds.dll
2008-07-08 22:24:31 101376 --a------ C:\WINDOWS\system32\eabvyjrr.dll
2008-07-07 22:05:49 101376 --a------ C:\WINDOWS\system32\hmmtas.dll
2008-07-07 22:05:45 101376 --a------ C:\WINDOWS\system32\ddkdcclo.dll
2008-07-07 22:05:33 91648 --a------ C:\WINDOWS\system32\tshicsnh.dll
2008-07-07 00:20:21 0 d-------- C:\WINDOWS\LOG
2008-07-06 22:04:58 101888 --a------ C:\WINDOWS\system32\spogsl.dll
2008-07-06 22:04:44 101888 --a------ C:\WINDOWS\system32\jtdadsmf.dll
2008-07-05 22:03:54 101888 --a------ C:\WINDOWS\system32\grwech.dll
2008-07-05 22:03:50 101888 --a------ C:\WINDOWS\system32\sixbitpk.dll
2008-07-04 22:05:48 101376 --a------ C:\WINDOWS\system32\gidyhr.dll
2008-07-04 22:05:47 101376 --a------ C:\WINDOWS\system32\yesxuctu.dll
2008-07-04 15:01:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-03 07:13:27 0 d-------- C:\WINDOWS\system32\349168
2008-07-02 22:01:17 104448 --a------ C:\WINDOWS\system32\yuyxsp.dll
2008-07-02 22:01:16 104448 --a------ C:\WINDOWS\system32\splvlgpx.dll
2008-06-29 22:04:06 104448 --a------ C:\WINDOWS\system32\patwys.dll
2008-06-29 22:04:05 104448 --a------ C:\WINDOWS\system32\exmkcbso.dll
2008-06-29 09:59:30 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Google
2008-06-27 23:27:48 0 d-------- C:\Program Files\Spyware Doctor
2008-06-27 23:27:48 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\PC Tools
2008-06-27 23:19:15 0 d-------- C:\Program Files\Picasa2
2008-06-27 23:17:49 0 d-------- C:\WINDOWS\system32\runtime
2008-06-27 23:16:46 0 d-------- C:\Program Files\Norton Security Scan
2008-06-27 23:12:54 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Avant Profiles
2008-06-27 22:59:37 0 d------c- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 22:04:02 104960 --a------ C:\WINDOWS\system32\wvjzxj.dll
2008-06-27 22:04:00 104960 --a------ C:\WINDOWS\system32\wvgcjofx.dll
2008-06-27 21:57:59 94208 --a------ C:\WINDOWS\system32\ncovxqge.dll
2008-06-27 12:37:45 0 d-------- C:\Program Files\iPod
2008-06-27 12:37:20 0 d-------- C:\Program Files\iTunes
2008-06-27 12:21:47 0 d-------- C:\Program Files\Apple Software Update
2008-06-27 12:20:07 0 d-------- C:\Program Files\Common Files\Apple
2008-06-27 12:20:06 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-26 22:02:54 107008 --a------ C:\WINDOWS\system32\pymjbqhm.dll
2008-06-26 00:12:54 0 d-------- C:\Program Files\Peggle
2008-06-26 00:12:54 0 d-------- C:\Program Files\BFG
2008-06-25 23:43:18 0 d-------- C:\WINDOWS\system32\371186
2008-06-25 21:57:25 88576 --a------ C:\WINDOWS\system32\catsrvp.dll
2008-06-24 21:59:04 86528 --a------ C:\WINDOWS\system32\uiagfulq.dll
2008-06-24 21:56:03 101888 --a------ C:\WINDOWS\system32\qlwyduxd.dll
2008-06-24 21:53:55 95232 --a------ C:\WINDOWS\system32\bpdocnfr.dll
2008-06-24 00:09:55 719525 --ahs---- C:\WINDOWS\system32\EhiQtBeg.ini2
2008-06-24 00:09:31 34304 --a------ C:\WINDOWS\system32\rqRKETJY.dll
2008-06-24 00:06:15 34304 --a------ C:\WINDOWS\system32\urqNGxYp.dll
2008-06-24 00:05:15 34304 --a------ C:\WINDOWS\system32\xxywWnMd.dll
2008-06-24 00:04:32 34304 --a------ C:\WINDOWS\system32\opnmmmmj.dll
2008-06-23 23:18:52 0 d-------- C:\Program Files\Peggle Deluxe
2008-06-23 23:18:40 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-23 23:14:37 0 d-------- C:\Program Files\PacBomber


-- Find3M Report ---------------------------------------------------------------

2008-07-11 21:30:23 70451 --a------ C:\WINDOWS\system32\tablet.dat
2008-07-11 21:30:02 8405015 --a------ C:\WINDOWS\TempFile
2008-07-11 19:10:18 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2008-07-11 16:23:39 0 d-------- C:\Program Files\Avant Browser
2008-07-11 15:52:30 0 d-------- C:\Program Files\Common Files
2008-06-27 23:22:42 0 d-------- C:\Program Files\Google
2008-06-27 23:12:28 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Avant Browser
2008-06-27 15:13:03 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Apple Computer
2008-06-27 12:34:21 0 d-------- C:\Program Files\Bonjour
2008-06-27 12:31:00 0 d-------- C:\Program Files\QuickTime
2008-06-25 23:44:07 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Mozilla
2008-06-06 19:30:41 5 --a------ C:\Documents and Settings\Bienna Song\Application Data\openList.awt
2008-06-06 19:30:41 9118 --a------ C:\Documents and Settings\Bienna Song\Application Data\closedList.awt
2008-06-06 18:20:51 0 d-------- C:\Program Files\AhnLab
2008-05-28 16:28:11 0 d-------- C:\Program Files\Mystery Case Files Ravenhearst
2008-05-26 16:41:39 0 d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-05-23 14:50:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-19 22:21:17 0 d-------- C:\Program Files\Manga Studio3 EX
2008-05-19 22:14:10 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\CELSYS
2008-05-19 19:22:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 19:20:13 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\AdobeUM
2008-05-18 02:55:13 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\e frontier
2008-05-18 02:45:51 0 d-------- C:\Program Files\America Online 9.0
2008-05-17 01:36:59 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 01:29:08 0 d-------- C:\Program Files\Microsoft Works
2008-05-17 01:28:41 0 d-------- C:\Program Files\MSBuild
2008-05-17 01:26:54 0 d-------- C:\Program Files\Microsoft.NET
2008-05-17 01:15:45 0 d-------- C:\Program Files\MagicISO
2008-05-16 23:42:24 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Adobe
2008-05-16 21:53:39 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-16 20:32:18 0 d-------- C:\Program Files\portalgraphics
2008-05-15 14:07:10 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Leadertech
2008-05-15 14:02:41 0 d-------- C:\Program Files\Atari
2008-05-13 03:03:31 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-13 03:02:27 0 d-------- C:\Program Files\Windows Live
2008-05-11 21:47:41 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-11 21:46:46 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-11 21:40:53 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-11 21:31:46 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bf4cebb-3523-4fee-a0dc-71d1f216cf09}]
07/11/2008 05:48 PM 101888 --a------ C:\WINDOWS\system32\oeztjg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E64E841-2463-47C9-8797-DAF2810BBF61}]
06/24/2008 12:04 AM 34304 --a------ C:\WINDOWS\system32\opnmmmmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3A3C28-215F-400F-B333-634A3AD7896E}]
08/10/2004 08:00 AM 88576 --a------ C:\WINDOWS\system32\catsrvp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74735E51-DDBC-45E9-9998-EFDB3F595EFF}]
C:\WINDOWS\system32\geBtQihE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/11/2008 04:11 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0C20FA1-0F1C-45A0-8DB8-F50907BC7FC1}]
C:\WINDOWS\system32\qoMcbabb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 09:37 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/21/2007 01:00 PM]
"ClubBox"="" []
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"002d7f3c"="C:\WINDOWS\system32\xgbdqwtf.dll" [07/11/2008 05:51 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/11/2008 04:11 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/10/2004 08:00 AM]
"BM031e4ca0"="C:\WINDOWS\system32\xxfjowep.dll" [07/11/2008 05:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"@"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/27/2008 10:59 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0E64E841-2463-47C9-8797-DAF2810BBF61}"= C:\WINDOWS\system32\opnmmmmj.dll [06/24/2008 12:04 AM 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmmmmj]
opnmmmmj.dll 06/24/2008 12:04 AM 34304 C:\WINDOWS\system32\opnmmmmj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMcbabb

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae56336-cc70-11dc-b6f6-0013028a229b}]
AutoRun\command- servet.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b81295a-c055-11db-b684-00038a000015}]
Auto\command- G:\printer.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f788d6f8-bf26-11dc-b6ef-0013028a229b}]
AutoRun\command- ek.com
explore\Command- ek.com
open\Command- ek.com




-- End of Deckard's System Scanner: finished at 2008-07-11 21:50:58 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T1350 @ 1.86GHz
Percentage of Memory in Use: 83%
Physical Memory (total/avail): 501.98 MiB / 84.84 MiB
Pagefile Memory (total/avail): 1225.72 MiB / 720.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.81 MiB

C: is Fixed (NTFS) - 74.28 GiB total, 8.28 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541080G9SA00 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 74.28 GiB - C:
\PARTITION1 - Unknown - 251.02 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\fscagent.exe"="C:\\WINDOWS\\system32\\fscagent.exe:*:Enabled:클럽박스 파일전송 데몬"
"C:\\WINDOWS\\system32\\clubbox.exe"="C:\\WINDOWS\\system32\\clubbox.exe:*:Enabled:a¬·´¹u½º æaaiau¼u °u¸®au"
"C:\\WINDOWS\\system32\\pdrtvsvr.exe"="C:\\WINDOWS\\system32\\pdrtvsvr.exe:*:Enabled:PandoraTV VoD Control"
"C:\\WINDOWS\\system32\\grdmgr.exe"="C:\\WINDOWS\\system32\\grdmgr.exe:*:Enabled:CDN 파일전송 데몬"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\WIZET\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\WIZET\\MapleStory\\NewPatcher.exe:*:Disabled:Patcher MFC 응용 프로그램"
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"="C:\\Program Files\\Ruckus Player\\Ruckus.exe:*:Enabled:Ruckus"
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"="C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe"="C:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe:*:Enabled:Maya"
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"="C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe:*:Enabled:Maya"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bienna Song\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MADREAMA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite A105
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bienna Song
LOGONSERVER=\\MADREAMA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Autodesk\Maya8.5\bin;C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\SSH Communications Security\SSH Secure Shell
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BIENNA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BIENNA~1\LOCALS~1\Temp
USERDOMAIN=MADREAMA
USERNAME=Bienna Song
USERPROFILE=C:\Documents and Settings\Bienna Song
VERNUM=PSAA8U-02000UR
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bienna Song (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\TOSHIBA Games\G.H.O.S.T. Hunters, The Haunting of Majesty Manor\Uninstall.exe"
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
--> MsiExec.exe /I{3B55590C-8A9B-4BD6-B489-744B63026A2A}
--> MsiExec.exe /I{BB89B3A4-298B-4C9D-9E5A-F42D1D23AB5B}
--> MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Elements 4.0 --> msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Reader Korean Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5670-0000-7E8A45000001}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced Tetric v5.1 --> "C:\Program Files\MyPlayCity.com\Advanced Tetric\unins000.exe"
Advanced Uninstaller PRO 2004 - version 6 --> "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2004 version 6\unins000.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ALZip --> "C:\Program Files\ESTsoft\ALZip\unins000.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Autodesk DirectConnect 2.0 --> MsiExec.exe /I{28C74612-2C48-4421-BF67-3949CD90748E}
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bonjour Core for Windows --> MsiExec.exe /I{56DF5C9E-6392-46D3-B366-297B14E1DAAF}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Classic Cats Screen Saver --> C:\WINDOWS\system32\Classic Cats.scr /u
Combined Community Codec Pack 2006-07-28 (Remove Only) --> C:\Program Files\Combined Community Codec Pack\Uninstall.exe
Corel Painter Essentials 3 --> MsiExec.exe /I{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
Crazy Tetrix v.2.21 --> C:\WINDOWS\UnGins.exe "C:\Program Files\Crazy Tetrix\install.log"
Daum ActiveX 컨트롤 - 음악 플레이 --> "C:\WINDOWS\system32\xmaninf.exe" -u -f:"C:\Program Files\Daum\Xman\modules\{91011241-B724-4758-83E6-E13D5AD35B7B}\0,0,1,5\opt.txt"
Digimax L60 /Kenox X60 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F126E91-9E8C-4AE5-9B96-17FE3ABFF1EE}\Setup.exe"
Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Diner Dash 2 --> "C:\Program Files\Diner Dash 2\ReflexiveArcade\unins000.exe"
Diner Dash 3-in-1 --> "C:\WINDOWS\Diner Dash 3-in-1\uninstall.exe" "/U:C:\Program Files\Diner Dash 3-in-1\Uninstall\uninstall.xml"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EVEREST Corporate Edition v4.50 --> "C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
FATE --> "C:\Program Files\Toshiba Games\FATE\Uninstall.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
GOM Audio --> "C:\Program Files\GRETECH\GomAudio\uninstall.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /X{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
GPplayer --> MsiExec.exe /I{B0BAB9D7-9562-4FDB-9766-FBA7E56D14BB}
graphiquEcalendar Classic Cats --> C:\Program Files\graphiquEcalendar Classic Cats\Uninstall eCalendar.exe
Hangul 2005 --> MsiExec.exe /I{1858ACA2-BA20-4D38-8177-EDBEFF031DB0}
Hangul 2005 Template Package --> MsiExec.exe /I{2A2D96FE-C412-4644-932F-EBF7CCA79093}
Harry Potter and the Prisoner of Azkaban™ --> C:\Program Files\EA GAMES\Harry Potter and the Prisoner of Azkaban™\EAUninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Documents and Settings\Bienna Song\Desktop\System Clean Software\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire 4.12.4 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Manga Studio EX 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Manga Studio3 EX\MS_EX3.isu"
Manga Studio ShadeExporter Plugin --> C:\WINDOWS\IsUninst.exe -f"c:\program files\manga studio3 ex\Manga StudioExporterPlugin.isu"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E1A2759-42C4-4629-B535-11BDA56C190D}\setup.exe" -l0x9 -removeonly
Maxtor Manager --> "C:\Program Files\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager --> MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
Maya 8.5 --> MsiExec.exe /I{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}
Maya 8.5 Documentation (en_US) --> MsiExec.exe /I{81525B87-9344-4834-883C-C6A9D78EA1DF}
Maya 8.5 Personal Learning Edition --> MsiExec.exe /I{2D8ECB5E-9F6C-4332-AEE6-0E4EE1DEC926}
Maya 8.5 Personal Learning Edition Documentation (en_US) --> MsiExec.exe /I{6A829DA3-E377-4BC0-938F-F453C6BB3F67}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint 2003 Template Pack 2 --> MsiExec.exe /I{90AC0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint 2003 Template Pack 3 --> MsiExec.exe /I{90AD0411-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft® Winter Fun Pack 2004 for Windows® XP --> MsiExec.exe /X{038A524F-58DB-438A-8391-8F7F0CA14B9E}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MyConnect Special Offer --> MsiExec.exe /I{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}
Mystery Case Files Huntsville --> "C:\WINDOWS\Mystery Case Files Huntsville\uninstall.exe" "/U:C:\Program Files\Mystery Case Files Huntsville\Uninstall\uninstall.xml"
Mystery Case Files Prime Suspects --> "C:\WINDOWS\Mystery Case Files Prime Suspects\uninstall.exe" "/U:C:\Program Files\Mystery Case Files Prime Suspects\Uninstall\uninstall.xml"
Mystery Case Files Ravenhearst --> "C:\WINDOWS\Mystery Case Files Ravenhearst\uninstall.exe" "/U:C:\Program Files\Mystery Case Files Ravenhearst\Uninstall\uninstall.xml"
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
nik Color Efex Pro 2.0 IE --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Photoshop Elements 4.0\Plug-Ins\nik Color Efex Pro 2.0 IE\uninstal.log
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
openCanvas4.06E Plus --> MsiExec.exe /X{C22404E3-371D-46A3-A633-C7094DDE7274}
OpenOffice.org 2.1 --> MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Peggle (remove only) --> C:\Program Files\Peggle\Uninstall.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Sandlot Games Client Services 1.2.2 --> "C:\Program Files\Common Files\Sandlot Shared\unins001.exe"
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tablet --> C:\Program Files\Tablet\Remove.exe /u
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Games --> "C:\Program Files\TOSHIBA Games\Uninstall.exe"
TOSHIBA Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Toshiba Registration --> MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA TV Tuner 4.0.12.73 --> C:\Program Files\AVerMedia\TOSHIBA TV Tuner\uninst.exe
TOSHIBA Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553 --> C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Music Engine --> "C:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zip'N'All Uninstall --> "C:\Program Files\ZipNAll\unins000.exe"
스마트 업데이트 유틸리티 (AhnLab, Inc.) --> "C:\Program Files\AhnLab\Smart Update Utility\Uninst.exe" -Uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type3291 / Error
Event Submitted/Written: 07/11/2008 09:46:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avant.exe, version 11.6.0.20, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [avant.exe!ws!]

Event Record #/Type3285 / Success
Event Submitted/Written: 07/11/2008 09:29:51 PM
Event ID/Source: 2570 / Adobe Active File Monitor 4.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type3278 / Success
Event Submitted/Written: 07/11/2008 09:24:43 PM
Event ID/Source: 2570 / Adobe Active File Monitor 4.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type3276 / Error
Event Submitted/Written: 07/11/2008 09:21:26 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 839868987.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type3275 / Error
Event Submitted/Written: 07/11/2008 09:21:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module qomcbabb.dll, version 0.0.0.0, fault address 0x00063293.
Processing media-specific event for [hijackthis.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25607 / Error
Event Submitted/Written: 07/11/2008 09:31:03 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DS1410D service failed to start due to the following error:
%%2

Event Record #/Type25582 / Error
Event Submitted/Written: 07/11/2008 09:26:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DS1410D service failed to start due to the following error:
%%2

Event Record #/Type25570 / Error
Event Submitted/Written: 07/11/2008 09:06:52 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Auto Connection Manager service terminated with the following error:
%%2147483720

Event Record #/Type25567 / Error
Event Submitted/Written: 07/11/2008 09:06:50 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Auto Connection Manager service terminated with the following error:
%%2147483720

Event Record #/Type25564 / Error
Event Submitted/Written: 07/11/2008 09:06:49 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Auto Connection Manager service terminated with the following error:
%%2147483720



-- End of Deckard's System Scanner: finished at 2008-07-11 21:50:58 ------------





Please help diagnose the problem and teach me how to remedy it!
Thanks in advance!! :)

Edited by songbee, 12 July 2008 - 10:43 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:17 AM

Posted 12 July 2008 - 10:44 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Also post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 songbee

songbee
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 12 July 2008 - 01:36 PM

Hi!
Thank you for such a warm welcome :D
I'm glad to have found such a helpful and resourceful forum.

I did as you posted - ran the Malwarebytes program.
The first time it found 54 infections; however, when it tried to remove them, it froze and shut down.
The second time, it found around 32 infections, was able to complete the process: the log popped up and asked me to restart windows.

Here are the two logs respectively, followed by DSS log, and a couple more concerns that I have:
Thanks for your hard work!

1st run
Malwarebytes' Anti-Malware 1.20
Database version: 942
Windows 5.1.2600 Service Pack 2

12:42:47 PM 7/12/2008
mbam-log-7-12-2008 (12-42-47).txt

Scan type: Quick Scan
Objects scanned: 46062
Time elapsed: 11 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\kphdjhvn.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnLEwTJ.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnmmmmj.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6e823c82-e582-4e1b-b63d-029e648ad818} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6e823c82-e582-4e1b-b63d-029e648ad818} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnmmmmj (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{40722371-e24c-4b36-8e76-010bb6c7185b} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{825c19d3-35ce-428f-876b-88e080466689} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0409743c-e5e3-4bdd-9ec7-eff622530282} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f553c18-15e6-4e5e-8f44-add50de754ed} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\002d7f3c (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm031e4ca0 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnlewtj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnlewtj -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\349168 (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\371186 (Trojan.BHO) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\opnLEwTJ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\JTwELnpo.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\JTwELnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhbbciob.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\boicbbhh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kphdjhvn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nvhjdhpk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uiagfulq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlufgaiu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xgbdqwtf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftwqdbgx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmmmmj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRKETJY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\splvlgpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNGxYp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxywWnMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuyxsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clwjijvt.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\BM031e4ca0.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM031e4ca0.txt (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

2nd run
Malwarebytes' Anti-Malware 1.20
Database version: 942
Windows 5.1.2600 Service Pack 2

2:08:09 PM 7/12/2008
mbam-log-7-12-2008 (14-08-09).txt

Scan type: Quick Scan
Objects scanned: 45724
Time elapsed: 11 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\opnLEwTJ.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnmmmmj.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6e823c82-e582-4e1b-b63d-029e648ad818} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6e823c82-e582-4e1b-b63d-029e648ad818} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnmmmmj (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm031e4ca0 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnlewtj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnlewtj -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\349168 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\371186 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\opnLEwTJ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\JTwELnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\JTwELnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmmmmj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clwjijvt.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\BM031e4ca0.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

DSS
Deckard's System Scanner v20071014.68
Run by Bienna Song on 2008-07-12 14:17:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 502 MiB (512 MiB recommended).
System Drive C: has 8.34 GiB (less than 15%) free.


-- HijackThis (run as Bienna Song.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:12 PM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Bienna Song\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\BIENNA~1\Desktop\SYSTEM~1\BIENNA~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2B3A3C28-215F-400F-B333-634A3AD7896E} - C:\WINDOWS\system32\catsrvp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74735E51-DDBC-45E9-9998-EFDB3F595EFF} - C:\WINDOWS\system32\geBtQihE.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {fb908b07-f697-b6fb-2cc4-a2ee113a158a} - {a851a311-ee2a-4cc2-bf6b-796f70b809bf} - C:\WINDOWS\system32\utlvve.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D0C20FA1-0F1C-45A0-8DB8-F50907BC7FC1} - C:\WINDOWS\system32\qoMcbabb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {06DAFE64-57FC-48D9-A69E-12C2599DC524} (POLYplay Control) - http://www.smtown.com/MediaService/supply/polyplay.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2D4411C2-5F0F-4182-9599-30CF9B4FB2EE} (PhotoX Class) - http://www.encyber.com/search_w/editor/TABSPhotoEditor.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.c...ersion=1,0,0,10
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://music.godpeople.com/MagicLockOCX.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...206/SBStart.CAB
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,5
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://dfgfile.com/online_games/DinerDash/...sh.1.0.0.58.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll,
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13489 bytes

-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 14:08:44 721094 --ahs---- C:\WINDOWS\system32\JTwELnpo.ini2
2008-07-12 11:52:33 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Malwarebytes
2008-07-12 11:52:01 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 11:51:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 04:10:49 81408 --a------ C:\WINDOWS\system32\kphdjhvn.dll
2008-07-12 04:07:53 101888 --a------ C:\WINDOWS\system32\utlvve.dll
2008-07-12 04:07:48 101888 --a------ C:\WINDOWS\system32\fatxgiwu.dll
2008-07-12 04:04:30 281600 --a------ C:\WINDOWS\system32\opnLEwTJ.dll
2008-07-11 19:10:16 0 d--h---c- C:\$AVG8.VAULT$
2008-07-11 17:48:42 101888 --a------ C:\WINDOWS\system32\oeztjg.dll
2008-07-11 17:48:38 101888 --a------ C:\WINDOWS\system32\qhosibdk.dll
2008-07-11 17:47:51 92672 --a------ C:\WINDOWS\system32\xxfjowep.dll
2008-07-11 17:31:52 720797 --ahs---- C:\WINDOWS\system32\bbabcMoq.ini2
2008-07-11 17:30:49 0 d-------- C:\WINDOWS\pss
2008-07-11 16:22:39 0 d-------- C:\Documents and Settings\Bienna Song\.housecall6.6
2008-07-11 16:20:09 0 d-------- C:\Program Files\CCleaner
2008-07-11 16:12:03 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-11 16:12:01 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\AVGTOOLBAR
2008-07-11 16:11:37 0 d-------- C:\Program Files\AVG
2008-07-11 16:11:36 0 d------c- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-11 15:46:47 0 d------c- C:\fsaua.data
2008-07-11 09:41:21 0 d-------- C:\Program Files\Lavalys
2008-07-11 09:01:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-11 07:44:07 101888 --a------ C:\WINDOWS\system32\renazs.dll
2008-07-11 07:44:04 101888 --a------ C:\WINDOWS\system32\nxdpppoa.dll
2008-07-11 07:43:43 92672 --a------ C:\WINDOWS\system32\ejjfxhmw.dll
2008-07-09 22:32:00 101888 --a------ C:\WINDOWS\system32\forbsi.dll
2008-07-09 22:31:54 101888 --a------ C:\WINDOWS\system32\fwmesqpd.dll
2008-07-09 22:28:46 92160 --a------ C:\WINDOWS\system32\cqsxoaiw.dll
2008-07-08 22:24:32 101376 --a------ C:\WINDOWS\system32\teqpds.dll
2008-07-08 22:24:31 101376 --a------ C:\WINDOWS\system32\eabvyjrr.dll
2008-07-07 22:05:49 101376 --a------ C:\WINDOWS\system32\hmmtas.dll
2008-07-07 22:05:45 101376 --a------ C:\WINDOWS\system32\ddkdcclo.dll
2008-07-07 22:05:33 91648 --a------ C:\WINDOWS\system32\tshicsnh.dll
2008-07-07 00:20:21 0 d-------- C:\WINDOWS\LOG
2008-07-06 22:04:58 101888 --a------ C:\WINDOWS\system32\spogsl.dll
2008-07-06 22:04:44 101888 --a------ C:\WINDOWS\system32\jtdadsmf.dll
2008-07-05 22:03:54 101888 --a------ C:\WINDOWS\system32\grwech.dll
2008-07-05 22:03:50 101888 --a------ C:\WINDOWS\system32\sixbitpk.dll
2008-07-04 22:05:48 101376 --a------ C:\WINDOWS\system32\gidyhr.dll
2008-07-04 22:05:47 101376 --a------ C:\WINDOWS\system32\yesxuctu.dll
2008-07-04 15:01:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-29 22:04:06 104448 --a------ C:\WINDOWS\system32\patwys.dll
2008-06-29 22:04:05 104448 --a------ C:\WINDOWS\system32\exmkcbso.dll
2008-06-29 09:59:30 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Google
2008-06-27 23:27:48 0 d-------- C:\Program Files\Spyware Doctor
2008-06-27 23:27:48 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\PC Tools
2008-06-27 23:19:15 0 d-------- C:\Program Files\Picasa2
2008-06-27 23:17:49 0 d-------- C:\WINDOWS\system32\runtime
2008-06-27 23:16:46 0 d-------- C:\Program Files\Norton Security Scan
2008-06-27 23:12:54 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Avant Profiles
2008-06-27 22:59:37 0 d------c- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 22:04:02 104960 --a------ C:\WINDOWS\system32\wvjzxj.dll
2008-06-27 22:04:00 104960 --a------ C:\WINDOWS\system32\wvgcjofx.dll
2008-06-27 21:57:59 94208 --a------ C:\WINDOWS\system32\ncovxqge.dll
2008-06-27 12:37:45 0 d-------- C:\Program Files\iPod
2008-06-27 12:37:20 0 d-------- C:\Program Files\iTunes
2008-06-27 12:21:47 0 d-------- C:\Program Files\Apple Software Update
2008-06-27 12:20:07 0 d-------- C:\Program Files\Common Files\Apple
2008-06-27 12:20:06 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-26 22:02:54 107008 --a------ C:\WINDOWS\system32\pymjbqhm.dll
2008-06-26 00:12:54 0 d-------- C:\Program Files\Peggle
2008-06-26 00:12:54 0 d-------- C:\Program Files\BFG
2008-06-25 21:57:25 88576 --a------ C:\WINDOWS\system32\catsrvp.dll
2008-06-24 21:56:03 101888 --a------ C:\WINDOWS\system32\qlwyduxd.dll
2008-06-24 21:53:55 95232 --a------ C:\WINDOWS\system32\bpdocnfr.dll
2008-06-24 00:09:55 719525 --ahs---- C:\WINDOWS\system32\EhiQtBeg.ini2
2008-06-24 00:04:32 34304 --a------ C:\WINDOWS\system32\opnmmmmj.dll
2008-06-23 23:18:52 0 d-------- C:\Program Files\Peggle Deluxe
2008-06-23 23:18:40 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-23 23:14:37 0 d-------- C:\Program Files\PacBomber


-- Find3M Report ---------------------------------------------------------------

2008-07-12 14:12:48 70451 --a------ C:\WINDOWS\system32\tablet.dat
2008-07-12 14:12:35 8405015 --a------ C:\WINDOWS\TempFile
2008-07-11 19:10:18 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2008-07-11 16:23:39 0 d-------- C:\Program Files\Avant Browser
2008-07-11 15:52:30 0 d-------- C:\Program Files\Common Files
2008-06-27 23:22:42 0 d-------- C:\Program Files\Google
2008-06-27 23:12:28 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Avant Browser
2008-06-27 15:13:03 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Apple Computer
2008-06-27 12:34:21 0 d-------- C:\Program Files\Bonjour
2008-06-27 12:31:00 0 d-------- C:\Program Files\QuickTime
2008-06-25 23:44:07 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Mozilla
2008-06-06 19:30:41 5 --a------ C:\Documents and Settings\Bienna Song\Application Data\openList.awt
2008-06-06 19:30:41 9118 --a------ C:\Documents and Settings\Bienna Song\Application Data\closedList.awt
2008-06-06 18:20:51 0 d-------- C:\Program Files\AhnLab
2008-05-28 16:28:11 0 d-------- C:\Program Files\Mystery Case Files Ravenhearst
2008-05-26 16:41:39 0 d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-05-23 14:50:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-19 22:21:17 0 d-------- C:\Program Files\Manga Studio3 EX
2008-05-19 22:14:10 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\CELSYS
2008-05-19 19:22:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 19:20:13 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\AdobeUM
2008-05-18 02:55:13 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\e frontier
2008-05-18 02:45:51 0 d-------- C:\Program Files\America Online 9.0
2008-05-17 01:36:59 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 01:29:08 0 d-------- C:\Program Files\Microsoft Works
2008-05-17 01:28:41 0 d-------- C:\Program Files\MSBuild
2008-05-17 01:26:54 0 d-------- C:\Program Files\Microsoft.NET
2008-05-17 01:15:45 0 d-------- C:\Program Files\MagicISO
2008-05-16 23:42:24 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Adobe
2008-05-16 21:53:39 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-16 20:32:18 0 d-------- C:\Program Files\portalgraphics
2008-05-15 14:07:10 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Leadertech
2008-05-15 14:02:41 0 d-------- C:\Program Files\Atari
2008-05-13 03:03:31 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-13 03:02:27 0 d-------- C:\Program Files\Windows Live


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3A3C28-215F-400F-B333-634A3AD7896E}]
08/10/2004 08:00 AM 88576 --a------ C:\WINDOWS\system32\catsrvp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74735E51-DDBC-45E9-9998-EFDB3F595EFF}]
C:\WINDOWS\system32\geBtQihE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/11/2008 04:11 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a851a311-ee2a-4cc2-bf6b-796f70b809bf}]
07/12/2008 04:07 AM 101888 --a------ C:\WINDOWS\system32\utlvve.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0C20FA1-0F1C-45A0-8DB8-F50907BC7FC1}]
C:\WINDOWS\system32\qoMcbabb.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/11/2008 04:11 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 09:37 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/21/2007 01:00 PM]
"ClubBox"="" []
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/11/2008 04:11 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/10/2004 08:00 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"@"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/27/2008 10:59 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae56336-cc70-11dc-b6f6-0013028a229b}]
AutoRun\command- servet.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b81295a-c055-11db-b684-00038a000015}]
Auto\command- G:\printer.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f788d6f8-bf26-11dc-b6ef-0013028a229b}]
AutoRun\command- ek.com
explore\Command- ek.com
open\Command- ek.com




-- End of Deckard's System Scanner: finished at 2008-07-12 14:19:46 ------------




A couple things...
*The automatic updates is still off on restart.
*I restarted the system to safemode using Run: msconfig. Now everytime I restart, it prompts me to switch back from the modified Boot.int (?) mode to the Normal mode (using the settings previous to the modified version from SafeMode)
I can't remember exactly what it said, so don't know if this makes any sense.......
But just wondering if on the next restart, when I'm prompted, is it okay for me to switch back to normal mode to stop future prompts like these?
*This is kind of beside the point but...why is my RAM 502mb instead of 512mb? Is it a program that I installed that's using it up? (I'm sure this laptop came with 512mb...)

Okay, that's it for now
Thanks for your help! :thumbsup:

Edited by songbee, 12 July 2008 - 01:39 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:17 AM

Posted 12 July 2008 - 05:16 PM

Yes, go ahead and switch back to normal mode on your next reboot. As far as your ram, that's normal to see it reported that way. Of the top of my head I couldn't tell you technical reason why, but it's common and nothing to worry about.

Malwarebytes did the best it could, but we're going to need another tool to deal with your infection.

Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 songbee

songbee
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 12 July 2008 - 08:31 PM

ComboFix 08-07-12.1 - Bienna Song 2008-07-12 21:01:55.2 - NTFSx86
Running from: C:\Documents and Settings\Bienna Song\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\catsrvp.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\customer_cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\plates.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalk.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalkup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continueover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplayover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pauseover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagainover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowright.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\tables.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\sound.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorial_character.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\select.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\table.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\dinerdash.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bbabcMoq.ini
C:\WINDOWS\system32\bbabcMoq.ini2
C:\WINDOWS\system32\bpdocnfr.dll
C:\WINDOWS\system32\cqsxoaiw.dll
C:\WINDOWS\system32\ddkdcclo.dll
C:\WINDOWS\system32\eabvyjrr.dll
C:\WINDOWS\system32\EhiQtBeg.ini
C:\WINDOWS\system32\EhiQtBeg.ini2
C:\WINDOWS\system32\ejjfxhmw.dll
C:\WINDOWS\system32\exmkcbso.dll
C:\WINDOWS\system32\fatxgiwu.dll
C:\WINDOWS\system32\forbsi.dll
C:\WINDOWS\system32\fwmesqpd.dll
C:\WINDOWS\system32\gidyhr.dll
C:\WINDOWS\system32\grwech.dll
C:\WINDOWS\system32\hmmtas.dll
C:\WINDOWS\system32\jtdadsmf.dll
C:\WINDOWS\system32\JTwELnpo.ini
C:\WINDOWS\system32\JTwELnpo.ini2
C:\WINDOWS\system32\kphdjhvn.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ncovxqge.dll
C:\WINDOWS\system32\nxdpppoa.dll
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\oeztjg.dll
C:\WINDOWS\system32\opnLEwTJ.dll
C:\WINDOWS\system32\opnmmmmj.dll
C:\WINDOWS\system32\patwys.dll
C:\WINDOWS\system32\pymjbqhm.dll
C:\WINDOWS\system32\qhosibdk.dll
C:\WINDOWS\system32\qlwyduxd.dll
C:\WINDOWS\system32\renazs.dll
C:\WINDOWS\system32\sixbitpk.dll
C:\WINDOWS\system32\spogsl.dll
C:\WINDOWS\system32\teqpds.dll
C:\WINDOWS\system32\tshicsnh.dll
C:\WINDOWS\system32\utlvve.dll
C:\WINDOWS\system32\wvgcjofx.dll
C:\WINDOWS\system32\wvjzxj.dll
C:\WINDOWS\system32\xxfjowep.dll
C:\WINDOWS\system32\yesxuctu.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-12 15:30 . 2008-07-12 15:30 <DIR> d-------- C:\Documents and Settings\Bienna Song\dwhelper
2008-07-12 11:52 . 2008-07-12 11:52 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\Malwarebytes
2008-07-12 11:52 . 2008-07-12 11:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 11:52 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-12 11:52 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-12 11:51 . 2008-07-12 11:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 21:38 . 2008-07-11 21:38 <DIR> d----c--- C:\Deckard
2008-07-11 19:10 . 2008-07-12 07:08 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-07-11 16:23 . 2008-07-11 16:22 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-11 16:22 . 2008-07-11 16:25 <DIR> d-------- C:\Documents and Settings\Bienna Song\.housecall6.6
2008-07-11 16:20 . 2008-07-11 16:20 <DIR> d-------- C:\Program Files\CCleaner
2008-07-11 16:12 . 2008-07-12 08:16 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-11 16:12 . 2008-07-12 08:23 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\AVGTOOLBAR
2008-07-11 16:12 . 2008-07-11 16:12 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-11 16:12 . 2008-07-11 16:12 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-11 16:11 . 2008-07-11 16:11 <DIR> d-------- C:\Program Files\AVG
2008-07-11 16:11 . 2008-07-11 16:11 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-11 15:46 . 2008-07-11 15:46 <DIR> d----c--- C:\fsaua.data
2008-07-11 09:41 . 2008-07-11 09:41 <DIR> d-------- C:\Program Files\Lavalys
2008-07-11 09:01 . 2008-07-11 09:01 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-09 22:29 . 2008-07-11 07:43 1,699,448 --ahs---- C:\WINDOWS\system32\okfxqycy.ini
2008-07-08 22:22 . 2008-07-09 22:27 1,691,333 --ahs---- C:\WINDOWS\system32\ldkghtoa.ini
2008-07-07 22:08 . 2008-07-08 22:21 1,747,774 --ahs---- C:\WINDOWS\system32\tsvwhqix.ini
2008-07-07 00:20 . 2008-07-07 00:20 <DIR> d-------- C:\WINDOWS\LOG
2008-07-06 22:07 . 2008-07-07 22:08 1,807,816 --ahs---- C:\WINDOWS\system32\ldnaijeo.ini
2008-07-05 22:06 . 2008-07-06 22:07 1,694,631 --ahs---- C:\WINDOWS\system32\cewcnbyj.ini
2008-07-04 22:02 . 2008-07-05 22:04 1,694,378 --ahs---- C:\WINDOWS\system32\soanqdcv.ini
2008-07-04 15:01 . 2008-07-11 17:23 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-03 22:02 . 2008-07-04 12:05 1,688,340 --ahs---- C:\WINDOWS\system32\jbtrtkwf.ini
2008-07-02 22:01 . 2008-07-03 22:02 1,697,588 --ahs---- C:\WINDOWS\system32\jweaiqgo.ini
2008-07-01 22:04 . 2008-07-02 19:43 1,713,504 --ahs---- C:\WINDOWS\system32\gvagrurb.ini
2008-06-30 22:03 . 2008-07-01 12:35 1,713,343 --ahs---- C:\WINDOWS\system32\mhapertm.ini
2008-06-29 22:01 . 2008-06-30 20:00 1,733,461 --ahs---- C:\WINDOWS\system32\cgbvkxll.ini
2008-06-28 22:03 . 2008-06-29 08:30 1,707,902 --ahs---- C:\WINDOWS\system32\knkjoeaf.ini
2008-06-27 23:27 . 2008-07-12 19:28 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-27 23:27 . 2008-06-27 23:27 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\PC Tools
2008-06-27 23:27 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-27 23:27 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-27 23:27 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-27 23:27 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-27 23:19 . 2008-06-27 23:19 <DIR> d-------- C:\Program Files\Picasa2
2008-06-27 23:17 . 2008-06-27 23:17 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-06-27 23:16 . 2008-07-11 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-06-27 23:12 . 2008-07-04 16:35 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\Avant Profiles
2008-06-27 22:59 . 2008-07-12 08:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 22:00 . 2008-06-28 22:02 1,707,730 --ahs---- C:\WINDOWS\system32\wlusssye.ini
2008-06-27 12:37 . 2008-06-27 12:38 <DIR> d-------- C:\Program Files\iTunes
2008-06-27 12:37 . 2008-06-27 12:37 <DIR> d-------- C:\Program Files\iPod
2008-06-27 12:21 . 2008-06-27 12:21 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-27 12:20 . 2008-06-27 12:20 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-27 12:20 . 2008-06-27 12:20 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-27 11:53 . 2008-06-27 11:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-27 11:53 . 2008-06-27 11:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-26 22:00 . 2008-06-27 19:07 1,727,840 --ahs---- C:\WINDOWS\system32\odgdvkiq.ini
2008-06-26 00:12 . 2008-06-26 00:16 <DIR> d-------- C:\Program Files\Peggle
2008-06-26 00:12 . 2008-06-26 00:12 <DIR> d-------- C:\Program Files\BFG
2008-06-25 22:00 . 2008-06-26 00:06 1,705,934 --ahs---- C:\WINDOWS\system32\mmynwynj.ini
2008-06-24 09:54 . 2008-06-24 13:12 1,715,392 --ahs---- C:\WINDOWS\system32\bfdwvedq.ini
2008-06-23 23:18 . 2008-06-23 23:18 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-23 23:18 . 2008-06-26 03:36 <DIR> d-------- C:\Program Files\Peggle Deluxe
2008-06-23 23:14 . 2008-06-26 03:36 <DIR> d-------- C:\Program Files\PacBomber

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 00:59 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 23:10 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-07-11 20:23 --------- d-----w C:\Program Files\Avant Browser
2008-07-08 07:23 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-28 03:22 --------- d-----w C:\Program Files\Google
2008-06-28 03:12 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\Avant Browser
2008-06-27 19:13 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\Apple Computer
2008-06-27 16:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-27 16:34 --------- d-----w C:\Program Files\Bonjour
2008-06-27 16:31 --------- d-----w C:\Program Files\QuickTime
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 22:20 --------- d-----w C:\Program Files\AhnLab
2008-05-28 20:28 --------- d-----w C:\Program Files\Mystery Case Files Ravenhearst
2008-05-26 20:41 --------- d-----w C:\Program Files\Mystery Case Files Prime Suspects
2008-05-23 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 02:21 --------- d-----w C:\Program Files\Manga Studio3 EX
2008-05-20 02:14 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\CELSYS
2008-05-19 23:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-19 23:20 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\AdobeUM
2008-05-18 06:55 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\e frontier
2008-05-18 06:45 --------- d-----w C:\Program Files\America Online 9.0
2008-05-17 07:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-17 05:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-17 05:29 --------- d-----w C:\Program Files\Microsoft Works
2008-05-17 05:28 --------- d-----w C:\Program Files\MSBuild
2008-05-17 05:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-17 05:15 --------- d-----w C:\Program Files\MagicISO
2008-05-17 03:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-17 01:53 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-17 00:32 --------- d-----w C:\Program Files\portalgraphics
2008-05-15 18:07 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\Leadertech
2008-05-15 18:02 --------- d-----w C:\Program Files\Atari
2008-05-13 07:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-13 07:02 --------- d-----w C:\Program Files\Windows Live
2007-03-01 05:45 198 -c--a-w C:\Documents and Settings\Bienna Song\Application Data\wklnhst.dat
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-27 22:59 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 21:37 151552]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 13:00 1836544]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-11 16:11 1232152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 08:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aim6.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\WINDOWS\\system32\\pdrtvsvr.exe"=
"C:\\WINDOWS\\system32\\grdmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\WIZET\\MapleStory\\NewPatcher.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13369:TCP"= 13369:TCP:BitComet 13369 TCP
"13369:UDP"= 13369:UDP:BitComet 13369 UDP
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
"58786:TCP"= 58786:TCP:BitComet 58786 TCP
"58786:UDP"= 58786:UDP:BitComet 58786 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-11 16:12]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2008-01-28 21:23]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 16:11]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S3 gwiopm;gwiopm;D:\gwiopm.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae56336-cc70-11dc-b6f6-0013028a229b}]
\Shell\AutoRun\command - servet.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b81295a-c055-11db-b684-00038a000015}]
\Shell\Auto\command - G:\printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f788d6f8-bf26-11dc-b6ef-0013028a229b}]
\Shell\AutoRun\command - ek.com
\Shell\explore\Command - ek.com
\Shell\open\Command - ek.com

.
Contents of the 'Scheduled Tasks' folder
"2008-07-02 19:26:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-13 00:55:08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-11 19:48:21 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{74735E51-DDBC-45E9-9998-EFDB3F595EFF} - C:\WINDOWS\system32\geBtQihE.dll
BHO-{D0C20FA1-0F1C-45A0-8DB8-F50907BC7FC1} - C:\WINDOWS\system32\qoMcbabb.dll
HKLM-Run-ClubBox - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 21:09:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-12 21:19:18
ComboFix-quarantined-files.txt 2008-07-13 01:18:51

Pre-Run: 8,658,399,232 bytes free
Post-Run: 8,662,970,368 bytes free

557 --- E O F --- 2008-06-21 13:23:54

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:17 AM

Posted 13 July 2008 - 09:28 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\okfxqycy.ini
C:\WINDOWS\system32\ldkghtoa.ini
C:\WINDOWS\system32\tsvwhqix.ini
C:\WINDOWS\system32\ldnaijeo.ini
C:\WINDOWS\system32\cewcnbyj.ini
C:\WINDOWS\system32\soanqdcv.ini
C:\WINDOWS\system32\jbtrtkwf.ini
C:\WINDOWS\system32\jweaiqgo.ini
C:\WINDOWS\system32\gvagrurb.ini
C:\WINDOWS\system32\mhapertm.ini
C:\WINDOWS\system32\cgbvkxll.ini
C:\WINDOWS\system32\knkjoeaf.ini
C:\WINDOWS\system32\wlusssye.ini
C:\WINDOWS\system32\mmynwynj.ini
C:\WINDOWS\system32\bfdwvedq.ini
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


===================



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 songbee

songbee
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 13 July 2008 - 09:47 PM

Combofix Log
ComboFix 08-07-12.1 - Bienna Song 2008-07-13 15:49:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.175 [GMT -4:00]
Running from: C:\Documents and Settings\Bienna Song\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bienna Song\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\bfdwvedq.ini
C:\WINDOWS\system32\cewcnbyj.ini
C:\WINDOWS\system32\cgbvkxll.ini
C:\WINDOWS\system32\gvagrurb.ini
C:\WINDOWS\system32\jbtrtkwf.ini
C:\WINDOWS\system32\jweaiqgo.ini
C:\WINDOWS\system32\knkjoeaf.ini
C:\WINDOWS\system32\ldkghtoa.ini
C:\WINDOWS\system32\ldnaijeo.ini
C:\WINDOWS\system32\mhapertm.ini
C:\WINDOWS\system32\mmynwynj.ini
C:\WINDOWS\system32\okfxqycy.ini
C:\WINDOWS\system32\soanqdcv.ini
C:\WINDOWS\system32\tsvwhqix.ini
C:\WINDOWS\system32\wlusssye.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bfdwvedq.ini
C:\WINDOWS\system32\cewcnbyj.ini
C:\WINDOWS\system32\cgbvkxll.ini
C:\WINDOWS\system32\gvagrurb.ini
C:\WINDOWS\system32\jbtrtkwf.ini
C:\WINDOWS\system32\jweaiqgo.ini
C:\WINDOWS\system32\knkjoeaf.ini
C:\WINDOWS\system32\ldkghtoa.ini
C:\WINDOWS\system32\ldnaijeo.ini
C:\WINDOWS\system32\mhapertm.ini
C:\WINDOWS\system32\mmynwynj.ini
C:\WINDOWS\system32\okfxqycy.ini
C:\WINDOWS\system32\soanqdcv.ini
C:\WINDOWS\system32\tsvwhqix.ini
C:\WINDOWS\system32\wlusssye.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-12 21:29 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-12 21:29 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-12 21:29 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-12 21:29 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-12 21:29 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-12 21:29 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-12 21:29 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-12 21:29 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-12 21:29 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-12 15:30 . 2008-07-12 15:30 <DIR> d-------- C:\Documents and Settings\Bienna Song\dwhelper
2008-07-12 11:52 . 2008-07-12 11:52 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\Malwarebytes
2008-07-12 11:52 . 2008-07-12 11:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 11:52 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-12 11:52 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-12 11:51 . 2008-07-12 11:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 21:38 . 2008-07-11 21:38 <DIR> d----c--- C:\Deckard
2008-07-11 19:10 . 2008-07-12 07:08 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-07-11 16:23 . 2008-07-11 16:22 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-11 16:22 . 2008-07-11 16:25 <DIR> d-------- C:\Documents and Settings\Bienna Song\.housecall6.6
2008-07-11 16:20 . 2008-07-11 16:20 <DIR> d-------- C:\Program Files\CCleaner
2008-07-11 16:12 . 2008-07-12 22:07 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-11 16:12 . 2008-07-12 08:23 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\AVGTOOLBAR
2008-07-11 16:12 . 2008-07-11 16:12 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-11 16:12 . 2008-07-11 16:12 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-11 16:11 . 2008-07-11 16:11 <DIR> d-------- C:\Program Files\AVG
2008-07-11 16:11 . 2008-07-11 16:11 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-11 15:46 . 2008-07-11 15:46 <DIR> d----c--- C:\fsaua.data
2008-07-11 09:41 . 2008-07-11 09:41 <DIR> d-------- C:\Program Files\Lavalys
2008-07-11 09:01 . 2008-07-11 09:01 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-07 00:20 . 2008-07-07 00:20 <DIR> d-------- C:\WINDOWS\LOG
2008-07-04 15:01 . 2008-07-11 17:23 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-27 23:27 . 2008-07-12 19:28 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-27 23:27 . 2008-06-27 23:27 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\PC Tools
2008-06-27 23:27 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-27 23:27 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-27 23:27 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-27 23:27 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-27 23:19 . 2008-06-27 23:19 <DIR> d-------- C:\Program Files\Picasa2
2008-06-27 23:17 . 2008-06-27 23:17 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-06-27 23:16 . 2008-07-11 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-06-27 23:12 . 2008-07-04 16:35 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\Avant Profiles
2008-06-27 22:59 . 2008-07-13 09:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 12:37 . 2008-06-27 12:38 <DIR> d-------- C:\Program Files\iTunes
2008-06-27 12:37 . 2008-06-27 12:37 <DIR> d-------- C:\Program Files\iPod
2008-06-27 12:21 . 2008-06-27 12:21 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-27 12:20 . 2008-06-27 12:20 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-27 12:20 . 2008-06-27 12:20 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-27 11:53 . 2008-06-27 11:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-27 11:53 . 2008-06-27 11:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-26 22:00 . 2008-06-27 19:07 1,727,840 --ahs---- C:\WINDOWS\system32\odgdvkiq.ini
2008-06-26 00:12 . 2008-06-26 00:16 <DIR> d-------- C:\Program Files\Peggle
2008-06-26 00:12 . 2008-06-26 00:12 <DIR> d-------- C:\Program Files\BFG
2008-06-23 23:18 . 2008-06-23 23:18 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-23 23:18 . 2008-06-26 03:36 <DIR> d-------- C:\Program Files\Peggle Deluxe
2008-06-23 23:14 . 2008-06-26 03:36 <DIR> d-------- C:\Program Files\PacBomber

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 19:35 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-13 14:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-11 23:10 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-07-11 20:23 --------- d-----w C:\Program Files\Avant Browser
2008-07-08 07:23 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-28 03:22 --------- d-----w C:\Program Files\Google
2008-06-28 03:12 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\Avant Browser
2008-06-27 19:13 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\Apple Computer
2008-06-27 16:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-27 16:34 --------- d-----w C:\Program Files\Bonjour
2008-06-27 16:31 --------- d-----w C:\Program Files\QuickTime
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 22:20 --------- d-----w C:\Program Files\AhnLab
2008-05-28 20:28 --------- d-----w C:\Program Files\Mystery Case Files Ravenhearst
2008-05-26 20:41 --------- d-----w C:\Program Files\Mystery Case Files Prime Suspects
2008-05-23 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 02:21 --------- d-----w C:\Program Files\Manga Studio3 EX
2008-05-20 02:14 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\CELSYS
2008-05-19 23:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-19 23:20 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\AdobeUM
2008-05-18 06:55 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\e frontier
2008-05-18 06:45 --------- d-----w C:\Program Files\America Online 9.0
2008-05-17 05:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-17 05:29 --------- d-----w C:\Program Files\Microsoft Works
2008-05-17 05:28 --------- d-----w C:\Program Files\MSBuild
2008-05-17 05:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-17 05:15 --------- d-----w C:\Program Files\MagicISO
2008-05-17 03:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-17 01:53 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-17 00:32 --------- d-----w C:\Program Files\portalgraphics
2008-05-15 18:07 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\Leadertech
2008-05-15 18:02 --------- d-----w C:\Program Files\Atari
2008-05-13 07:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-13 07:02 --------- d-----w C:\Program Files\Windows Live
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 20:14 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-30 20:14 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-03-01 05:45 198 -c--a-w C:\Documents and Settings\Bienna Song\Application Data\wklnhst.dat
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-12_21.18.26.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
- 2008-07-12 22:55:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-13 19:45:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-13 22:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-13 22:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-13 22:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-13 22:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-13 22:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-13 22:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-13 21:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-02-12 20:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dat
+ 2007-07-11 16:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2007-08-13 22:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-13 22:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2007-08-13 22:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-13 22:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2007-08-13 22:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-13 22:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-13 22:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2007-08-13 22:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2007-08-13 22:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-13 22:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-13 22:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-13 22:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-13 22:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-13 22:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-13 22:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2006-10-27 00:42:36 8,423,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
- 2008-05-17 07:08:11 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-07-13 14:05:38 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-17 07:08:12 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-13 14:05:39 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-17 07:08:11 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-07-13 14:05:38 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-17 07:08:11 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-07-13 14:05:38 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-17 07:08:12 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-13 14:05:38 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-17 07:08:12 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-13 14:05:39 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-17 07:08:12 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-13 14:05:39 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-17 07:08:11 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-13 14:05:38 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-17 07:08:12 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-13 14:05:38 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-17 07:08:12 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-13 14:05:39 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-17 07:08:12 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-13 14:05:39 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-17 07:08:11 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-13 14:05:38 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-08-13 22:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-13 22:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-13 22:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 22:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 22:39:26 152,064 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-13 22:39:54 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-13 21:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-13 22:39:50 382,976 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-13 22:39:10 43,008 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 22:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-26 11:59:50 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll
- 2007-08-13 22:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-13 22:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 22:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-13 22:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 22:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-13 22:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 22:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-13 22:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-08-13 22:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-13 22:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-13 22:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-13 22:36:26 61,952 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-13 22:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-13 22:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-13 22:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-13 21:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 20:10:12 2,451,312 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 16:27:48 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-13 22:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 22:54:10 6,049,280 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-13 22:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-13 22:34:04 266,752 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-13 22:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-13 22:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-10 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2007-08-13 22:54:10 458,752 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-13 22:54:10 50,688 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 22:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-13 22:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-13 22:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-13 22:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-13 22:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-08-13 22:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-07-12 22:55:54 70,451 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-07-13 19:46:00 70,451 ----a-w C:\WINDOWS\system32\tablet.dat
- 2007-08-13 22:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-13 22:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-13 22:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 21:37 151552]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-11 16:11 1232152]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-10 08:00 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 08:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-07-21 13:00 1836544 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-06-27 22:59 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"AhnLab Task Scheduler"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aim6.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\WINDOWS\\system32\\pdrtvsvr.exe"=
"C:\\WINDOWS\\system32\\grdmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\WIZET\\MapleStory\\NewPatcher.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13369:TCP"= 13369:TCP:BitComet 13369 TCP
"13369:UDP"= 13369:UDP:BitComet 13369 UDP
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
"58786:TCP"= 58786:TCP:BitComet 58786 TCP
"58786:UDP"= 58786:UDP:BitComet 58786 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-11 16:12]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S3 gwiopm;gwiopm;D:\gwiopm.sys []
S4 AhnLab Task Scheduler;AhnLab Task Scheduler;C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2008-01-28 21:23]
S4 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 16:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae56336-cc70-11dc-b6f6-0013028a229b}]
\Shell\AutoRun\command - servet.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b81295a-c055-11db-b684-00038a000015}]
\Shell\Auto\command - G:\printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f788d6f8-bf26-11dc-b6ef-0013028a229b}]
\Shell\AutoRun\command - ek.com
\Shell\explore\Command - ek.com
\Shell\open\Command - ek.com

.
Contents of the 'Scheduled Tasks' folder
"2008-07-02 19:26:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-13 19:55:35 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-11 19:48:21 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 15:55:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-13 16:03:28
ComboFix-quarantined-files.txt 2008-07-13 20:03:05
ComboFix2.txt 2008-07-13 01:19:19

Pre-Run: 8,360,914,944 bytes free
Post-Run: 8,351,100,928 bytes free

445 --- E O F --- 2008-07-13 14:06:59


Kaspersky's Log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 13, 2008 21:22:37
Records in database: 949078
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 236572
Threat name: 4
Infected objects: 33
Suspicious objects: 0
Duration of the scan: 04:46:40


File name / Threat name / Threats count
C:\Documents and Settings\Bienna Song\My Documents\+ Downloads +\+ Exe +\atsetup.exe Infected: not-a-virus:AdTool.Win32.WhenU.k 1
C:\Program Files\MyPlayCity.com\Advanced Tetric\MeMediaSetupInst.exe Infected: not-a-virus:AdTool.Win32.WhenU.k 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bpdocnfr.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\catsrvp.dll.vir Infected: Rootkit.Win32.Podnuha.il 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cqsxoaiw.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ddkdcclo.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\eabvyjrr.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ejjfxhmw.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\exmkcbso.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fatxgiwu.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\forbsi.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fwmesqpd.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gidyhr.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\grwech.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hmmtas.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jtdadsmf.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ncovxqge.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nxdpppoa.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\oeztjg.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\patwys.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pymjbqhm.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qhosibdk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qlwyduxd.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\renazs.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sixbitpk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\spogsl.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\teqpds.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tshicsnh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aaas 1
C:\QooBox\Quarantine\C\WINDOWS\system32\utlvve.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wvgcjofx.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wvjzxj.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xxfjowep.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yesxuctu.dll.vir Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:17 AM

Posted 14 July 2008 - 09:48 AM

We're just about there. :thumbsup:

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\Documents and Settings\Bienna Song\My Documents\+ Downloads +\+ Exe +\atsetup.exe 
C:\Program Files\MyPlayCity.com\Advanced Tetric\MeMediaSetupInst.exe
G:\printer.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae56336-cc70-11dc-b6f6-0013028a229b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b81295a-c055-11db-b684-00038a000015}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f788d6f8-bf26-11dc-b6ef-0013028a229b}]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


==================


Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



Also post a new log from DSS.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 songbee

songbee
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 16 July 2008 - 06:27 PM

Hi!
Sorry it's been awhile.
I had to use my computer for stuff, which I couldn't have done with Combofix on or with the internet off.

My computer is still very very very slow....
I'm thinking it's partially because of spyware doctor and AVG running.
(I think my comp started to get slower when I initially installed Ahnlab V3)
Anywho thanks for all your help thus far, and here's the log:


ComboFix 08-07-12.1 - Bienna Song 2008-07-16 18:40:51.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.139 [GMT -4:00]
Running from: C:\Documents and Settings\Bienna Song\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bienna Song\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Bienna Song\My Documents\+ Downloads +\+ Exe +\atsetup.exe
C:\Program Files\MyPlayCity.com\Advanced Tetric\MeMediaSetupInst.exe
G:\printer.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bienna Song\My Documents\+ Downloads +\+ Exe +\atsetup.exe
C:\Program Files\MyPlayCity.com\Advanced Tetric\MeMediaSetupInst.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-12 21:29 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-12 21:29 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-12 21:29 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-12 21:29 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-12 21:29 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-12 21:29 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-12 21:29 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-12 21:29 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-12 21:29 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-12 15:30 . 2008-07-12 15:30 <DIR> d-------- C:\Documents and Settings\Bienna Song\dwhelper
2008-07-12 11:52 . 2008-07-12 11:52 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\Malwarebytes
2008-07-12 11:52 . 2008-07-12 11:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 11:52 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-12 11:52 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-12 11:51 . 2008-07-12 11:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 21:38 . 2008-07-11 21:38 <DIR> d----c--- C:\Deckard
2008-07-11 19:10 . 2008-07-16 02:38 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-07-11 16:23 . 2008-07-11 16:22 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-11 16:22 . 2008-07-11 16:25 <DIR> d-------- C:\Documents and Settings\Bienna Song\.housecall6.6
2008-07-11 16:20 . 2008-07-11 16:20 <DIR> d-------- C:\Program Files\CCleaner
2008-07-11 16:12 . 2008-07-16 08:01 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-11 16:12 . 2008-07-12 08:23 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\AVGTOOLBAR
2008-07-11 16:12 . 2008-07-11 16:12 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-11 16:12 . 2008-07-11 16:12 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-11 16:11 . 2008-07-11 16:11 <DIR> d-------- C:\Program Files\AVG
2008-07-11 16:11 . 2008-07-11 16:11 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-11 15:46 . 2008-07-11 15:46 <DIR> d----c--- C:\fsaua.data
2008-07-11 09:41 . 2008-07-11 09:41 <DIR> d-------- C:\Program Files\Lavalys
2008-07-11 09:01 . 2008-07-11 09:01 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-07 00:20 . 2008-07-07 00:20 <DIR> d-------- C:\WINDOWS\LOG
2008-07-04 15:01 . 2008-07-11 17:23 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-27 23:27 . 2008-07-16 08:05 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-27 23:27 . 2008-06-27 23:27 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\PC Tools
2008-06-27 23:27 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-27 23:27 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-27 23:27 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-27 23:27 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-27 23:19 . 2008-06-27 23:19 <DIR> d-------- C:\Program Files\Picasa2
2008-06-27 23:17 . 2008-06-27 23:17 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-06-27 23:16 . 2008-07-11 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-06-27 23:12 . 2008-07-04 16:35 <DIR> d-------- C:\Documents and Settings\Bienna Song\Application Data\Avant Profiles
2008-06-27 22:59 . 2008-07-15 18:08 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 12:37 . 2008-06-27 12:38 <DIR> d-------- C:\Program Files\iTunes
2008-06-27 12:37 . 2008-06-27 12:37 <DIR> d-------- C:\Program Files\iPod
2008-06-27 12:21 . 2008-06-27 12:21 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-27 12:20 . 2008-06-27 12:20 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-27 12:20 . 2008-06-27 12:20 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-27 11:53 . 2008-06-27 11:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-27 11:53 . 2008-06-27 11:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-26 22:00 . 2008-06-27 19:07 1,727,840 --ahs---- C:\WINDOWS\system32\odgdvkiq.ini
2008-06-26 00:12 . 2008-06-26 00:16 <DIR> d-------- C:\Program Files\Peggle
2008-06-26 00:12 . 2008-06-26 00:12 <DIR> d-------- C:\Program Files\BFG
2008-06-23 23:18 . 2008-06-23 23:18 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-23 23:18 . 2008-06-26 03:36 <DIR> d-------- C:\Program Files\Peggle Deluxe
2008-06-23 23:14 . 2008-06-26 03:36 <DIR> d-------- C:\Program Files\PacBomber

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 22:32 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-13 14:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-11 23:10 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-07-11 20:23 --------- d-----w C:\Program Files\Avant Browser
2008-07-08 07:23 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-28 03:22 --------- d-----w C:\Program Files\Google
2008-06-28 03:12 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\Avant Browser
2008-06-27 19:13 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\Apple Computer
2008-06-27 16:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-27 16:34 --------- d-----w C:\Program Files\Bonjour
2008-06-27 16:31 --------- d-----w C:\Program Files\QuickTime
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 22:20 --------- d-----w C:\Program Files\AhnLab
2008-05-28 20:28 --------- d-----w C:\Program Files\Mystery Case Files Ravenhearst
2008-05-26 20:41 --------- d-----w C:\Program Files\Mystery Case Files Prime Suspects
2008-05-23 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 02:21 --------- d-----w C:\Program Files\Manga Studio3 EX
2008-05-20 02:14 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\CELSYS
2008-05-19 23:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-19 23:20 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\AdobeUM
2008-05-18 06:55 --------- d-----w C:\Documents and Settings\Bienna Song\Application Data\e frontier
2008-05-18 06:45 --------- d-----w C:\Program Files\America Online 9.0
2008-05-17 05:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-17 05:29 --------- d-----w C:\Program Files\Microsoft Works
2008-05-17 05:28 --------- d-----w C:\Program Files\MSBuild
2008-05-17 05:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-17 05:15 --------- d-----w C:\Program Files\MagicISO
2008-05-17 03:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-17 01:53 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-17 00:32 --------- d-----w C:\Program Files\portalgraphics
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 20:14 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-30 20:14 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-03-01 05:45 198 -c--a-w C:\Documents and Settings\Bienna Song\Application Data\wklnhst.dat
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
.

((((((((((((((((((((((((((((( snapshot_2008-07-13_16.02.49.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 19:45:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-16 22:26:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-07-13 19:46:00 70,451 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-07-16 22:27:05 70,451 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 21:37 151552]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-11 16:11 1232152]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-10 08:00 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 08:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aim6.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\WINDOWS\\system32\\pdrtvsvr.exe"=
"C:\\WINDOWS\\system32\\grdmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\WIZET\\MapleStory\\NewPatcher.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13369:TCP"= 13369:TCP:BitComet 13369 TCP
"13369:UDP"= 13369:UDP:BitComet 13369 UDP
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
"58786:TCP"= 58786:TCP:BitComet 58786 TCP
"58786:UDP"= 58786:UDP:BitComet 58786 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-11 16:12]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2008-01-28 21:23]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S3 gwiopm;gwiopm;D:\gwiopm.sys []
S4 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 16:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 19:26:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-16 22:55:06 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-11 19:48:21 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 18:46:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-16 18:57:22
ComboFix-quarantined-files.txt 2008-07-16 22:57:00
ComboFix2.txt 2008-07-13 20:03:30
ComboFix3.txt 2008-07-13 01:19:19

Pre-Run: 8,103,186,432 bytes free
Post-Run: 8,180,494,336 bytes free

225 --- E O F --- 2008-07-15 03:08:08

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:17 AM

Posted 17 July 2008 - 10:01 AM

You can not run two antivirus programs at the same time. At best it will cause the sluggishness that you are experiencing, but the programs could also conflict and cause serious issues.

Please uninstall Ahnlab or AVG8.

Spyware Doctor is a good program to have if you have the full version. If you are running the trial version that doesn't actually remove anything, you are better off just uninstalling it also.


Please post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 songbee

songbee
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 17 July 2008 - 05:20 PM

I'd read somewhere on this forum (from the link I posted in my first post) that It was bad to have two antivirus programs, so I uninstalled Ahnlab and installed AVG in it's place.
And as for Spydoctor, I have the full version (it JUST completed a scan and fixed 43 infections...so i'm pretty sure it's the full version)

The lagging's gotten a little bit better.....
but I wish it would be a bit faster....
maybe I'll have to free up a bit more of the memory.

Sorry, forgot about DSS. Here's the log:
Deckard's System Scanner v20071014.68
Run by Bienna Song on 2008-07-17 18:13:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 502 MiB (512 MiB recommended).
System Drive C: has 7.39 GiB (less than 15%) free.


-- HijackThis (run as Bienna Song.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:40 PM, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Bienna Song\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\BIENNA~1\Desktop\SYSTEM~1\BIENNA~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {06DAFE64-57FC-48D9-A69E-12C2599DC524} (POLYplay Control) - http://www.smtown.com/MediaService/supply/polyplay.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2D4411C2-5F0F-4182-9599-30CF9B4FB2EE} (PhotoX Class) - http://www.encyber.com/search_w/editor/TABSPhotoEditor.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.c...ersion=1,0,0,10
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://music.godpeople.com/MagicLockOCX.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...206/SBStart.CAB
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,5
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://dfgfile.com/online_games/DinerDash/...sh.1.0.0.58.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12421 bytes

-- Files created between 2008-06-17 and 2008-07-17 -----------------------------

2008-07-12 18:36:00 68096 --a------ C:\WINDOWS\zip.exe
2008-07-12 18:36:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-12 18:36:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-12 18:36:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-12 18:36:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-12 18:36:00 98816 --a------ C:\WINDOWS\sed.exe
2008-07-12 18:36:00 80412 --a------ C:\WINDOWS\grep.exe
2008-07-12 18:36:00 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-12 15:30:14 0 d-------- C:\Documents and Settings\Bienna Song\dwhelper
2008-07-12 11:52:33 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Malwarebytes
2008-07-12 11:52:01 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 11:51:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 19:10:16 0 d--h---c- C:\$AVG8.VAULT$
2008-07-11 17:30:49 0 d-------- C:\WINDOWS\pss
2008-07-11 16:22:39 0 d-------- C:\Documents and Settings\Bienna Song\.housecall6.6
2008-07-11 16:20:09 0 d-------- C:\Program Files\CCleaner
2008-07-11 16:12:03 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-11 16:12:01 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\AVGTOOLBAR
2008-07-11 16:11:37 0 d-------- C:\Program Files\AVG
2008-07-11 16:11:36 0 d------c- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-11 15:46:47 0 d------c- C:\fsaua.data
2008-07-11 09:41:21 0 d-------- C:\Program Files\Lavalys
2008-07-11 09:01:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-07 00:20:21 0 d-------- C:\WINDOWS\LOG
2008-07-04 15:01:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-29 09:59:30 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Google
2008-06-27 23:27:48 0 d-------- C:\Program Files\Spyware Doctor
2008-06-27 23:27:48 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\PC Tools
2008-06-27 23:19:15 0 d-------- C:\Program Files\Picasa2
2008-06-27 23:17:49 0 d-------- C:\WINDOWS\system32\runtime
2008-06-27 23:16:46 0 d-------- C:\Program Files\Norton Security Scan
2008-06-27 23:12:54 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Avant Profiles
2008-06-27 22:59:37 0 d------c- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 12:37:45 0 d-------- C:\Program Files\iPod
2008-06-27 12:37:20 0 d-------- C:\Program Files\iTunes
2008-06-27 12:21:47 0 d-------- C:\Program Files\Apple Software Update
2008-06-27 12:20:07 0 d-------- C:\Program Files\Common Files\Apple
2008-06-27 12:20:06 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-26 00:12:54 0 d-------- C:\Program Files\Peggle
2008-06-26 00:12:54 0 d-------- C:\Program Files\BFG
2008-06-23 23:18:52 0 d-------- C:\Program Files\Peggle Deluxe
2008-06-23 23:18:40 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-23 23:14:37 0 d-------- C:\Program Files\PacBomber


-- Find3M Report ---------------------------------------------------------------

2008-07-17 15:50:58 70451 --a------ C:\WINDOWS\system32\tablet.dat
2008-07-17 15:50:14 8405015 --a------ C:\WINDOWS\TempFile
2008-07-11 19:10:18 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2008-07-11 16:23:39 0 d-------- C:\Program Files\Avant Browser
2008-07-11 15:52:30 0 d-------- C:\Program Files\Common Files
2008-06-27 23:22:42 0 d-------- C:\Program Files\Google
2008-06-27 23:12:28 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Avant Browser
2008-06-27 15:13:03 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Apple Computer
2008-06-27 12:34:21 0 d-------- C:\Program Files\Bonjour
2008-06-27 12:31:00 0 d-------- C:\Program Files\QuickTime
2008-06-25 23:44:07 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\Mozilla
2008-06-06 19:30:41 5 --a------ C:\Documents and Settings\Bienna Song\Application Data\openList.awt
2008-06-06 19:30:41 9118 --a------ C:\Documents and Settings\Bienna Song\Application Data\closedList.awt
2008-06-06 18:20:51 0 d-------- C:\Program Files\AhnLab
2008-05-28 16:28:11 0 d-------- C:\Program Files\Mystery Case Files Ravenhearst
2008-05-26 16:41:39 0 d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-05-23 14:50:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-19 22:21:17 0 d-------- C:\Program Files\Manga Studio3 EX
2008-05-19 22:14:10 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\CELSYS
2008-05-19 19:22:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 19:20:13 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\AdobeUM
2008-05-18 02:55:13 0 d-------- C:\Documents and Settings\Bienna Song\Application Data\e frontier
2008-05-18 02:45:51 0 d-------- C:\Program Files\America Online 9.0
2008-05-17 01:36:59 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 01:29:08 0 d-------- C:\Program Files\Microsoft Works
2008-05-17 01:28:41 0 d-------- C:\Program Files\MSBuild
2008-05-17 01:26:54 0 d-------- C:\Program Files\Microsoft.NET
2008-05-17 01:15:45 0 d-------- C:\Program Files\MagicISO


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/11/2008 04:11 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/11/2008 04:11 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 09:37 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/11/2008 04:11 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"




-- End of Deckard's System Scanner: finished at 2008-07-17 18:15:57 ------------

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:17 AM

Posted 18 July 2008 - 07:26 AM

Yeah, if Spyware Doctor is fixing and removing things then you have the full version, which is a very good program to have. :)

I still see signs of Ahnlab in your log, so it didn't uninstall completely.

Click Start > Run and type these commands hitting enter after each one:

sc stop AhnLab Task Scheduler

sc delete AhnLab Task Scheduler



Then you'll want to delete this folder.

C:\Program Files\AhnLab



Aside from that, your log is looking pretty good to me.


To continue to speed things up you can uninstall Viewpoint and anything from AOL that you don't need.
Those are both resource hogs that I see running in your processes.


You can also read through this guide for some further suggestions to speed up your computer.
http://users.telenet.be/bluepatchy/miekiem...owcomputer.html



Here are some final steps for you.



First, your log shows that you don't have the recovery console installed.
Check this link for more info on the recovery console and how to get it installed.

How to install and use the Windows XP Recovery Console



===================



Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 songbee

songbee
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 18 July 2008 - 09:55 AM

Yay!!! :thumbsup:
Thank you!

I've been wanting to get AOL out of my system for a long time :), and didn't know how to get Ahnlab out.
Thanks for your advice and all your hard work!!! :) :)

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:17 AM

Posted 19 July 2008 - 07:39 AM

Glad I could help out! :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:17 AM

Posted 27 July 2008 - 07:31 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users