Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Insurmountable Problems With My System


  • This topic is locked This topic is locked
6 replies to this topic

#1 Khevinet

Khevinet

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Korea
  • Local time:07:13 PM

Posted 27 July 2008 - 09:31 AM

I have been having a lot of slowdown over the last few weeks. I transport a lot of files from work to home, and the work server is very insecure, so I believe it may be a problem on that end. Below is my log. Any help would be much appreciated.

Thanks,

__________________________________________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:31 PM, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ModulerSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\CleanSearchEx\WinIEProtector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\James Leborgne\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: easykey - {CAD2484D-6D58-858D-F48A-CABAC5757DCA} - c:\program files\easykey\easykey.dll
O3 - Toolbar: easykey - {CAD2484D-6D58-858D-F48A-CABAC5757DCA} - c:\program files\easykey\easykey.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Windows IE Protector System] C:\Program Files\CleanSearchEx\CSUpdate.exe
O4 - HKLM\..\Run: [pointup] C:\Program Files\point-up\pointup.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: directkey - {3548DCFA-FE35-435D-34DA-B175FAEF1685} - c:\PROGRA~1\DIRECT~1\DIRECT~1.DLL
O9 - Extra 'Tools' menuitem: directkey - {3548DCFA-FE35-435D-34DA-B175FAEF1685} - c:\PROGRA~1\DIRECT~1\DIRECT~1.DLL
O9 - Extra button: AIƮA?E - {37785D32-1604-410b-BF6E-82E65C67DB6C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AIƮA?E - {37785D32-1604-410b-BF6E-82E65C67DB6C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: easykey - {ED157DAB-B415-DF48-48DA-4A8D5F48DABC} - c:\program files\easykey\easykey.dll
O9 - Extra 'Tools' menuitem: easykey - {ED157DAB-B415-DF48-48DA-4A8D5F48DABC} - c:\program files\easykey\easykey.dll
O15 - Trusted Zone: http://*.wedisk.co.kr
O15 - Trusted Zone: http://*.wedisk.net
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg5.cyworld.nate.com/ImageUpload...mageUpload2.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.com/ActiveX/OrangeFileBox.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18D63578-EA2F-4A59-A49A-7F62E6B3DF3E} (ImP3 Control) - http://activexdown.paran.com/paranactivex/data/ImP3.cab
O16 - DPF: {1ABB898B-8A1A-40CB-8DE7-DAF5E560E814} (DSubActX Control) - http://cab1.diskster.com/recab/DSubActX.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {32D94A9F-9A18-4E12-863D-8AABA8CBDA78} (NateOnMMSAtx3 Class) - http://sms.nate.com/NateOnMMS_AX3.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUp..._XPayMPIOCX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200229428578
O16 - DPF: {7513B187-5954-4C64-ABF4-E652FE899F24} (Wedisk Control) - http://www.wedisk.co.kr/app/WeDisk.cab
O16 - DPF: {788649EC-2622-4EE8-84A3-F49F6AA8399C} (QuizHelperCtrl Class) - http://www.activetutor.net/pub/cabs/quizhe.../QuizHelper.cab
O16 - DPF: {7C09DD8F-D1C6-4315-AE96-AC328FDF734B} (KTActiveX Control) - http://support.kornet.net/sw5/order/Speed/cab/KTActiveX.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://xecure.kbstar.com/xecure/xw_install_v7202.cab
O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} (MABugsDownload Control) - http://www.csafer.net/activex/mabugsdownload.cab
O16 - DPF: {8D88D553-E13C-492E-BC64-2DAF12782A81} (AClientChecker.AxAClientChecker) - http://image.cdi.co.kr/ibtprep/install/web...ientChecker.CAB
O16 - DPF: {913BF18F-672D-4676-9855-F9A192A88886} (IMBCContents Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {91A6D076-F1AA-44DC-9825-9F7DE41E2398} (WooricyMap Control) - http://traffic.local.naver.com/Traffic_bro...p(1,0,0,23).cab
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.cinewel.com/down/MagicLockOCX.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://k-defence.kbstar.com/kings/kdfx/kdfx238/kdfense8.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...206/SBStart.CAB
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3player/...ge/pdrtvset.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
O16 - DPF: {E3EAC26D-891F-499A-9C38-D8F165DE02B8} (SsoAccess Class) - http://www.daegu.go.kr/SSODemo/ssoObject/SsoAccess.cab
O16 - DPF: {F1149E8A-79EB-4859-835E-95432B72FEA2} (AnycallLAND_DownCheck Control) - http://img.anycall.com/anycall/support/act...nCheckProj1.cab
O16 - DPF: {F36C3235-C4AF-409F-B6A1-4F96BB1B533E} (CyGlobalCtl Class) - http://fs1.us.cyworld.com/common/activex/CyGlobal.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CoolGate Helper - Unknown owner - C:\Program Files\Samsung\AnyPC\APSvc.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ModulerSvc - ANIJCORP - C:\WINDOWS\system32\ModulerSvc.exe
O23 - Service: PCI Adapter (PCIDown) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: servcproc - Unknown owner - C:\WINDOWS\system32\srvany.exe

--
End of file - 13090 bytes

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 PM

Posted 08 August 2008 - 12:25 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I don't think that you are attaching anything scary but others may do so. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 Khevinet

Khevinet
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Korea
  • Local time:07:13 PM

Posted 09 August 2008 - 10:45 AM

here are both of the new logs :


-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1278.48 MiB / 627.29 MiB
Pagefile Memory (total/avail): 1898.24 MiB / 1461.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.57 MiB

C: is Fixed (NTFS) - 93.15 GiB total, 9.08 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHU2100AT - 93.16 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 93.15 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.526 v7.5.526 (Grisoft) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"="C:\\Program Files\\NATEON\\BIN\\NateOnMain.exe:*:Enabled:NATE ON"
"C:\\WINDOWS\\system32\\skcbgm.exe"="C:\\WINDOWS\\system32\\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:μTorrent"
"C:\\Program Files\\NATEON\\Addin\\7AEF7E74-08E8-47b9-96F3-BC4A07E4D5E8\\AVChatAgent.exe"="C:\\Program Files\\NATEON\\Addin\\7AEF7E74-08E8-47b9-96F3-BC4A07E4D5E8\\AVChatAgent.exe:*:Enabled:NATEON AVCHAT"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\pdrtvsvr.exe"="C:\\WINDOWS\\system32\\pdrtvsvr.exe:*:Enabled:PandoraTV VoD Control"
"C:\\WINDOWS\\system32\\BugsSvr.exe"="C:\\WINDOWS\\system32\\BugsSvr.exe:*:Enabled:Bugs Music Player Control"
"C:\\WINDOWS\\system32\\WeDiskDownLoad.exe"="C:\\WINDOWS\\system32\\WeDiskDownLoad.exe:*:Enabled:WediskDownload MFC 응용 프로그램"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\James Leborgne\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JAMES1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\James Leborgne
LOGONSERVER=\\JAMES1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem";C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JAMESL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JAMESL~1\LOCALS~1\Temp
USERDOMAIN=JAMES1
USERNAME=James Leborgne
USERPROFILE=C:\Documents and Settings\James Leborgne
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

James Leborgne (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0412-0000-0000000FF1CE} /uninstall {39E88C10-B79B-445C-BD25-1EA6815BFCEE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0412-0000-0000000FF1CE} /uninstall {39E88C10-B79B-445C-BD25-1EA6815BFCEE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0412-0000-0000000FF1CE} /uninstall {39E88C10-B79B-445C-BD25-1EA6815BFCEE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0412-0000-0000000FF1CE} /uninstall {39E88C10-B79B-445C-BD25-1EA6815BFCEE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0412-0000-0000000FF1CE} /uninstall {39E88C10-B79B-445C-BD25-1EA6815BFCEE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0412-0000-0000000FF1CE} /uninstall {39E88C10-B79B-445C-BD25-1EA6815BFCEE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0412-0000-0000000FF1CE} /uninstall {C7466D9B-B03F-4FEE-B7B4-BE8C8DCF5792}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0028-0412-0000-0000000FF1CE} /uninstall {32F6FF38-FD94-4667-AC0D-DB3F599DCD84}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0412-0000-0000000FF1CE} /uninstall {39E88C10-B79B-445C-BD25-1EA6815BFCEE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0412-0000-0000000FF1CE} /uninstall {29704606-37B4-4C6E-A773-B590E5421128}
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Advanced Registry Optimizer --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe" /silent
AnyPC --> C:\Program Files\InstallShield Installation Information\{DA58507B-5710-4F7C-8363-C1312788CAC2}\setup.exe
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Camera Suite 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x12
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 802.11 Wireless LAN Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Browser Professional Pack v1.3.1 --> C:\Program Files\fanmae\faninit.exe uninst
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
ComicViewerComicPlus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF00A9D7-DA1D-4156-88C5-614179F52CFE}\setup.exe" -l0x12
Compaq Presario r4000 User Guides --> C:\PROGRA~1\CPQ\UNWISE.EXE C:\PROGRA~1\CPQ\INSTALL.LOG
Conexant AC-Link Audio --> CIAunwdm.exe
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C\HXFSETUP.EXE -U -Icpl30855.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 2.9.7.2 --> "C:\Program Files\DVDFab Decrypter\unins000.exe"
DVDFab HD Decrypter 3.1.3.2 --> "C:\Program Files\DVDFab HD Decrypter 3\unins000.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
G마켓 호통맞고 --> C:\WINDOWS\system32\kUnins.exe Gmarket_HotongMatgo
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hangul Viewer 2002 --> MsiExec.exe /I{64BA2986-C58A-44F1-A0C0-BFF47BE06DF6}
HijackThis 2.0.2 --> "C:\Documents and Settings\James Leborgne\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Pavillion zv6000 User Guides --> C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP Wireless Assistant 1.01 A3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\All Users\Application Data\IJJIGame\uninst.exe
Internet Explorer Guide Update --> C:\Program Files\EGSearch\uninstall.exe
InterVideo DVD Check --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
Lexmark Z600 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Magic ISO Maker v5.1 (build 0185) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam --> MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Access MUI (Korean) 2007 --> MsiExec.exe /X{90120000-0015-0412-0000-0000000FF1CE}
Microsoft Office Excel MUI (Korean) 2007 --> MsiExec.exe /X{90120000-0016-0412-0000-0000000FF1CE}
Microsoft Office IME (Korean) 2007 --> MsiExec.exe /X{90120000-0028-0412-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Korean) 2007 --> MsiExec.exe /X{90120000-0044-0412-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Korean) 2007 --> MsiExec.exe /X{90120000-001A-0412-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Korean) 2007 --> MsiExec.exe /X{90120000-0018-0412-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Korean) 2007 --> MsiExec.exe /X{90120000-001F-0412-0000-0000000FF1CE}
Microsoft Office Proofing (Korean) 2007 --> MsiExec.exe /X{90120000-002C-0412-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Korean) 2007 --> MsiExec.exe /X{90120000-0019-0412-0000-0000000FF1CE}
Microsoft Office Shared MUI (Korean) 2007 --> MsiExec.exe /X{90120000-006E-0412-0000-0000000FF1CE}
Microsoft Office Word MUI (Korean) 2007 --> MsiExec.exe /X{90120000-001B-0412-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
muvee autoProducer 4.0 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x12
nProtect KeyCrypt --> C:\WINDOWS\system32\npkuninst.exe
On the Rain-Slick Precipice of Darkness, Episode One --> C:\Program Files\Hothead Games\Precipice of Darkness\uninstall.exe
Pointup cashback (Joyhunting) --> C:\Program Files\point-up\uninstall.exe
Quick Launch Buttons 5.10 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
SafeSignOn Client Module --> C:\Program Files\SoftForum\SafeSignOn\SsoAccessSetup.exe -u
SearchPop --> C:\Program Files\SPack\sp_uninstall.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Skype 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
T-Client CDI edition --> MsiExec.exe /X{A14EFE38-887C-43DB-BCA1-688DDF7C4CBD}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1042
Thumbplug TGA --> C:\WINDOWS\Thumbplug TGA Uninstaller.exe
TorrentSpy Rufus --> "C:\Program Files\TorrentSpy Rufus\unins000.exe"
ToToBrowser verion 2 --> "C:\Program Files\ToToBrowser\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
UserGuides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x9
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Veoh Player --> C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows-WebProtect --> C:\WINDOWS\system32\wpuninstall.exe
Windows Direct Web --> C:\Program Files\dweb\uninstall.exe
Windows Directkey Object --> C:\Program Files\directkey\uninst.exe
Windows doublepoint --> C:\Program Files\doublepoint\uninstall.exe
Windows Easykey Helper --> C:\Program Files\easykey\uninst.exe
Windows IE Address As Point-Url --> C:\Program Files\PointUrl\Uninstall.exe
Windows IE Driver for tbshield --> C:\Program Files\tbshield\uninstall.exe
Windows IE Protector System --> "C:\WINDOWS\UninstallCleanSearch.exe"
Windows Keyword Search --> C:\Program Files\keywordsearch\uninstall.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows okcashbackmall Uninstall --> C:\Program Files\okcashreturn\uninstall.exe
windows reward --> C:\Program Files\nreward\uninstall.exe
windows side-bar --> C:\Program Files\nsidebar\uninstall.exe
windows sidebar Uninstall --> C:\Program Files\windows-sidebar\uninstall.exe
Windows Urldoumi Object --> C:\Program Files\urldoumi\uninst.exe
Windows Web Speed --> C:\Program Files\sync\uninstall.exe
Windows XP Security Folder System --> C:\Program Files\MyComGoPlus\Uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XecureWeb Control --> C:\Program Files\SoftForum\XecureWeb\xw_setup.exe -ui
XPayMPI 2.0.2.2 --> "C:\Program Files\SoftForum\XPayMPI\uninstall.exe"
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
μTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
네이트온 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697E41EA-AEBE-4B5F-884E-87B5CD6C70AC}\setup.exe" -l0x12 -removeonly
버전채커 삭제 --> "C:\Program Files\ANIJ\Joyhunting\VersionChecker\VersionChecker.exe" /u


-- Application Event Log -------------------------------------------------------

Event Record #/Type29334 / Success
Event Submitted/Written: 08/10/2008 00:24:39 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type29321 / Warning
Event Submitted/Written: 08/09/2008 11:56:17 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{63AFACBC-4795-4A1B-8037-5085DC03FC54}', feature 'DefaultFeature' failed during request for component '{2CA9FE85-C347-7581-FA41-778B9D5B3455}'

Event Record #/Type29320 / Warning
Event Submitted/Written: 08/09/2008 11:56:17 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{63AFACBC-4795-4A1B-8037-5085DC03FC54}', feature 'DefaultFeature', component '{A99782B2-EF33-FAB4-A234-61112AFC97BC}' failed. The resource 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LifeCam' does not exist.

Event Record #/Type29319 / Warning
Event Submitted/Written: 08/09/2008 11:56:17 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{63AFACBC-4795-4A1B-8037-5085DC03FC54}', feature 'DefaultFeature' failed during request for component '{2CA9FE85-C347-7581-FA41-778B9D5B3455}'

Event Record #/Type29318 / Warning
Event Submitted/Written: 08/09/2008 11:56:17 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{63AFACBC-4795-4A1B-8037-5085DC03FC54}', feature 'DefaultFeature', component '{A99782B2-EF33-FAB4-A234-61112AFC97BC}' failed. The resource 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LifeCam' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type158338 / Error
Event Submitted/Written: 08/10/2008 00:23:29 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The systemmycom service failed to start due to the following error:
%%2

Event Record #/Type158337 / Error
Event Submitted/Written: 08/10/2008 00:23:29 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The CoolGate Helper service failed to start due to the following error:
%%2

Event Record #/Type158313 / Error
Event Submitted/Written: 08/09/2008 11:27:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The systemmycom service failed to start due to the following error:
%%2

Event Record #/Type158312 / Error
Event Submitted/Written: 08/09/2008 11:27:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The CoolGate Helper service failed to start due to the following error:
%%2

Event Record #/Type158288 / Error
Event Submitted/Written: 08/09/2008 05:48:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The systemmycom service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-08-10 00:40:35 ------------

___________________________________________________________________________________________________

-- Last 5 Restore Point(s) --
45: 2008-08-09 15:19:29 UTC - RP635 - Deckard's System Scanner Restore Point
44: 2008-08-09 00:59:50 UTC - RP634 - System Checkpoint
43: 2008-08-07 23:14:52 UTC - RP633 - Software Distribution Service 3.0
42: 2008-08-07 00:12:24 UTC - RP632 - System Checkpoint
41: 2008-08-03 01:50:18 UTC - RP631 - System Checkpoint


-- First Restore Point --
1: 2008-05-05 13:40:27 UTC - RP591 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 9.08 GiB (less than 15%) free.


-- HijackThis (run as James Leborgne.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:53 AM, on 10/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ModulerSvc.exe
C:\Program Files\CleanSearchEx\WinIEProtector.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\James Leborgne\Desktop\dss.exe
C:\DOCUME~1\JAMESL~1\Desktop\James Leborgne.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: easykey - {CAD2484D-6D58-858D-F48A-CABAC5757DCA} - c:\program files\easykey\easykey.dll
O3 - Toolbar: easykey - {CAD2484D-6D58-858D-F48A-CABAC5757DCA} - c:\program files\easykey\easykey.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
O4 - HKLM\..\Run: [Windows IE Protector System] C:\Program Files\CleanSearchEx\CSUpdate.exe
O4 - HKLM\..\Run: [pointup] C:\Program Files\point-up\pointup.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: directkey - {3548DCFA-FE35-435D-34DA-B175FAEF1685} - c:\PROGRA~1\DIRECT~1\DIRECT~1.DLL
O9 - Extra 'Tools' menuitem: directkey - {3548DCFA-FE35-435D-34DA-B175FAEF1685} - c:\PROGRA~1\DIRECT~1\DIRECT~1.DLL
O9 - Extra button: AIƮA?E - {37785D32-1604-410b-BF6E-82E65C67DB6C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AIƮA?E - {37785D32-1604-410b-BF6E-82E65C67DB6C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: easykey - {ED157DAB-B415-DF48-48DA-4A8D5F48DABC} - c:\program files\easykey\easykey.dll
O9 - Extra 'Tools' menuitem: easykey - {ED157DAB-B415-DF48-48DA-4A8D5F48DABC} - c:\program files\easykey\easykey.dll
O15 - Trusted Zone: http://*.wedisk.co.kr
O15 - Trusted Zone: http://*.wedisk.net
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg5.cyworld.nate.com/ImageUpload...mageUpload2.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.com/ActiveX/OrangeFileBox.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18D63578-EA2F-4A59-A49A-7F62E6B3DF3E} (ImP3 Control) - http://activexdown.paran.com/paranactivex/data/ImP3.cab
O16 - DPF: {1ABB898B-8A1A-40CB-8DE7-DAF5E560E814} (DSubActX Control) - http://cab1.diskster.com/recab/DSubActX.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {32D94A9F-9A18-4E12-863D-8AABA8CBDA78} (NateOnMMSAtx3 Class) - http://sms.nate.com/NateOnMMS_AX3.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUp..._XPayMPIOCX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200229428578
O16 - DPF: {7513B187-5954-4C64-ABF4-E652FE899F24} (Wedisk Control) - http://www.wedisk.co.kr/app/WeDisk.cab
O16 - DPF: {788649EC-2622-4EE8-84A3-F49F6AA8399C} (QuizHelperCtrl Class) - http://www.activetutor.net/pub/cabs/quizhe.../QuizHelper.cab
O16 - DPF: {7C09DD8F-D1C6-4315-AE96-AC328FDF734B} (KTActiveX Control) - http://support.kornet.net/sw5/order/Speed/cab/KTActiveX.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://xecure.kbstar.com/xecure/xw_install_v7202.cab
O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} (MABugsDownload Control) - http://www.csafer.net/activex/mabugsdownload.cab
O16 - DPF: {8D88D553-E13C-492E-BC64-2DAF12782A81} (AClientChecker.AxAClientChecker) - http://image.cdi.co.kr/ibtprep/install/web...ientChecker.CAB
O16 - DPF: {913BF18F-672D-4676-9855-F9A192A88886} (IMBCContents Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {91A6D076-F1AA-44DC-9825-9F7DE41E2398} (WooricyMap Control) - http://traffic.local.naver.com/Traffic_bro...p(1,0,0,23).cab
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.cinewel.com/down/MagicLockOCX.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://k-defence.kbstar.com/kings/kdfx/kdfx238/kdfense8.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...206/SBStart.CAB
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3player/...ge/pdrtvset.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
O16 - DPF: {E3EAC26D-891F-499A-9C38-D8F165DE02B8} (SsoAccess Class) - http://www.daegu.go.kr/SSODemo/ssoObject/SsoAccess.cab
O16 - DPF: {F1149E8A-79EB-4859-835E-95432B72FEA2} (AnycallLAND_DownCheck Control) - http://img.anycall.com/anycall/support/act...nCheckProj1.cab
O16 - DPF: {F36C3235-C4AF-409F-B6A1-4F96BB1B533E} (CyGlobalCtl Class) - http://fs1.us.cyworld.com/common/activex/CyGlobal.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CoolGate Helper - Unknown owner - C:\Program Files\Samsung\AnyPC\APSvc.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ModulerSvc - ANIJCORP - C:\WINDOWS\system32\ModulerSvc.exe
O23 - Service: PCI Adapter (PCIDown) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: servcproc - Unknown owner - C:\WINDOWS\system32\srvany.exe

--
End of file - 12232 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\JAMESL~1\Desktop\backups\) ------------

backup-20070826-231230-678 O4 - HKLM\..\Run: [DoctorV] C:\Program Files\DoctorVaccineZ\DoctorVD.exe
backup-20070828-224343-466 O4 - HKLM\..\Run: [zeroscan] C:\Program Files\zeroscan\zeroscan_starter.exe
backup-20070828-224444-895 O18 - Protocol: ipp - (no CLSID) - (no file)
backup-20071019-021804-878 O4 - HKLM\..\Run: [coolcode] C:\Program Files\coolcode\coolcode.exe hidden
backup-20071020-104710-371 O4 - HKLM\..\Run: [vaccinespy] C:\Program Files\vaccinespy\vaccinespy_starter.exe
backup-20071020-104710-516 O4 - HKLM\..\Run: [vaccspy] C:\Windows\Config\vaccspy.exe
backup-20071022-124020-624 O9 - Extra button: -oμa - {4AB77F8D-8678-4923-9236-5236E411A3E4} - C:\Program Files\nreward\nreward.dll
backup-20071022-124020-918 O9 - Extra button: CashOn - {731B4EB2-B447-4108-86EB-6F9B6A46E576} - C:\PROGRA~1\CashOn\bin\NCBUTT~1.DLL (file missing)
backup-20071022-124021-389 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20071022-124021-404 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
backup-20071022-124021-486 O9 - Extra 'Tools' menuitem: urldoumi - {DF2487DA-4744-D4D4-F4AA-ABCCDCDA48CC} - c:\program files\urldoumi\urldoumi.dll (file missing)
backup-20071022-124021-924 O9 - Extra button: urldoumi - {DF2487DA-4744-D4D4-F4AA-ABCCDCDA48CC} - c:\program files\urldoumi\urldoumi.dll (file missing)
backup-20071022-124021-935 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20071022-124041-730 O4 - HKLM\..\Run: [dum] C:\WINDOWS\system32\dum.exe
backup-20071022-124041-737 O4 - HKLM\..\Run: [fnwzo.exe] "C:\Documents and Settings\James Leborgne\Application Data\fnwzo.exe" ve7n0
backup-20071022-124418-734 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20071022-200318-847 O23 - Service: Local Control lagacy (LClagacy) - Unknown owner - C:\WINDOWS\npkscvc.exe
backup-20071106-104611-880 O4 - HKLM\..\Run: [ktbr] C:\Program Files\ktbr\ktbr_u.exe
backup-20071106-104729-825 O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/Xecure_LiveUp..._XPayMPIOCX.cab
backup-20071106-104729-869 O9 - Extra button: -oμa - {4AB77F8D-8678-4923-9236-5236E411A3E4} - C:\Program Files\nreward\nreward.dll
backup-20071124-131614-113 O4 - HKLM\..\Run: [isearch] C:\Program Files\isearch\isearch.exe
backup-20071124-131614-126 O4 - HKLM\..\Run: [nreward] "C:\Program Files\nreward\nreward.exe" /start
backup-20071124-131614-149 O4 - HKLM\..\Run: [pointurl] C:\Program Files\pointurl\puman.exe
backup-20071124-131614-284 O4 - HKLM\..\Run: [dirkeyup] C:\WINDOWS\system32\dirkeyup.exe
backup-20071124-131614-312 O4 - HKLM\..\Run: [PcMir] C:\Program Files\PCMir\PcMir.exe /start
backup-20071124-131614-334 O4 - HKLM\..\Run: [albania] "C:\WINDOWS\system32\CatRoot2\albania.exe"
backup-20071124-131614-481 O23 - Service: Local Control lagacy (LClagacy) - Unknown owner - C:\WINDOWS\npkscvc.exe
backup-20071124-131614-491 O4 - HKLM\..\Run: [directkey] C:\WINDOWS\system32\dkeyup.exe
backup-20071124-131614-528 O4 - HKCU\..\Run: [kpang] C:\Program Files\kpang\kpangupdate.exe
backup-20071124-131614-642 O23 - Service: PCI Adapter (PCIDown) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
backup-20071124-131614-706 O23 - Service: systemcache4 - Unknown owner - c:\Program Files\CodecPack\40\systemcache.exe (file missing)
backup-20071124-131614-723 O23 - Service: lesstheme1 - Unknown owner - c:\Program Files\MediaPack\40\lesstheme.exe
backup-20071124-131614-785 O23 - Service: videoctls - Unknown owner - c:\Program Files\LG Electronics\drv\videoctl.exe (file missing)
backup-20071124-131614-791 O4 - HKCU\..\Run: [albania] "C:\WINDOWS\system32\CatRoot2\albania.exe"
backup-20071124-131614-846 O4 - HKLM\..\Run: [syncsup.exe] C:\Program Files\sync\syncsup.exe
backup-20071124-131614-977 O23 - Service: PCMir - PC미르 - C:\Program Files\PCMir\pcmirservice.exe
backup-20071124-131614-998 O23 - Service: netmap - Unknown owner - C:\WINDOWS\system32\srvany.exe
backup-20071127-105652-555 O4 - HKLM\..\Run: [Cashonupdate] C:\Program Files\CashOn\bin\CashOnUpdate11250832.exe
backup-20071127-105652-587 O4 - HKCU\..\Run: [KSGuide] C:\Program Files\SolutionKSG\SKSG.exe
backup-20071127-105652-764 O4 - HKCU\..\Run: [kpang] C:\Program Files\kpang\kpangupdate.exe
backup-20071127-105652-775 O4 - HKLM\..\Run: [Demeter] c:\windows\Demeter.exe
backup-20071127-105652-854 O4 - HKCU\..\RunOnce: [lbhjngbfgggaa.exe] C:\Program Files\lbhjngbfggg\lbhjngbfgggaa.exe
backup-20071127-105652-858 O4 - HKLM\..\Run: [twbfilosva] C:\WINDOWS\system32\twbfilosva.exe
backup-20071127-105652-950 O4 - HKCU\..\Run: [capupa] "C:\WINDOWS\LastGood.Tmp\INF\big.exe"
backup-20071201-103734-119 O2 - BHO: (no name) - {0507B447-714E-4DF6-A7A8-E0018A4770F3_} - (no file)
backup-20071201-103734-151 O4 - HKLM\..\Run: [tube] C:\Windows\addins\tube.exe
backup-20071201-103734-158 O4 - HKLM\..\Run: [Daganda] C:\Program Files\Common Files\System\Daganda.exe
backup-20071201-103734-166 O9 - Extra button: -oμa - {4AB77F8D-8678-4923-9236-5236E411A3E4} - C:\Program Files\nreward\nreward.dll
backup-20071201-103734-214 O2 - BHO: GCIE Class - {02CD847C-ECDC-4149-B9FE-6CFB7F4F9EFB} - C:\Program Files\oyeaouo\GCBack_B.dll
backup-20071201-103734-290 O4 - HKLM\..\Run: [UpdateAdImageware] C:\Program Files\AdImageware\UpdateAdImageware.exe
backup-20071201-103734-453 O4 - HKLM\..\Run: [dpup] C:\Program Files\doublepoint\dpup.exe
backup-20071201-103734-489 O4 - HKLM\..\Run: [fanmae] C:\Program Files\fanmae\faninit.exe
backup-20071201-103734-514 O2 - BHO: (no name) - {4EEDE6DE-001B-478C-9F0F-25AD687C4533} - C:\PROGRA~1\DOUBLE~1\dpup.dll
backup-20071201-103734-549 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,OriginalFileA.exe,
backup-20071201-103734-643 O4 - HKCU\..\Run: [oyeaouo] C:\WINDOWS\system32\oyeaouo.EXE
backup-20071201-103734-906 O4 - HKLM\..\Run: [npphkapi] npphkapi.exe
backup-20071218-234937-194 O4 - HKLM\..\Run: [fimpsvbehk] C:\WINDOWS\system32\fimpsvbehk.exe
backup-20071218-234937-361 O4 - HKLM\..\Run: [bfilosvadh] C:\WINDOWS\system32\bfilosvadh.exe
backup-20071218-234937-474 O4 - HKLM\..\Run: [swbehlorua] C:\WINDOWS\system32\swbehlorua.exe
backup-20071221-115037-296 O4 - HKLM\..\Run: [Facial] c:\windows\Facial.exe
backup-20071221-115134-196 O4 - HKCU\..\Run: [swbehlorua] C:\WINDOWS\system32\swbehlorua.exe
backup-20071228-235942-171 O4 - HKUS\S-1-5-18\..\RunOnce: [lbhjngbfgggaa.exe] C:\WINDOWS\system32\lbhjngbfggg\lbhjngbfgggaa.exe (User 'SYSTEM')
backup-20071228-235942-380 O9 - Extra button: CashOn - {731B4EB2-B447-4108-86EB-6F9B6A46E576} - C:\PROGRA~1\CashOn\bin\NCBUTT~1.DLL (file missing)
backup-20071228-235942-566 O4 - HKUS\.DEFAULT\..\RunOnce: [lbhjngbfgggaa.exe] C:\WINDOWS\system32\lbhjngbfggg\lbhjngbfgggaa.exe (User 'Default user')
backup-20071228-235942-578 O4 - HKLM\..\Run: [nruxdgjmqt] C:\WINDOWS\system32\nruxdgjmqt.exe
backup-20071228-235942-599 O4 - HKLM\..\Run: [Mnsets] C:\Program Files\Internet Explorer\Connection Wizard\Mnsets.exe
backup-20071229-000007-420 O4 - HKCU\..\Run: [nruxdgjmqt] C:\WINDOWS\system32\nruxdgjmqt.exe
backup-20071229-123954-117 O4 - HKUS\.DEFAULT\..\Run: [KTech] C:\Windows\Config\KTech.exe (User 'Default user')
backup-20071229-123954-200 O4 - HKUS\S-1-5-18\..\RunOnce: [cashbagmoll.exe] C:\Program Files\cashbagmoll\cashbagmoll.exe (User 'SYSTEM')
backup-20071229-123954-896 O4 - HKUS\.DEFAULT\..\RunOnce: [cashbagmoll.exe] C:\Program Files\cashbagmoll\cashbagmoll.exe (User 'Default user')
backup-20080102-214601-866 O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
backup-20080710-000231-395 O16 - DPF: {B8ECD16B-EC0C-407E-AF2D-7B4A6B6F8DCB} (AllatPayXATL Class) - https://tx.allatpay.com/component/AllatPayX.cab
backup-20080710-000233-764 O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
backup-20080710-000233-919 O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://n-protect.kbstar.com/nprotect/module/npx.cab
backup-20080710-000234-940 O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cgdrvnt3 - c:\windows\system32\drivers\cgdrvnt3.sys <Not Verified; DoctorSoft Co., Ltd.; CoolGate>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 scskusbf (USB SCSK Filter Driver Service) - c:\windows\system32\drivers\scskusbf.sys <Not Verified; SoftCamp; SCSKUSBf 4.0.9.0>

S2 systemmycom - c:\windows\system32\drivers\_systemcom.go\systemmycom.sys (file missing)
S3 catchme - c:\docume~1\jamesl~1\locals~1\temp\catchme.sys (file missing)
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 npkcrypt - c:\windows\system32\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 NTProcDrv (Process creation detector for NT.) - c:\program files\cleansearchex\ntprocdrv.sys
S3 oneguide - c:\windows\system32\drivers\oneguide.sys (file missing)
S3 scsk4 (SCSK4 Driver Service) - c:\windows\system32\drivers\scsk4.sys (file missing)
S3 scskusbs (USB SCSK Driver Service) - c:\windows\system32\drivers\scskusbs.sys <Not Verified; SoftCamp; SCSKUSBs 4.0.9.0>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 ModulerSvc - c:\windows\system32\modulersvc.exe <Not Verified; ANIJCORP; ANIJCORP ModulerSvc>

S2 CoolGate Helper - c:\program files\samsung\anypc\apsvc.exe (file missing)
S2 PCIDown (PCI Adapter) - c:\windows\alg.exe (file missing)
S2 servcproc - c:\windows\system32\srvany.exe
S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S4 npkcsvc - c:\windows\system32\npkcsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 802.11b/g WLAN
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_1355103C&REV_02\4&13826118&0&10A4
Manufacturer: Broadcom
Name: Broadcom 802.11b/g WLAN
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_1355103C&REV_02\4&13826118&0&10A4
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-07-17 15:09:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-07-17 15:17:13 0 d-------- C:\Program Files\Bonjour
2008-07-16 21:29:19 0 d-------- C:\Program Files\Advanced Registry Optimizer


-- Find3M Report ---------------------------------------------------------------

2008-08-09 23:50:52 0 d-------- C:\Documents and Settings\James Leborgne\Application Data\Skype
2008-08-09 10:30:14 0 d-------- C:\Documents and Settings\James Leborgne\Application Data\skypePM
2008-08-06 19:03:08 0 d-------- C:\Documents and Settings\James Leborgne\Application Data\uTorrent
2008-07-27 23:14:26 0 d-------- C:\Documents and Settings\James Leborgne\Application Data\AVG7
2008-07-23 22:32:50 0 d-------- C:\Program Files\DivX
2008-07-17 15:18:43 0 d-------- C:\Program Files\iTunes
2008-07-17 15:18:18 0 d-------- C:\Program Files\iPod
2008-07-17 15:16:45 0 d-------- C:\Program Files\QuickTime
2008-07-16 21:29:49 0 d-------- C:\Documents and Settings\James Leborgne\Application Data\Sammsoft
2008-07-12 18:55:33 0 d-------- C:\Program Files\Apple Software Update
2008-07-06 13:24:45 0 d-------- C:\Program Files\Hothead Games
2008-06-30 22:16:46 0 d-------- C:\Program Files\point-up
2008-06-30 22:16:34 0 d-------- C:\Program Files\PointUp
2008-06-25 19:37:18 0 d-------- C:\Program Files\CleanSearchEx
2008-06-23 13:14:30 0 d-------- C:\Program Files\navetb System
2008-06-23 13:03:23 0 d-------- C:\Program Files\windows-sidebar
2008-06-11 09:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 09:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 09:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 09:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 09:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-06-11 09:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX>
2008-06-11 09:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-06-11 09:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-05-29 00:32:27 127288 --a------ C:\Documents and Settings\James Leborgne\Application Data\Cosmos Prefs
2008-05-28 00:23:30 5023 --a------ C:\WINDOWS\mozver.dat
2008-05-23 07:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAD2484D-6D58-858D-F48A-CABAC5757DCA}]
05/10/2007 09:49 AM 106496 --a------ c:\program files\easykey\easykey.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/02/2005 09:12 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [03/12/2004 01:24 PM]
"Korean IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [26/10/2006 02:53 PM]
"Windows IE Protector System"="C:\Program Files\CleanSearchEx\CSUpdate.exe" [25/06/2008 04:17 PM]
"pointup"="C:\Program Files\point-up\pointup.exe" []
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10/07/2008 09:47 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/07/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\ARO.exe" [09/04/2008 02:30 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 05:43 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ypagerps"=cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMSRC]
C:\Program Files\Windows Media Player\siratic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"VX3000"=C:\WINDOWS\vVX3000.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5427f9f2-388a-11dd-9099-000fb0731b5d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1143f1f-cea8-11db-8c66-00904bf74095}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1143f20-cea8-11db-8c66-00904bf74095}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce10e259-bb2e-11dc-8f16-000fb0731b5d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe




-- End of Deckard's System Scanner: finished at 2008-08-10 00:40:35 ------------

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 PM

Posted 10 August 2008 - 05:57 PM

http://www.bleepingcomputer.com/forums/topic121375-15.html
Dec 29 2007, TonyKlein

It belongs to a Korean application called CleanSearch.

Your answer then

If it is a korean application, I am certain that my girlfriend put it on somehow by installing some plugin, because I have never seen it before (she's Korean, and we're in Korea, and she has the code to my house and sometimes uses my system when I'm not here. Which perhaps should be rectified, but that's not exactly important in this venue)

I can speak some, but I may not be that much help. And, to be honest, almost all Korean programming has some kind of trojan hidden in it. Whenever my girlfriend checks movie listings, something terrible happens.

As CleanSearch is still on your computer, have you found out what CleanSearch is and is it safe?
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 PM

Posted 10 August 2008 - 10:40 PM

A Firewall is an essential part of computer security and you do not appear to have a third party software firewall running on your system. If you have one, and I missed it, please ignore this. If you are relying on the firewall that comes with Service Pack 2, then you need to install a third party software firewall. While the SP2 firewall is better than nothing, it does not monitor outgoing traffic, so anything malicious on your computer can 'phone home' at will. There are several firewalls that provide better protection than the Windows SP2 firewall. Follow these steps to turn off/disable the Windows Firewall before installing a new firewall:
  • Download the new firewall to your desktop.
  • Disconnect from the Internet.
  • Click Start > Control Panel.
  • Switch to Classic View if you have not already done so.
  • Double click on the Windows Firewall icon.
  • Click Off (Not recommended).
  • Install the new Firewall.
Do not attempt to run two software firewalls since like running two antivirus programs, they will possibly cause problems and conflict with each other.

There are a few firewalls available for free that appear to be good and easy to use:For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 PM

Posted 11 August 2008 - 08:13 AM

I did not see any obvious signs of malware. I have a few suggestions for general cleaning.

Step 1

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 2

I noticed that your Java Runtime Environment is out of date.

Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
Please download the latest Java Runtime Environment.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 7. The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right. When a new window opens, you will see
    NOTE: This page offers files for different platforms - please be sure to download the proper file(s) for your platform.
    Required: You must accept the license agreement to download the product.
  • Click to place a check mark by Accept License Agreement.
  • Make the selection corresponding to your computer platform. For Windows, click on Windows Offline Installation, Multi-languagelink to download. Save it to your desktop.
  • On your desktop, double-click on jre-6u7-windows-i586-p.exe to install the newest version.
After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the Welcome To Java and Verify Installation page.

Step 3

Please place HijackThis into ITS OWN PERMANANT FOLDER.
  • You can do this by going to My Computer (Windows key+e).
  • Double click on C:
  • If the folder is hidden, click on show the contents of this folder.
  • Right-click on a blank space in the right column and select New > Folder
  • Name it HJT (C:\HJT\HijackThis.exe
  • Move HijackThis.exe into this folder.
  • When you run HijackThis.exe from the "C:\HJT" folder and have it Fixed checked, it will create a backup file of modifications to use which are easily accessible if restoring any files is necessary.
If needed, here are two tutorials, HijackThis Folder Tutorial and How to Download, Extract and Run HijackThis.

Step 4

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that cant be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please post that list in your next reply.

Step 5

Please download Spybot-S&D.
Please check this link, Using Spybot- Search and Destroy To Remove Spyware From Your Computer, for instructions on how to download, install and use Spybot-S&D. Run this program as soon as possible.

Step 6

Please download Ad-Aware 2008.
Please check this link, Ad-Aware 2007/ 2008 for instructions on how to download, install and use Ad-Aware. Run this program as soon as possible.

Step 7

I recommend using Spyware Blaster.
Please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Please see Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware for instructions on how to download, install, and use SpywareBlaster.

Step 8

Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it is detected and minimizes interruptions and helps you stay productive.

Please download and install Windows Defender.
  • Confirm that your computer meets the minimum system requirements to install Windows Defender.
  • Visit the Windows Defender page in the Microsoft Download Center. Click the Continue button and follow the directions on the succeeding pages to download the program and start the Installation Wizard.
  • Follow the steps in the Installation Wizard. You will be asked if you want to participate in the Microsoft SpyNet online community. We suggest you choose the first option,
  • Use recommended settings.
  • Click Next to continue.
  • Click Install to begin installing Windows Defender.
  • When installation is complete, click Finish. Windows Defender will begin to scan your computer.
  • For more information, See How to install and set up Windows Defender
Step 9

ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 10

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Step 11

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan. Place checks next to the following entries (make sure not to miss any):

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


You have an excessive number of O16 entries, there are some bad ones and some good ones but as each of them takes more than a little time to investigate, you can give yourself a fresh start by checking ALL of the O16 entries. The next time that you visit the site, a new O16 entry will be installed automatically.

O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg5.cyworld.nate.com/ImageUpload...mageUpload2.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.com/ActiveX/OrangeFileBox.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18D63578-EA2F-4A59-A49A-7F62E6B3DF3E} (ImP3 Control) - http://activexdown.paran.com/paranactivex/data/ImP3.cab
O16 - DPF: {1ABB898B-8A1A-40CB-8DE7-DAF5E560E814} (DSubActX Control) - http://cab1.diskster.com/recab/DSubActX.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {32D94A9F-9A18-4E12-863D-8AABA8CBDA78} (NateOnMMSAtx3 Class) - http://sms.nate.com/NateOnMMS_AX3.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - https://mpi.dacom.net/XPayMPI/Xecure_LiveUp..._XPayMPIOCX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200229428578
O16 - DPF: {7513B187-5954-4C64-ABF4-E652FE899F24} (Wedisk Control) - http://www.wedisk.co.kr/app/WeDisk.cab
O16 - DPF: {788649EC-2622-4EE8-84A3-F49F6AA8399C} (QuizHelperCtrl Class) - http://www.activetutor.net/pub/cabs/quizhe.../QuizHelper.cab
O16 - DPF: {7C09DD8F-D1C6-4315-AE96-AC328FDF734B} (KTActiveX Control) - http://support.kornet.net/sw5/order/Speed/cab/KTActiveX.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://xecure.kbstar.com/xecure/xw_install_v7202.cab
O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} (MABugsDownload Control) - http://www.csafer.net/activex/mabugsdownload.cab
O16 - DPF: {8D88D553-E13C-492E-BC64-2DAF12782A81} (AClientChecker.AxAClientChecker) - http://image.cdi.co.kr/ibtprep/install/web...ientChecker.CAB
O16 - DPF: {913BF18F-672D-4676-9855-F9A192A88886} (IMBCContents Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {91A6D076-F1AA-44DC-9825-9F7DE41E2398} (WooricyMap Control) - http://traffic.local.naver.com/Traffic_bro...p(1,0,0,23).cab
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.cinewel.com/down/MagicLockOCX.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://k-defence.kbstar.com/kings/kdfx/kdfx238/kdfense8.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...206/SBStart.CAB
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3player/...ge/pdrtvset.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
O16 - DPF: {E3EAC26D-891F-499A-9C38-D8F165DE02B8} (SsoAccess Class) - http://www.daegu.go.kr/SSODemo/ssoObject/SsoAccess.cab
O16 - DPF: {F1149E8A-79EB-4859-835E-95432B72FEA2} (AnycallLAND_DownCheck Control) - http://img.anycall.com/anycall/support/act...nCheckProj1.cab
O16 - DPF: {F36C3235-C4AF-409F-B6A1-4F96BB1B533E} (CyGlobalCtl Class) - http://fs1.us.cyworld.com/common/activex/CyGlobal.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab


Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 12

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

Step 13

If you did not add the listed domain to the Trusted Zones yourself, have HijackThis fix it.

O15 - Trusted Zone: http://*.wedisk.co.kr
O15 - Trusted Zone: http://*.wedisk.net
O15 - ESC Trusted Zone: http://*.update.microsoft.com


Step 14

Do you know what the programs/files in red below are and know that they are safe? I found only a few or no details on the following folders/files. please locate the files in Windows Explorer. Right click on the file and click Properties. Please post any details that you found.

O4 - HKLM\..\Run: [Windows IE Protector System] C:\Program Files\CleanSearchEx\CSUpdate.exe

O4 - HKLM\..\Run: [pointup] C:\Program Files\ point-up\pointup.exe

O23 - Service: PCI Adapter (PCIDown) - Unknown owner - C:\WINDOWS\alg.exe (file missing)

O23 - Service: servcproc - Unknown owner C:\WINDOWS\system32\srvany.exe

I did find some information on srvany but it seems that this would be on a server and not usually on a home computer.

]Process name: Services Any
Product: Windows NT Resource Kits
Company: Microsoft
File: srvany.exe
This utility allows running Windows NT applications as services.
The benefits include:
- allow apps to survive logoff/logon sequences, hence saving the overhead of re-starting them for each new user
- allow server apps to come-up and service requests even when no user is logged-on
- allow apps to run and perform a task in a specific logon account, different from the currently logged-on user


in a server environment where you know what you are doing, it is legitimate, but for a home user, it is not normal.

How To Create a User-Defined Service

Step 15

Lets run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 16

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the list of file names and locations for any files that cannot be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 PM

Posted 24 August 2008 - 10:28 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users