Malwarebytes is ineffective. I scanned, found 14 items, removed them, had to reboot, and nada. Upon reboot, the ave.exe popup is still there.
its hiding out as regedit32.
I ran DDS, but I Can't seem to find the attach box on this post. Below the DDS log, I'm sticking the malwarebyte's logs. I've run this is safe mode, not in safe mode, etc. I also tried stopzilla as it was recommended for ave.exe but it found nothing. Its scan didn't even return anything when ave.exe was running.
DDS (Ver_09-12-01.01) - NTFSx86
Run by crossmr at 20:16:31.70 on 03/17/2010 Wed
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.2046.1442 [GMT 9:00]
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\documents and settings\crossmr\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\Xfire.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\crossmr\Local Settings\Application Data\ave.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Windows\System32\winconf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\crossmr\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://naver.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ActiveManager Class: {23ea2c70-586a-4fea-acac-4c40ff0af5e1} - c:\windows\downloaded program files\ActiveManager.dll
BHO: GABHO: {2b1072ec-5626-4f7a-9813-d45910b38601} - c:\program files\gameangel\gabho.dll
BHO: DaumLogin Class: {525ad11b-6557-46a5-8327-ecd06f7d20fd} - c:\windows\downloaded program files\DaumLoginHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: 추천사이트: {91e3920d-8e40-4b44-b312-d0cf20898bef} - c:\program files\gameangel\gabar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [syncman] c:\documents and settings\crossmr\wuaucldt.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [syncman] c:\windows\system32\wuaucldt.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\crossmr\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {FFFF6B5C-2112-4A3F-B1A7-FAA74AD3811E} - {FFFF6B5C-2112-4A3F-B1A7-FAA74AD3811E} - c:\program files\gameangel\gabtn.dll
DPF: {00D84FA2-E075-49BF-AF85-190FBB45DBB3} - hxxp://www.tkonline.co.kr/board/main/RunTkonline.cab
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {0E1C2A82-5135-42E6-8DA1-B82C24669E88} - hxxps://www.realscan.co.kr/data/realscan/RealScan_Launcher.cab
DPF: {15C09C80-BE98-4E30-B8C1-6B8935E32671} - hxxp://download.hts.nefficient.co.kr/hts/yesone/cab/MAOnFPS_NTS.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20091117.cab
DPF: {213B8BD2-9997-48A1-B385-7833F8D34B9D} - hxxp://220.90.139.13/Zaolmap/Download/AYUTIS_Zaolmap2.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://kbdownload.initech.com/kbstarActiveX/6.3.0.2/down/INIS60.cab
DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} - hxxp://download.zfile.co.kr/ZFileWebControl.cab
DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://static.plaync.co.kr/aion_v2/skin/AddOn_090806_v2.cab
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {39BC8B20-FB5A-43E5-9EBC-E637B700859E} - hxxp://sunonline.game.pmang.com/Common/CommonWebStarter.cab
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://download.kbstar.com/security/SCSK/scsk4.cab
DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} - hxxp://dl.bugsm.co.kr/install/BugsInstaller.cab
DPF: {45B6C54E-6486-4A5D-9947-8E279775E53D} - hxxp://www.clubcyon.com/club_test/ksd/WebSyncAX.cab
DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} - hxxp://ionair.sbs.co.kr/onair/IB_OnAir.CAB
DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} - hxxp://image.gmarket.co.kr/tools/tyscan/nps.cab
DPF: {525AD11B-6557-46A5-8327-ECD06F7D20FD} - hxxp://cfile204.uf.daum.net/attach/197F57184B5857416F2148
DPF: {5B9BE0A1-D671-4FB3-8E0B-E0821B65DAB5} - hxxp://www.quakewars.co.kr/file/cab/DragonflyControl.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1.cab
DPF: {5D29B0C9-EA06-4F47-A687-243EB9350272} - hxxp://onaironline.imbc.com/Activex/DANALGameLauncher.cab
DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/js/UniUpdTool/NCLoader.8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246942350203
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://www.taxsave.go.kr/CKKeyPro/CKKeyPro3023_32k.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258436801843
DPF: {77D54273-FD01-4E93-B109-68C1F375A7D4} - hxxp://api.2ndrive.com/update/NdStarter.cab
DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} - hxxp://mgameweb.nefficient.co.kr/mgameweb/download/cab/mgmanagerv1004.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://www.taxsave.go.kr/XecureObject/xw_install.cab
DPF: {81B14C2D-6436-42C6-83EC-F60DEF852AEC} - hxxp://www.gmarket.co.kr/challenge/neo_app/MakeShortCut.cab
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: {889E3D55-7B17-4101-ABA4-3078547B6C4C} - hxxp://hessian.yoitt.com/common/global/YoittSystemInfo.cab
DPF: {893BE5FA-2E09-48C7-801B-25C986A0AC5F} - hxxp://61.97.32.32/filemoa/fmoaload.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} - hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - hxxp://download.signgate.com/download/ews/ewsinstaller.cab
DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} - hxxp://speed.nia.or.kr/login/SysNIAforHuman.cab
DPF: {A1E0ACF5-232E-4E85-9EC4-669809AEB8F8} - hxxp://u12.minisearch.co.kr/Install/cab2/axInstall26.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://kings.nefficient.co.kr/kings/kdfx/kdfx321/kdfense8.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dl.pmang.com/common/neffy/NeffyLauncher_v1006.cab
DPF: {AC18AC7B-D553-4ED2-B9B9-41BB9A1BDDBB} - hxxp://221.157.125.211/MovieRgX.cab
DPF: {AC462D1A-E53E-4973-A30A-AB7E07D3DD2D} - hxxp://gcc.nefficient.co.kr/gcc/EzCertForClient.exe
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/HLauncher.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {BC44D4D0-D94D-4031-A76F-DD9B70078B2B} - hxxp://www.wawadisk.com/mmsv/WawaDiskControl.CAB
DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} - hxxp://www.mgoon.com/launcher.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://cdn.hangame.com/hangame/hansetup/HanSetup1030.cab
DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/login/SpeedTest.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} - hxxp://218.55.98.94/appx/pdpopax.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/nts/npkcx_inca.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60.cab
DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap4Asp_V2_0_0_19.cab
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - hxxp://nprotect.plaync.co.kr/nProtect/netizen2004/ncsoft/npz.cab
DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap_V2_0_0_13.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {E9E5E440-45DE-4D5B-8F8E-54212D160106} - hxxp://afocx.afreeca.com:9091/AFC/OpenTV.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.afreeca.com:8057/AFCStarter.cab - hxxp://live.afreeca.com:8057/AFCStarter.cab
DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} - hxxp://toolbar.imbc.com/toolbar/setup/MBCXeb.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://60.33.230.11/JpegInst.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} - hxxp://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1810/GWall.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/test/NaverAXGuide.cab
TCP: {95081AD2-DB2E-49B5-ADC4-6CB752F72A53} = 8.8.8.8,8.8.4.4
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\crossmr\applic~1\mozilla\firefox\profiles\ob50f35n.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - plugin: c:\documents and settings\all users\application data\nexon\ngm\npNxGame.dll
FF - plugin: c:\documents and settings\crossmr\application data\mozilla\firefox\profiles\ob50f35n.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin_file.dll
FF - plugin: c:\windows\system32\npKeyPro.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-8 64160]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 wcnf;Windows Config;c:\windows\system32\winconf.exe -service --> c:\windows\system32\winconf.exe -service [?]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-16 38224]
R3 npkakl;npkakl;c:\windows\system32\npkakl.sys [2009-8-20 29216]
S0 maysfut;maysfut; [x]
S0 ravxxma;ravxxma; [x]
S3 {A2C6D8E5-00FB-42fd-95D4-11AF68333408};SKYTV HD6 USB Device;c:\windows\system32\drivers\skyhd6uc.sys [2010-3-16 164864]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-1-26 38200]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-1-26 126048]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-24 50704]
S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [2009-8-15 41600]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;c:\windows\system32\npids.sys [2009-8-15 48384]
S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\prodefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]
S3 QuickDownload Agent;QuickDownload Agent;c:\program files\quickdownloadservice\qdownagent.exe [2009-8-22 114688]
S3 QuickDownload Service;QuickDownload Service;c:\program files\quickdownloadservice\qdownservice.exe [2009-8-22 102400]
S3 QuickDownload Update;QuickDownload Update;c:\program files\quickdownloadservice\qdownupdate.exe [2009-8-22 94208]
S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]
S3 SKTBus;SK Telecom USB Composite Device Support;c:\windows\system32\drivers\SKTBus.sys [2009-7-7 31232]
S3 SKTMdm;SK Telecom USB Modem Support;c:\windows\system32\drivers\SKTMdm.sys [2009-7-7 28672]
S3 SKTOBEX;SK Telecom USB OBEX Device Support;c:\windows\system32\drivers\SKTOBEX.sys [2009-7-7 16384]
S3 SKTVsp;SK Telecom USB Virtual Serial Port Driver;c:\windows\system32\drivers\SKTVsp.sys [2009-7-7 28672]
S4 DCMStandaloneSvc1;DCMStandaloneSvc1;"c:\documents and settings\crossmr\desktop\dellcm_cleanup_service\dcmstandalonesvc1.exe" --> c:\documents and settings\crossmr\desktop\dellcm_cleanup_service\DCMStandaloneSvc1.exe [?]
S4 procEntry;procEntry;c:\windows\system32\procreport.exe --> c:\windows\system32\procreport.exe [?]
=============== Created Last 30 ================
2010-03-17 11:14:22 39 ----a-w- c:\windows\system32\CCProxy.ini
2010-03-17 10:57:43 4336 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-17 10:20:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-03-17 10:18:10 0 d-----w- c:\program files\common files\iS3
2010-03-17 10:18:09 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-03-17 10:14:04 51807 ----a-w- c:\documents and settings\crossmr\wuaucldt.exe
2010-03-16 14:27:08 0 d-----w- c:\windows\system32\Log
2010-03-16 13:17:14 0 d-----w- c:\docume~1\crossmr\applic~1\Malwarebytes
2010-03-16 13:17:13 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-03-16 13:17:11 7168 ----a-w- c:\windows\system32\hccoin.dll
2010-03-16 13:17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-16 13:17:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 13:17:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 13:17:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-16 13:17:00 74240 ----a-w- c:\windows\system32\usbui.dll
2010-03-16 13:17:00 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-03-16 13:17:00 143872 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-03-16 13:16:59 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-03-16 13:16:57 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-03-16 13:16:56 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-16 13:16:56 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-03-16 13:16:40 68224 ----a-w- c:\windows\system32\drivers\OLD29.tmp
2010-03-16 13:16:35 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-03-16 13:16:30 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-03-16 12:48:26 0 d-----w- c:\program files\Skydigital Inc
2010-03-16 12:43:47 0 d-----w- c:\documents and settings\crossmr\SKY DIGITAL
2010-03-16 12:43:35 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-03-16 12:43:35 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-03-16 12:43:20 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-03-16 12:43:20 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-03-16 12:43:19 18432 -c--a-w- c:\windows\system32\dllcache\bdaplgin.ax
2010-03-16 12:43:19 18432 ----a-w- c:\windows\system32\BdaPlgIn.ax
2010-03-16 12:43:12 164864 ----a-w- c:\windows\system32\drivers\skyhd6uc.sys
2010-03-16 12:43:11 0 d-----w- c:\program files\SKYDIGITAL
2010-03-16 12:35:20 0 d-----w- c:\program files\SKY DIGITAL
2010-03-16 12:35:20 0 d-----w- c:\program files\common files\SKY DIGITAL
2010-03-10 09:38:50 0 d-----w- c:\docume~1\crossmr\applic~1\2ndrive
2010-03-10 09:37:59 0 d-----w- c:\program files\Nowcom
2010-03-09 11:40:06 509432 ----a-w- c:\windows\RealScan_Launcher.dll
2010-03-09 11:40:02 0 d-----w- C:\CREFREE
2010-03-05 00:11:22 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-21 13:46:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Firefly Studios
2010-02-18 09:43:25 815104 ----a-w- c:\windows\system32\winconf.exe
2010-02-18 09:43:25 73728 ----a-w- c:\windows\system32\aspnet_stat.exe
==================== Find3M ====================
2010-03-12 00:53:48 83288 ----a-w- c:\windows\system32\kdfapi.dll
2010-03-12 00:53:48 59976 ----a-w- c:\windows\system32\Kdfhok.dll
2010-03-12 00:53:48 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2010-03-12 00:53:47 674384 ----a-w- c:\windows\system32\QZKJAAMQ.exe
2010-03-12 00:53:47 61440 ----a-w- c:\windows\system32\proDefense.dll
2010-03-05 10:54:15 38200 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-03-05 10:54:15 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-03-05 10:54:15 126048 ----a-w- c:\windows\system32\kcrtx86.sys
2010-03-05 02:57:00 11377 ----a-w- c:\windows\system32\teexcept.dat
2010-02-23 08:17:28 2801664 ----a-w- c:\windows\system32\clubbox.exe
2010-02-18 05:18:42 648600 ----a-w- c:\windows\system32\HanSetup.exe
2010-02-12 05:27:48 72508 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-01 13:10:52 191008 ----a-w- c:\windows\system32\npkcmsvc.exe
2010-01-29 08:40:58 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-29 08:40:58 964608 ----a-w- c:\windows\system32\mfc70u.dll
2010-01-29 08:40:58 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-29 08:40:58 245408 ----a-w- c:\windows\system32\unicows.dll
2010-01-29 08:40:21 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2010-01-29 08:40:21 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2010-01-29 08:40:21 2187264 ----a-w- c:\windows\system32\mfc71d.dll
2010-01-29 08:40:21 2183168 ----a-w- c:\windows\system32\mfc71ud.dll
2010-01-29 08:38:36 2801756 ----a-w- c:\windows\system32\libmmd.dll
2010-01-27 10:14:50 46640 ----a-w- c:\windows\system32\npPCStatusUninst.exe
2010-01-26 09:19:58 124216 ----a-r- c:\windows\system32\CKAgent.exe
2010-01-21 07:33:42 104400 ----a-w- c:\windows\system32\MAOnFPS_NTSC.dll
2010-01-21 07:33:39 440272 ----a-w- c:\windows\system32\MAOnFPS_NTSV.dll
2010-01-21 03:00:44 30592 ----a-w- c:\windows\system32\drivers\vshook.sys
2010-01-17 23:51:44 644224 ----a-w- c:\windows\system32\NowUpdate.exe
2010-01-12 06:53:55 6324114 ----a-w- c:\windows\system32\2ndrive_setup.exe
2010-01-12 04:22:36 355060 ---h--w- c:\windows\system32\MaPrintInfo.dat
2010-01-07 05:10:30 311296 ----a-w- c:\windows\system32\Bugsctrl.dll
2010-01-07 05:10:30 167936 ----a-w- c:\windows\system32\jukeon_e.exe
2010-01-07 05:10:30 135168 ----a-w- c:\windows\system32\p3aodf1.dll
2010-01-07 05:10:30 135168 ----a-w- c:\windows\system32\Bugsedf1.dll
2009-12-28 06:32:13 78057 ----a-w- c:\windows\system32\nvModes.dat
2009-12-18 10:46:24 210232 ----a-w- c:\windows\system32\npKeyPro.dll
2009-12-18 10:46:20 70968 ----a-w- c:\windows\system32\CKKeyProCert.dll
2009-12-18 10:45:44 394552 ----a-w- c:\windows\system32\XecureCK.dll
2009-12-18 10:45:44 152888 ----a-w- c:\windows\system32\Jrsoftcp.dll
2009-12-18 10:45:42 927032 ----a-w- c:\windows\system32\CKSetup32.exe
2009-12-18 10:45:42 181560 ----a-w- c:\windows\system32\CKApp.dll
============= FINISH: 20:18:20.40 ===============
Malwarebytes' Anti-Malware 1.44
Database version: 3873
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/17/2010 8:28:41 PM
mbam-log-2010-03-17 (20-28-41).txt
Scan type: Quick Scan
Objects scanned: 126296
Time elapsed: 9 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\crossmr\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CCProxy.ini (Trojan.CCProxy) -> Quarantined and deleted successfully.
Rkill log
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as crossmr on 7/2010 Wed at 20:35:24.
Processes terminated by Rkill or while it was running:
C:\WINDOWS\system32\nvsvc32.exe
C:\documents and settings\crossmr\wuaucldt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\crossmr\Local Settings\Application Data\ave.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\crossmr\Desktop\rkill.com
Rkill completed on 7/2010 Wed at 20:35:26.
Edited by crossmr, 17 March 2010 - 06:37 AM.