Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVE.exe got me


  • This topic is locked This topic is locked
21 replies to this topic

#1 crossmr

crossmr

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seoul, South Korea
  • Local time:10:22 AM

Posted 17 March 2010 - 06:29 AM

So, I was just reading some news earlier. Suddenly both browsers close and are replaced by this AVE.exe garbage. My particular variant is "XP Internet Security".
Malwarebytes is ineffective. I scanned, found 14 items, removed them, had to reboot, and nada. Upon reboot, the ave.exe popup is still there.
its hiding out as regedit32.

I ran DDS, but I Can't seem to find the attach box on this post. Below the DDS log, I'm sticking the malwarebyte's logs. I've run this is safe mode, not in safe mode, etc. I also tried stopzilla as it was recommended for ave.exe but it found nothing. Its scan didn't even return anything when ave.exe was running.





DDS (Ver_09-12-01.01) - NTFSx86
Run by crossmr at 20:16:31.70 on 03/17/2010 Wed
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.2046.1442 [GMT 9:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\documents and settings\crossmr\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\Xfire.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\crossmr\Local Settings\Application Data\ave.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Windows\System32\winconf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\crossmr\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://naver.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ActiveManager Class: {23ea2c70-586a-4fea-acac-4c40ff0af5e1} - c:\windows\downloaded program files\ActiveManager.dll
BHO: GABHO: {2b1072ec-5626-4f7a-9813-d45910b38601} - c:\program files\gameangel\gabho.dll
BHO: DaumLogin Class: {525ad11b-6557-46a5-8327-ecd06f7d20fd} - c:\windows\downloaded program files\DaumLoginHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: 추천사이트: {91e3920d-8e40-4b44-b312-d0cf20898bef} - c:\program files\gameangel\gabar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [syncman] c:\documents and settings\crossmr\wuaucldt.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [syncman] c:\windows\system32\wuaucldt.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\crossmr\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {FFFF6B5C-2112-4A3F-B1A7-FAA74AD3811E} - {FFFF6B5C-2112-4A3F-B1A7-FAA74AD3811E} - c:\program files\gameangel\gabtn.dll
DPF: {00D84FA2-E075-49BF-AF85-190FBB45DBB3} - hxxp://www.tkonline.co.kr/board/main/RunTkonline.cab
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {0E1C2A82-5135-42E6-8DA1-B82C24669E88} - hxxps://www.realscan.co.kr/data/realscan/RealScan_Launcher.cab
DPF: {15C09C80-BE98-4E30-B8C1-6B8935E32671} - hxxp://download.hts.nefficient.co.kr/hts/yesone/cab/MAOnFPS_NTS.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20091117.cab
DPF: {213B8BD2-9997-48A1-B385-7833F8D34B9D} - hxxp://220.90.139.13/Zaolmap/Download/AYUTIS_Zaolmap2.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://kbdownload.initech.com/kbstarActiveX/6.3.0.2/down/INIS60.cab
DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} - hxxp://download.zfile.co.kr/ZFileWebControl.cab
DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://static.plaync.co.kr/aion_v2/skin/AddOn_090806_v2.cab
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {39BC8B20-FB5A-43E5-9EBC-E637B700859E} - hxxp://sunonline.game.pmang.com/Common/CommonWebStarter.cab
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://download.kbstar.com/security/SCSK/scsk4.cab
DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} - hxxp://dl.bugsm.co.kr/install/BugsInstaller.cab
DPF: {45B6C54E-6486-4A5D-9947-8E279775E53D} - hxxp://www.clubcyon.com/club_test/ksd/WebSyncAX.cab
DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} - hxxp://ionair.sbs.co.kr/onair/IB_OnAir.CAB
DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} - hxxp://image.gmarket.co.kr/tools/tyscan/nps.cab
DPF: {525AD11B-6557-46A5-8327-ECD06F7D20FD} - hxxp://cfile204.uf.daum.net/attach/197F57184B5857416F2148
DPF: {5B9BE0A1-D671-4FB3-8E0B-E0821B65DAB5} - hxxp://www.quakewars.co.kr/file/cab/DragonflyControl.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1.cab
DPF: {5D29B0C9-EA06-4F47-A687-243EB9350272} - hxxp://onaironline.imbc.com/Activex/DANALGameLauncher.cab
DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/js/UniUpdTool/NCLoader.8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246942350203
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://www.taxsave.go.kr/CKKeyPro/CKKeyPro3023_32k.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258436801843
DPF: {77D54273-FD01-4E93-B109-68C1F375A7D4} - hxxp://api.2ndrive.com/update/NdStarter.cab
DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} - hxxp://mgameweb.nefficient.co.kr/mgameweb/download/cab/mgmanagerv1004.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://www.taxsave.go.kr/XecureObject/xw_install.cab
DPF: {81B14C2D-6436-42C6-83EC-F60DEF852AEC} - hxxp://www.gmarket.co.kr/challenge/neo_app/MakeShortCut.cab
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: {889E3D55-7B17-4101-ABA4-3078547B6C4C} - hxxp://hessian.yoitt.com/common/global/YoittSystemInfo.cab
DPF: {893BE5FA-2E09-48C7-801B-25C986A0AC5F} - hxxp://61.97.32.32/filemoa/fmoaload.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} - hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - hxxp://download.signgate.com/download/ews/ewsinstaller.cab
DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} - hxxp://speed.nia.or.kr/login/SysNIAforHuman.cab
DPF: {A1E0ACF5-232E-4E85-9EC4-669809AEB8F8} - hxxp://u12.minisearch.co.kr/Install/cab2/axInstall26.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://kings.nefficient.co.kr/kings/kdfx/kdfx321/kdfense8.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dl.pmang.com/common/neffy/NeffyLauncher_v1006.cab
DPF: {AC18AC7B-D553-4ED2-B9B9-41BB9A1BDDBB} - hxxp://221.157.125.211/MovieRgX.cab
DPF: {AC462D1A-E53E-4973-A30A-AB7E07D3DD2D} - hxxp://gcc.nefficient.co.kr/gcc/EzCertForClient.exe
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/HLauncher.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {BC44D4D0-D94D-4031-A76F-DD9B70078B2B} - hxxp://www.wawadisk.com/mmsv/WawaDiskControl.CAB
DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} - hxxp://www.mgoon.com/launcher.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://cdn.hangame.com/hangame/hansetup/HanSetup1030.cab
DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/login/SpeedTest.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} - hxxp://218.55.98.94/appx/pdpopax.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/nts/npkcx_inca.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60.cab
DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap4Asp_V2_0_0_19.cab
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - hxxp://nprotect.plaync.co.kr/nProtect/netizen2004/ncsoft/npz.cab
DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap_V2_0_0_13.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {E9E5E440-45DE-4D5B-8F8E-54212D160106} - hxxp://afocx.afreeca.com:9091/AFC/OpenTV.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.afreeca.com:8057/AFCStarter.cab - hxxp://live.afreeca.com:8057/AFCStarter.cab
DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} - hxxp://toolbar.imbc.com/toolbar/setup/MBCXeb.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://60.33.230.11/JpegInst.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} - hxxp://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1810/GWall.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/test/NaverAXGuide.cab
TCP: {95081AD2-DB2E-49B5-ADC4-6CB752F72A53} = 8.8.8.8,8.8.4.4

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\crossmr\applic~1\mozilla\firefox\profiles\ob50f35n.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - plugin: c:\documents and settings\all users\application data\nexon\ngm\npNxGame.dll
FF - plugin: c:\documents and settings\crossmr\application data\mozilla\firefox\profiles\ob50f35n.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin_file.dll
FF - plugin: c:\windows\system32\npKeyPro.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-8 64160]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 wcnf;Windows Config;c:\windows\system32\winconf.exe -service --> c:\windows\system32\winconf.exe -service [?]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-16 38224]
R3 npkakl;npkakl;c:\windows\system32\npkakl.sys [2009-8-20 29216]
S0 maysfut;maysfut; [x]
S0 ravxxma;ravxxma; [x]
S3 {A2C6D8E5-00FB-42fd-95D4-11AF68333408};SKYTV HD6 USB Device;c:\windows\system32\drivers\skyhd6uc.sys [2010-3-16 164864]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-1-26 38200]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-1-26 126048]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-24 50704]
S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [2009-8-15 41600]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;c:\windows\system32\npids.sys [2009-8-15 48384]
S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\prodefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]
S3 QuickDownload Agent;QuickDownload Agent;c:\program files\quickdownloadservice\qdownagent.exe [2009-8-22 114688]
S3 QuickDownload Service;QuickDownload Service;c:\program files\quickdownloadservice\qdownservice.exe [2009-8-22 102400]
S3 QuickDownload Update;QuickDownload Update;c:\program files\quickdownloadservice\qdownupdate.exe [2009-8-22 94208]
S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]
S3 SKTBus;SK Telecom USB Composite Device Support;c:\windows\system32\drivers\SKTBus.sys [2009-7-7 31232]
S3 SKTMdm;SK Telecom USB Modem Support;c:\windows\system32\drivers\SKTMdm.sys [2009-7-7 28672]
S3 SKTOBEX;SK Telecom USB OBEX Device Support;c:\windows\system32\drivers\SKTOBEX.sys [2009-7-7 16384]
S3 SKTVsp;SK Telecom USB Virtual Serial Port Driver;c:\windows\system32\drivers\SKTVsp.sys [2009-7-7 28672]
S4 DCMStandaloneSvc1;DCMStandaloneSvc1;"c:\documents and settings\crossmr\desktop\dellcm_cleanup_service\dcmstandalonesvc1.exe" --> c:\documents and settings\crossmr\desktop\dellcm_cleanup_service\DCMStandaloneSvc1.exe [?]
S4 procEntry;procEntry;c:\windows\system32\procreport.exe --> c:\windows\system32\procreport.exe [?]

=============== Created Last 30 ================

2010-03-17 11:14:22 39 ----a-w- c:\windows\system32\CCProxy.ini
2010-03-17 10:57:43 4336 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-17 10:20:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-03-17 10:18:10 0 d-----w- c:\program files\common files\iS3
2010-03-17 10:18:09 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-03-17 10:14:04 51807 ----a-w- c:\documents and settings\crossmr\wuaucldt.exe
2010-03-16 14:27:08 0 d-----w- c:\windows\system32\Log
2010-03-16 13:17:14 0 d-----w- c:\docume~1\crossmr\applic~1\Malwarebytes
2010-03-16 13:17:13 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-03-16 13:17:11 7168 ----a-w- c:\windows\system32\hccoin.dll
2010-03-16 13:17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-16 13:17:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 13:17:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 13:17:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-16 13:17:00 74240 ----a-w- c:\windows\system32\usbui.dll
2010-03-16 13:17:00 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-03-16 13:17:00 143872 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-03-16 13:16:59 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-03-16 13:16:57 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-03-16 13:16:56 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-16 13:16:56 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-03-16 13:16:40 68224 ----a-w- c:\windows\system32\drivers\OLD29.tmp
2010-03-16 13:16:35 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-03-16 13:16:30 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-03-16 12:48:26 0 d-----w- c:\program files\Skydigital Inc
2010-03-16 12:43:47 0 d-----w- c:\documents and settings\crossmr\SKY DIGITAL
2010-03-16 12:43:35 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-03-16 12:43:35 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-03-16 12:43:20 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-03-16 12:43:20 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-03-16 12:43:19 18432 -c--a-w- c:\windows\system32\dllcache\bdaplgin.ax
2010-03-16 12:43:19 18432 ----a-w- c:\windows\system32\BdaPlgIn.ax
2010-03-16 12:43:12 164864 ----a-w- c:\windows\system32\drivers\skyhd6uc.sys
2010-03-16 12:43:11 0 d-----w- c:\program files\SKYDIGITAL
2010-03-16 12:35:20 0 d-----w- c:\program files\SKY DIGITAL
2010-03-16 12:35:20 0 d-----w- c:\program files\common files\SKY DIGITAL
2010-03-10 09:38:50 0 d-----w- c:\docume~1\crossmr\applic~1\2ndrive
2010-03-10 09:37:59 0 d-----w- c:\program files\Nowcom
2010-03-09 11:40:06 509432 ----a-w- c:\windows\RealScan_Launcher.dll
2010-03-09 11:40:02 0 d-----w- C:\CREFREE
2010-03-05 00:11:22 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-21 13:46:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Firefly Studios
2010-02-18 09:43:25 815104 ----a-w- c:\windows\system32\winconf.exe
2010-02-18 09:43:25 73728 ----a-w- c:\windows\system32\aspnet_stat.exe

==================== Find3M ====================

2010-03-12 00:53:48 83288 ----a-w- c:\windows\system32\kdfapi.dll
2010-03-12 00:53:48 59976 ----a-w- c:\windows\system32\Kdfhok.dll
2010-03-12 00:53:48 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2010-03-12 00:53:47 674384 ----a-w- c:\windows\system32\QZKJAAMQ.exe
2010-03-12 00:53:47 61440 ----a-w- c:\windows\system32\proDefense.dll
2010-03-05 10:54:15 38200 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-03-05 10:54:15 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-03-05 10:54:15 126048 ----a-w- c:\windows\system32\kcrtx86.sys
2010-03-05 02:57:00 11377 ----a-w- c:\windows\system32\teexcept.dat
2010-02-23 08:17:28 2801664 ----a-w- c:\windows\system32\clubbox.exe
2010-02-18 05:18:42 648600 ----a-w- c:\windows\system32\HanSetup.exe
2010-02-12 05:27:48 72508 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-01 13:10:52 191008 ----a-w- c:\windows\system32\npkcmsvc.exe
2010-01-29 08:40:58 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-29 08:40:58 964608 ----a-w- c:\windows\system32\mfc70u.dll
2010-01-29 08:40:58 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-29 08:40:58 245408 ----a-w- c:\windows\system32\unicows.dll
2010-01-29 08:40:21 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2010-01-29 08:40:21 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2010-01-29 08:40:21 2187264 ----a-w- c:\windows\system32\mfc71d.dll
2010-01-29 08:40:21 2183168 ----a-w- c:\windows\system32\mfc71ud.dll
2010-01-29 08:38:36 2801756 ----a-w- c:\windows\system32\libmmd.dll
2010-01-27 10:14:50 46640 ----a-w- c:\windows\system32\npPCStatusUninst.exe
2010-01-26 09:19:58 124216 ----a-r- c:\windows\system32\CKAgent.exe
2010-01-21 07:33:42 104400 ----a-w- c:\windows\system32\MAOnFPS_NTSC.dll
2010-01-21 07:33:39 440272 ----a-w- c:\windows\system32\MAOnFPS_NTSV.dll
2010-01-21 03:00:44 30592 ----a-w- c:\windows\system32\drivers\vshook.sys
2010-01-17 23:51:44 644224 ----a-w- c:\windows\system32\NowUpdate.exe
2010-01-12 06:53:55 6324114 ----a-w- c:\windows\system32\2ndrive_setup.exe
2010-01-12 04:22:36 355060 ---h--w- c:\windows\system32\MaPrintInfo.dat
2010-01-07 05:10:30 311296 ----a-w- c:\windows\system32\Bugsctrl.dll
2010-01-07 05:10:30 167936 ----a-w- c:\windows\system32\jukeon_e.exe
2010-01-07 05:10:30 135168 ----a-w- c:\windows\system32\p3aodf1.dll
2010-01-07 05:10:30 135168 ----a-w- c:\windows\system32\Bugsedf1.dll
2009-12-28 06:32:13 78057 ----a-w- c:\windows\system32\nvModes.dat
2009-12-18 10:46:24 210232 ----a-w- c:\windows\system32\npKeyPro.dll
2009-12-18 10:46:20 70968 ----a-w- c:\windows\system32\CKKeyProCert.dll
2009-12-18 10:45:44 394552 ----a-w- c:\windows\system32\XecureCK.dll
2009-12-18 10:45:44 152888 ----a-w- c:\windows\system32\Jrsoftcp.dll
2009-12-18 10:45:42 927032 ----a-w- c:\windows\system32\CKSetup32.exe
2009-12-18 10:45:42 181560 ----a-w- c:\windows\system32\CKApp.dll

============= FINISH: 20:18:20.40 ===============


Malwarebytes' Anti-Malware 1.44
Database version: 3873
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/17/2010 8:28:41 PM
mbam-log-2010-03-17 (20-28-41).txt

Scan type: Quick Scan
Objects scanned: 126296
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\crossmr\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CCProxy.ini (Trojan.CCProxy) -> Quarantined and deleted successfully.

Rkill log
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as crossmr on 7/2010 Wed at 20:35:24.


Processes terminated by Rkill or while it was running:


C:\WINDOWS\system32\nvsvc32.exe
C:\documents and settings\crossmr\wuaucldt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\crossmr\Local Settings\Application Data\ave.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\crossmr\Desktop\rkill.com


Rkill completed on 7/2010 Wed at 20:35:26.

Edited by crossmr, 17 March 2010 - 06:37 AM.


BC AdBot (Login to Remove)

 


#2 crossmr

crossmr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seoul, South Korea
  • Local time:10:22 AM

Posted 17 March 2010 - 07:38 AM

I just noticed that while searching for threads on AVE.exe I ended up posting this in the wrong forum (which is why I couldn't find the attach box) could a mod delete this and I'll re-do it?

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:22 PM

Posted 17 March 2010 - 10:13 PM

Hello crossmr.

I will be helping you to remove this malware infection. Please follow my guidance.
You will want to print out or copy these instructions to Notepad for offline reference!
If you are a casual viewer, do NOT try this on your system!
If you are not crossmr and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 4
Download & SAVE OTL by OldTimer to your desktop from one of the following links:
Link1 or
Link2
  • Please double-click OTL.com to start it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    :files
    C:\Documents and Settings\crossmr\Local Settings\Application Data\ave.exe
    c:\documents and settings\crossmr\wuaucldt.exe
    c:\windows\system32\regedit.exe
    C:\windows\system32\wuaucldt.exe
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "syncman"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Regedit32"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "syncman"=-

    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 5
Disable any script blocker if your antivirus/antimalware has it.

You already have DDS. I'd like for you to generate fresh logs.

Double click dds.scr to run the tool.
DDS will run in a command prompt window and will take 3 to 4 minutes or so.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.
Please include the following logs in your next reply:
OTL MovedFiles log
DDS.txt
Attach.txt

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#4 crossmr

crossmr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seoul, South Korea
  • Local time:10:22 AM

Posted 18 March 2010 - 04:29 AM

Thank you Maurice.
Sorry for the late reply, I'm on the other side of the world, so when I wrote that it was actually late last night for me. After writing that I kept digging around the forums.
I used rkill to kill the process and used MBAM to shred the offending files, then after a couple reboots it didn't seem to be starting anymore. I downloaded and ran super anti-spyware over night and I've just gotten home here now to check it. It found around 14 items which I cleaned, and I've restarted a couple times. It seems to be gone, but is there a scan or something I can run just to make sure?
As I said I ran MBAM alone several times and it couldn't seem to touch it, so I'd like to make sure its actually gone.



#5 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:22 PM

Posted 18 March 2010 - 07:14 AM

Hello,
Yes, run the procedures I outlined. Those and the reports will help to see if there are remainders.
I really suggest you run the procedures above.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#6 crossmr

crossmr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seoul, South Korea
  • Local time:10:22 AM

Posted 18 March 2010 - 07:54 AM

okay I'll post them as soon as I get the results.


#7 crossmr

crossmr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seoul, South Korea
  • Local time:10:22 AM

Posted 18 March 2010 - 07:45 PM

Here are the log files

Logs placed In-line ~ Maurice
OTL MovedFiles log
All processes killed
========== FILES ==========
File\Folder C:\Documents and Settings\crossmr\Local Settings\Application Data\ave.exe not found.
File\Folder c:\documents and settings\crossmr\wuaucldt.exe not found.
File\Folder c:\windows\system32\regedit.exe not found.
File\Folder C:\windows\system32\wuaucldt.exe not found.
C:\RECYCLER\S-1-5-21-515967899-1336601894-839522115-1003 folder moved successfully.
C:\RECYCLER folder moved successfully.
File\Folder D:\recycler not found.
File\Folder e:\recycler not found.
File\Folder f:\recycler not found.
File\Folder g:\recycler not found.
File\Folder h:\recycler not found.
File\Folder :reg not found.
File\Folder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] not found.
File\Folder syncman"= not found.
File\Folder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] not found.
File\Folder Regedit32"= not found.
File\Folder [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] not found.
File\Folder syncman"= not found.
File\Folder :Commands not found.
File\Folder [purity] not found.
File\Folder [emptytemp] not found.
File\Folder [CREATERESTOREPOINT] not found.

OTL by OldTimer - Version 3.1.37.3 log created on 03192010_093954

Files\Folders moved on Reboot...



Registry entries deleted on Reboot...

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by crossmr at 9:41:58.20 on 03/19/2010 Fri
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.2046.1587 [GMT 9:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nowcom\2ndrive\2ndrive.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\conime.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Windows\System32\winconf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\crossmr\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://naver.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ActiveManager Class: {23ea2c70-586a-4fea-acac-4c40ff0af5e1} - c:\windows\downloaded program files\ActiveManager.dll
BHO: GABHO: {2b1072ec-5626-4f7a-9813-d45910b38601} - c:\program files\gameangel\gabho.dll
BHO: DaumLogin Class: {525ad11b-6557-46a5-8327-ecd06f7d20fd} - c:\windows\downloaded program files\DaumLoginHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: õƮ: {91e3920d-8e40-4b44-b312-d0cf20898bef} - c:\program files\gameangel\gabar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [2ndrive] c:\program files\nowcom\2ndrive\2ndrive.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Gabar] "c:\program files\gameangel\gaupdater.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\crossmr\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {FFFF6B5C-2112-4A3F-B1A7-FAA74AD3811E} - {FFFF6B5C-2112-4A3F-B1A7-FAA74AD3811E} - c:\program files\gameangel\gabtn.dll
DPF: {00D84FA2-E075-49BF-AF85-190FBB45DBB3} - hxxp://www.tkonline.co.kr/board/main/RunTkonline.cab
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {0E1C2A82-5135-42E6-8DA1-B82C24669E88} - hxxps://www.realscan.co.kr/data/realscan/RealScan_Launcher.cab
DPF: {15C09C80-BE98-4E30-B8C1-6B8935E32671} - hxxp://download.hts.nefficient.co.kr/hts/yesone/cab/MAOnFPS_NTS.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20091117.cab
DPF: {213B8BD2-9997-48A1-B385-7833F8D34B9D} - hxxp://220.90.139.13/Zaolmap/Download/AYUTIS_Zaolmap2.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://kbdownload.initech.com/kbstarActiveX/6.3.0.2/down/INIS60.cab
DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} - hxxp://download.zfile.co.kr/ZFileWebControl.cab
DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://static.plaync.co.kr/aion_v2/skin/AddOn_090806_v2.cab
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {39BC8B20-FB5A-43E5-9EBC-E637B700859E} - hxxp://sunonline.game.pmang.com/Common/CommonWebStarter.cab
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://download.kbstar.com/security/SCSK/scsk4.cab
DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} - hxxp://dl.bugsm.co.kr/install/BugsInstaller.cab
DPF: {45B6C54E-6486-4A5D-9947-8E279775E53D} - hxxp://www.clubcyon.com/club_test/ksd/WebSyncAX.cab
DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} - hxxp://ionair.sbs.co.kr/onair/IB_OnAir.CAB
DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} - hxxp://image.gmarket.co.kr/tools/tyscan/nps.cab
DPF: {525AD11B-6557-46A5-8327-ECD06F7D20FD} - hxxp://cfile204.uf.daum.net/attach/197F57184B5857416F2148
DPF: {5B9BE0A1-D671-4FB3-8E0B-E0821B65DAB5} - hxxp://www.quakewars.co.kr/file/cab/DragonflyControl.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1.cab
DPF: {5D29B0C9-EA06-4F47-A687-243EB9350272} - hxxp://onaironline.imbc.com/Activex/DANALGameLauncher.cab
DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/js/UniUpdTool/NCLoader.8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246942350203
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://www.taxsave.go.kr/CKKeyPro/CKKeyPro3023_32k.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258436801843
DPF: {77D54273-FD01-4E93-B109-68C1F375A7D4} - hxxp://api.2ndrive.com/update/NdStarter.cab
DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} - hxxp://mgameweb.nefficient.co.kr/mgameweb/download/cab/mgmanagerv1004.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://www.taxsave.go.kr/XecureObject/xw_install.cab
DPF: {81B14C2D-6436-42C6-83EC-F60DEF852AEC} - hxxp://www.gmarket.co.kr/challenge/neo_app/MakeShortCut.cab
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: {889E3D55-7B17-4101-ABA4-3078547B6C4C} - hxxp://hessian.yoitt.com/common/global/YoittSystemInfo.cab
DPF: {893BE5FA-2E09-48C7-801B-25C986A0AC5F} - hxxp://61.97.32.32/filemoa/fmoaload.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} - hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - hxxp://download.signgate.com/download/ews/ewsinstaller.cab
DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} - hxxp://speed.nia.or.kr/login/SysNIAforHuman.cab
DPF: {A1E0ACF5-232E-4E85-9EC4-669809AEB8F8} - hxxp://u8.minisearch.co.kr/Install/cab2/axInstall26.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://kings.nefficient.co.kr/kings/kdfx/kdfx321/kdfense8.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dl.pmang.com/common/neffy/NeffyLauncher_v1006.cab
DPF: {AC18AC7B-D553-4ED2-B9B9-41BB9A1BDDBB} - hxxp://221.157.125.211/MovieRgX.cab
DPF: {AC462D1A-E53E-4973-A30A-AB7E07D3DD2D} - hxxp://gcc.nefficient.co.kr/gcc/EzCertForClient.exe
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/HLauncher.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {BC44D4D0-D94D-4031-A76F-DD9B70078B2B} - hxxp://www.wawadisk.com/mmsv/WawaDiskControl.CAB
DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} - hxxp://www.mgoon.com/launcher.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://cdn.hangame.com/hangame/hansetup/HanSetup1030.cab
DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/login/SpeedTest.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} - hxxp://218.55.98.94/appx/pdpopax.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/nts/npkcx_inca.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60.cab
DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap4Asp_V2_0_0_19.cab
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - hxxp://nprotect.plaync.co.kr/nProtect/netizen2004/ncsoft/npz.cab
DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap_V2_0_0_13.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {E9E5E440-45DE-4D5B-8F8E-54212D160106} - hxxp://afocx.afreeca.com:9091/AFC/OpenTV.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.afreeca.com:8057/AFCStarter.cab - hxxp://live.afreeca.com:8057/AFCStarter.cab
DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} - hxxp://toolbar.imbc.com/toolbar/setup/MBCXeb.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://60.33.230.11/JpegInst.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} - hxxp://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1810/GWall.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/test/NaverAXGuide.cab
TCP: {95081AD2-DB2E-49B5-ADC4-6CB752F72A53} = 8.8.8.8,8.8.4.4
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\crossmr\applic~1\mozilla\firefox\profiles\ob50f35n.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - plugin: c:\documents and settings\all users\application data\nexon\ngm\npNxGame.dll
FF - plugin: c:\documents and settings\crossmr\application data\mozilla\firefox\profiles\ob50f35n.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\crossmr\application data\mozilla\firefox\profiles\ob50f35n.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin_file.dll
FF - plugin: c:\windows\system32\npKeyPro.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-8 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 wcnf;Windows Config;c:\windows\system32\winconf.exe -service --> c:\windows\system32\winconf.exe -service [?]
S0 maysfut;maysfut; [x]
S0 ravxxma;ravxxma; [x]
S3 {A2C6D8E5-00FB-42fd-95D4-11AF68333408};SKYTV HD6 USB Device;c:\windows\system32\drivers\skyhd6uc.sys [2010-3-16 164864]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-1-26 38200]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-1-26 126048]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-24 50704]
S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [2009-8-15 41600]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;c:\windows\system32\npids.sys [2009-8-15 48384]
S3 npkakl;npkakl;c:\windows\system32\npkakl.sys [2009-8-20 29216]
S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\prodefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]
S3 QuickDownload Agent;QuickDownload Agent;c:\program files\quickdownloadservice\qdownagent.exe [2009-8-22 114688]
S3 QuickDownload Service;QuickDownload Service;c:\program files\quickdownloadservice\qdownservice.exe [2009-8-22 102400]
S3 QuickDownload Update;QuickDownload Update;c:\program files\quickdownloadservice\qdownupdate.exe [2009-8-22 94208]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]
S3 SKTBus;SK Telecom USB Composite Device Support;c:\windows\system32\drivers\SKTBus.sys [2009-7-7 31232]
S3 SKTMdm;SK Telecom USB Modem Support;c:\windows\system32\drivers\SKTMdm.sys [2009-7-7 28672]
S3 SKTOBEX;SK Telecom USB OBEX Device Support;c:\windows\system32\drivers\SKTOBEX.sys [2009-7-7 16384]
S3 SKTVsp;SK Telecom USB Virtual Serial Port Driver;c:\windows\system32\drivers\SKTVsp.sys [2009-7-7 28672]
S4 DCMStandaloneSvc1;DCMStandaloneSvc1;"c:\documents and settings\crossmr\desktop\dellcm_cleanup_service\dcmstandalonesvc1.exe" --> c:\documents and settings\crossmr\desktop\dellcm_cleanup_service\DCMStandaloneSvc1.exe [?]
S4 procEntry;procEntry;c:\windows\system32\procreport.exe --> c:\windows\system32\procreport.exe [?]

=============== Created Last 30 ================

2010-03-19 00:39:54 0 d-----w- C:\_OTL
2010-03-18 09:36:43 4326 --sha-w- C:\system.ini
2010-03-18 09:26:26 0 d-----w- c:\program files\Mini Search
2010-03-18 02:42:47 90112 ----a-w- c:\windows\system32\lfjbg13n.dll
2010-03-18 02:42:47 73728 ----a-w- c:\windows\system32\lffax13n.dll
2010-03-18 02:42:47 453120 ----a-w- c:\windows\system32\ltkrn13n.dll
2010-03-18 02:42:47 445440 ----a-w- c:\windows\system32\ltimg13n.dll
2010-03-18 02:42:47 388608 ----a-w- c:\windows\system32\lfcmp13n.dll
2010-03-18 02:42:47 265216 ----a-w- c:\windows\system32\ltdis13n.dll
2010-03-18 02:42:47 246272 ----a-w- c:\windows\system32\lfj2k13n.dll
2010-03-18 02:42:47 206848 ----a-w- c:\windows\system32\ltefx13n.dll
2010-03-18 02:42:47 189976 ----a-w- c:\windows\system32\mfimgvwr.ocx
2010-03-18 02:42:47 1693696 ----a-w- c:\windows\system32\ltclr13n.dll
2010-03-18 02:42:47 154112 ----a-w- c:\windows\system32\ltfil13n.dll
2010-03-18 02:42:47 142848 ----a-w- c:\windows\system32\lftif13n.dll
2010-03-18 02:42:30 0 d-----w- c:\program files\MFInstall
2010-03-17 12:42:18 39 ----a-w- c:\windows\system32\CCProxy.ini
2010-03-17 12:20:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-17 12:20:38 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-17 12:20:38 0 d-----w- c:\docume~1\crossmr\applic~1\SUPERAntiSpyware.com
2010-03-17 10:57:43 4336 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-17 10:20:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-03-17 10:18:10 0 d-----w- c:\program files\common files\iS3
2010-03-17 10:18:09 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-03-16 14:27:08 0 d-----w- c:\windows\system32\Log
2010-03-16 13:17:14 0 d-----w- c:\docume~1\crossmr\applic~1\Malwarebytes
2010-03-16 13:17:13 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-03-16 13:17:11 7168 ----a-w- c:\windows\system32\hccoin.dll
2010-03-16 13:17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-16 13:17:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 13:17:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 13:17:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-16 13:17:00 74240 ----a-w- c:\windows\system32\usbui.dll
2010-03-16 13:17:00 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-03-16 13:17:00 143872 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-03-16 13:16:59 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-03-16 13:16:57 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-03-16 13:16:56 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-16 13:16:56 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-03-16 13:16:35 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-03-16 13:16:30 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-03-16 12:48:26 0 d-----w- c:\program files\Skydigital Inc
2010-03-16 12:43:47 0 d-----w- c:\documents and settings\crossmr\SKY DIGITAL
2010-03-16 12:43:35 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-03-16 12:43:35 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-03-16 12:43:20 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-03-16 12:43:20 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-03-16 12:43:19 18432 -c--a-w- c:\windows\system32\dllcache\bdaplgin.ax
2010-03-16 12:43:19 18432 ----a-w- c:\windows\system32\BdaPlgIn.ax
2010-03-16 12:43:12 164864 ----a-w- c:\windows\system32\drivers\skyhd6uc.sys
2010-03-16 12:43:11 0 d-----w- c:\program files\SKYDIGITAL
2010-03-16 12:35:20 0 d-----w- c:\program files\SKY DIGITAL
2010-03-16 12:35:20 0 d-----w- c:\program files\common files\SKY DIGITAL
2010-03-10 09:38:50 0 d-----w- c:\docume~1\crossmr\applic~1\2ndrive
2010-03-10 09:37:59 0 d-----w- c:\program files\Nowcom
2010-03-09 11:40:06 509432 ----a-w- c:\windows\RealScan_Launcher.dll
2010-03-09 11:40:02 0 d-----w- C:\CREFREE
2010-03-05 00:11:22 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-21 13:46:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Firefly Studios
2010-02-18 09:43:25 815104 ----a-w- c:\windows\system32\winconf.exe
2010-02-18 09:43:25 73728 ----a-w- c:\windows\system32\aspnet_stat.exe

==================== Find3M ====================

2010-03-12 00:53:48 83288 ----a-w- c:\windows\system32\kdfapi.dll
2010-03-12 00:53:48 59976 ----a-w- c:\windows\system32\Kdfhok.dll
2010-03-12 00:53:48 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2010-03-12 00:53:47 674384 ----a-w- c:\windows\system32\QZKJAAMQ.exe
2010-03-12 00:53:47 61440 ----a-w- c:\windows\system32\proDefense.dll
2010-03-05 10:54:15 38200 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-03-05 10:54:15 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-03-05 10:54:15 126048 ----a-w- c:\windows\system32\kcrtx86.sys
2010-03-05 02:57:00 11377 ----a-w- c:\windows\system32\teexcept.dat
2010-02-23 08:17:28 2801664 ----a-w- c:\windows\system32\clubbox.exe
2010-02-18 05:18:42 648600 ----a-w- c:\windows\system32\HanSetup.exe
2010-02-12 05:27:48 72508 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-01 13:10:52 191008 ----a-w- c:\windows\system32\npkcmsvc.exe
2010-01-29 08:40:58 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-29 08:40:58 964608 ----a-w- c:\windows\system32\mfc70u.dll
2010-01-29 08:40:58 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-29 08:40:58 245408 ----a-w- c:\windows\system32\unicows.dll
2010-01-29 08:40:21 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2010-01-29 08:40:21 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2010-01-29 08:40:21 2187264 ----a-w- c:\windows\system32\mfc71d.dll
2010-01-29 08:40:21 2183168 ----a-w- c:\windows\system32\mfc71ud.dll
2010-01-29 08:38:36 2801756 ----a-w- c:\windows\system32\libmmd.dll
2010-01-27 10:14:50 46640 ----a-w- c:\windows\system32\npPCStatusUninst.exe
2010-01-26 09:19:58 124216 ----a-r- c:\windows\system32\CKAgent.exe
2010-01-21 07:33:42 104400 ----a-w- c:\windows\system32\MAOnFPS_NTSC.dll
2010-01-21 07:33:39 440272 ----a-w- c:\windows\system32\MAOnFPS_NTSV.dll
2010-01-21 03:00:44 30592 ----a-w- c:\windows\system32\drivers\vshook.sys
2010-01-17 23:51:44 644224 ----a-w- c:\windows\system32\NowUpdate.exe
2010-01-12 06:53:55 6324114 ----a-w- c:\windows\system32\2ndrive_setup.exe
2010-01-12 04:22:36 355060 ---h--w- c:\windows\system32\MaPrintInfo.dat
2010-01-07 05:10:30 311296 ----a-w- c:\windows\system32\Bugsctrl.dll
2010-01-07 05:10:30 167936 ----a-w- c:\windows\system32\jukeon_e.exe
2010-01-07 05:10:30 135168 ----a-w- c:\windows\system32\p3aodf1.dll
2010-01-07 05:10:30 135168 ----a-w- c:\windows\system32\Bugsedf1.dll
2009-12-28 06:32:13 78057 ----a-w- c:\windows\system32\nvModes.dat

============= FINISH: 9:42:30.43 ===============

ATTACH.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2009 10:42:05 AM
System Uptime: 3/19/2010 9:40:37 AM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel Core2 CPU T7200 @ 2.00GHz | Microprocessor | 997/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 37.351 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROM_NEC_DVD+-RW_ND-6650A___________________102C____\5&D3986E7&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: _NEC DVD+-RW ND-6650A
PNP Device ID: IDE\CDROM_NEC_DVD+-RW_ND-6650A___________________102C____\5&D3986E7&0&0.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_NF4132U&PROD_EYH805C&REV_1.0\5&36E5972&0&000
Manufacturer: (Standard CD-ROM drives)
Name: NF4132U EYH805C SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_NF4132U&PROD_EYH805C&REV_1.0\5&36E5972&0&000
Service: cdrom

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Serial
Device ID: ROOT\LEGACY_SERIAL\0000
Manufacturer:
Name: Serial
PNP Device ID: ROOT\LEGACY_SERIAL\0000
Service: Serial

==== System Restore Points ===================

RP214: 12/19/2009 11:11:16 AM - System Checkpoint
RP215: 12/20/2009 1:41:13 PM - System Checkpoint
RP216: 12/21/2009 4:30:47 PM - System Checkpoint
RP217: 12/22/2009 5:03:25 PM - System Checkpoint
RP218: 12/23/2009 5:16:55 PM - System Checkpoint
RP219: 12/24/2009 6:15:09 PM - System Checkpoint
RP220: 12/25/2009 12:10:56 PM - AION
RP221: 12/26/2009 12:12:08 PM - System Checkpoint
RP222: 12/26/2009 1:00:21 PM - Installed DirectX
RP223: 12/26/2009 1:04:02 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP224: 12/26/2009 1:04:17 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP225: 12/27/2009 10:03:49 AM - Unsigned driver install
RP226: 12/27/2009 10:08:17 AM - Unsigned driver install
RP227: 12/28/2009 11:26:29 PM - System Checkpoint
RP228: 12/29/2009 10:59:50 AM - Installed Bonjour
RP229: 12/30/2009 11:34:21 AM - System Checkpoint
RP230: 12/31/2009 12:09:29 PM - System Checkpoint
RP231: 1/1/2010 9:57:00 PM - System Checkpoint
RP232: 1/2/2010 11:27:21 PM - System Checkpoint
RP233: 1/4/2010 2:03:22 AM - System Checkpoint
RP234: 1/4/2010 9:55:40 PM - Installed Chessmaster Grandmaster Edition
RP235: 1/5/2010 10:51:13 PM - System Checkpoint
RP236: 1/6/2010 10:58:25 PM - System Checkpoint
RP237: 1/7/2010 11:49:51 PM - System Checkpoint
RP238: 1/9/2010 12:07:50 AM - System Checkpoint
RP239: 1/10/2010 12:48:31 AM - System Checkpoint
RP240: 1/11/2010 2:24:22 AM - System Checkpoint
RP241: 1/12/2010 2:48:31 AM - System Checkpoint
RP242: 1/13/2010 2:48:45 AM - System Checkpoint
RP243: 1/14/2010 3:48:45 AM - System Checkpoint
RP244: 1/15/2010 4:48:47 AM - System Checkpoint
RP245: 1/15/2010 1:15:33 PM - Configured Chessmaster Grandmaster Edition
RP246: 1/15/2010 5:05:33 PM - Installed DirectX
RP247: 1/16/2010 5:48:46 PM - System Checkpoint
RP248: 1/17/2010 6:24:04 PM - System Checkpoint
RP249: 1/18/2010 6:39:09 PM - System Checkpoint
RP250: 1/19/2010 7:21:02 PM - System Checkpoint
RP251: 1/20/2010 8:11:53 PM - System Checkpoint
RP252: 1/21/2010 8:17:57 PM - System Checkpoint
RP253: 1/22/2010 5:11:40 PM - Removed ToolSuite
RP254: 1/22/2010 5:13:08 PM - Installed ToolSuite
RP255: 1/22/2010 5:30:52 PM - Removed ToolSuite
RP256: 1/22/2010 5:33:40 PM - Installed ToolSuite
RP257: 1/23/2010 7:49:21 PM - System Checkpoint
RP258: 1/24/2010 8:11:53 PM - System Checkpoint
RP259: 1/25/2010 9:13:08 PM - System Checkpoint
RP260: 1/26/2010 11:33:01 PM - System Checkpoint
RP261: 1/28/2010 12:34:14 AM - System Checkpoint
RP262: 1/28/2010 5:38:40 PM - Unsigned driver install
RP263: 1/28/2010 5:42:18 PM - Unsigned driver install
RP264: 1/29/2010 2:13:41 PM - Printer Driver Universal Document Converter Installed
RP265: 1/29/2010 2:13:53 PM - Printer Driver Universal Document Converter Installed
RP266: 1/30/2010 3:20:07 PM - System Checkpoint
RP267: 1/31/2010 12:45:23 PM - Installed DirectX
RP268: 1/31/2010 1:51:25 PM - Installed DirectX
RP269: 2/1/2010 3:21:35 PM - System Checkpoint
RP270: 2/2/2010 5:28:39 PM - Installed DirectX
RP271: 2/3/2010 6:27:25 PM - System Checkpoint
RP272: 2/4/2010 7:38:53 PM - System Checkpoint
RP273: 2/5/2010 8:23:49 PM - System Checkpoint
RP274: 2/6/2010 9:23:37 PM - System Checkpoint
RP275: 2/7/2010 10:12:26 PM - System Checkpoint
RP276: 2/9/2010 3:41:24 AM - System Checkpoint
RP277: 2/10/2010 4:23:57 AM - System Checkpoint
RP278: 2/11/2010 5:24:06 AM - System Checkpoint
RP279: 2/12/2010 6:23:56 AM - System Checkpoint
RP280: 2/13/2010 7:23:56 AM - System Checkpoint
RP281: 2/14/2010 8:23:58 AM - System Checkpoint
RP282: 2/15/2010 9:23:58 AM - System Checkpoint
RP283: 2/16/2010 11:03:06 AM - System Checkpoint
RP284: 2/17/2010 2:24:57 PM - System Checkpoint
RP285: 2/18/2010 2:32:23 PM - System Checkpoint
RP286: 2/19/2010 6:51:43 PM - System Checkpoint
RP287: 2/20/2010 7:33:54 PM - System Checkpoint
RP288: 2/22/2010 2:22:02 AM - System Checkpoint
RP289: 2/23/2010 2:34:35 AM - System Checkpoint
RP290: 2/24/2010 3:34:04 AM - System Checkpoint
RP291: 2/25/2010 3:34:09 AM - System Checkpoint
RP292: 2/25/2010 9:54:03 AM - Installed Windows Media Player Firefox Plugin
RP293: 2/26/2010 10:57:43 AM - System Checkpoint
RP294: 2/27/2010 12:34:16 PM - System Checkpoint
RP295: 2/28/2010 3:07:53 PM - System Checkpoint
RP296: 3/1/2010 3:49:28 PM - System Checkpoint
RP297: 3/2/2010 7:34:14 PM - System Checkpoint
RP298: 3/3/2010 8:18:25 PM - System Checkpoint
RP299: 3/5/2010 1:35:18 AM - System Checkpoint
RP300: 3/6/2010 2:18:26 AM - System Checkpoint
RP301: 3/7/2010 2:22:52 AM - System Checkpoint
RP302: 3/8/2010 3:18:37 AM - System Checkpoint
RP303: 3/8/2010 5:18:06 PM - Software Distribution Service 3.0
RP304: 3/9/2010 6:32:20 PM - System Checkpoint
RP305: 3/10/2010 10:46:34 PM - System Checkpoint
RP306: 3/11/2010 10:57:12 PM - System Checkpoint
RP307: 3/13/2010 2:53:01 AM - System Checkpoint
RP308: 3/14/2010 3:09:51 AM - System Checkpoint
RP309: 3/15/2010 3:10:05 AM - System Checkpoint
RP310: 3/16/2010 3:53:06 AM - System Checkpoint
RP311: 3/16/2010 9:34:03 PM - Installed SKYTV HD6 USB Driver Installer
RP312: 3/16/2010 9:34:42 PM - Configured SKYTV HD6 USB Driver Installer
RP313: 3/16/2010 9:35:20 PM - Installed SKYTV HD6 USB
RP314: 3/16/2010 9:40:45 PM - Configured SKYTV HD6 USB Driver Installer
RP315: 3/16/2010 9:41:21 PM - Installed SKYTV HD6 USB Driver Installer
RP316: 3/16/2010 9:41:58 PM - Configured SKYTV HD6 USB Driver Installer
RP317: 3/16/2010 9:43:40 PM - Installed SKYTV HD6 USB Driver Installer
RP318: 3/16/2010 9:48:25 PM - Installed SKY TP Converter
RP319: 3/16/2010 9:50:19 PM - Installed SKY AVI Converter
RP320: 3/17/2010 7:17:57 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP321: 3/17/2010 8:07:22 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP322: 3/17/2010 9:20:36 PM - Installed SUPERAntiSpyware Free Edition
RP323: 3/19/2010 12:13:43 AM - System Checkpoint

==== Installed Programs ======================

??? ?? ????
??? ActiveX ???
2007 Microsoft Office Suite Service Pack 1 (SP1)
2ndrive (remove only)
32 Bit HP CIO Components Installer
A.V.A
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Lightroom 2.4
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advanced SystemCare 3
afreeca player
Anno 1404
Anno 1404 Bonus
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artist Colony 1.00
AviSynth 2.5
Bonjour
Broadcom Gigabit Integrated Controller
BufferChm
Byki
Byki Deluxe
CivCity: Rome
ClientKeeper KeyPro with E2E for 32bit
Conexant HDA D110 MDC V.92 Modem
ConvertXtoDVD 3.0.0.13
Copy
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
Download Manager 2.3.9
Drakensang
EA Download Manager
eMule Plus 1.2e
eMusic Download Manager 4.1.2
ERUNT 1.1j
Escape From Paradise City 1.0.0
eSupportQFolder
F4200
F4200_Help
ffdshow [rev 3097] [2009-10-08]
FileMoa Engine
Fraps (remove only)
Gameangel α׷
GPBaseService
Haansoft Hangul 2007
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Solution Center 10.0
HPProductAssistant
ImgBurn
INISafeWeb 6.0
iTunes
Japanese Fonts Support For Adobe Reader 9
Jasc Paint Shop Pro 9
Java 6 Update 15
K-Defense8 Control - Ű
K-Lite Codec Pack 4.9.5 (Full)
Korean Fonts Support For Adobe Reader 9
LG USB Modem driver
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft MechCommander 2
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
mIWA
mLogView
mMHouse
Mobile Sync II
Mozilla Firefox (3.6)
Mozilla Thunderbird (2.0.0.23)
mPfMgr
mPfWiz
mProSafe
mSSO
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
mWlsSafe
mWMI
mXML
mZConfig
Neffy 1,2,1,13
NewsLeecher v3.9 Final
npPCStatus
nProtect KeyCrypt
nProtect Netizen(remove only)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Otto
OZ776 SCR CardBus V1.1.3.6
Peggle Deluxe
Photomatix Pro version 3.2
PlayNCLauncher
PunkBuster Services
QuickDownloadService
QuickSet
QuickTime
Railroad Tycoon 3
RealScan
Rosetta Stone Version 3
Samsung Anycall HSP Plus Driver
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
SigmaTel Audio
SignGATE EWS v3.1
SK Telecom USB ̹ α׷
SKY AVI Converter
SKY TP Converter
Skype 4.1
SKYTV HD6 USB
SKYTV HD6 USB Driver Installer
SoftCamp Secure KeyStroke 4.0
SolutionCenter
Sonic Encoders
Stanza
Status
Steam
SubSync
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Team Fortress 2
The KMPlayer (remove only)
TightVNC 1.3.10
Toolbox
ToolSuite
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB951978)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Videora iPod touch Converter 4.08
Virtual City
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 9.0 ATL (x86) WinSXS MSM
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 MFC (x86) WinSXS MSM
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
WebFldrs XP
WebReg
Winamp
WinDjView 1.0.3
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPcap 4.1 beta5
WinRAR archiver
Wireshark 1.2.0
XecureWeb Control
Xfire (remove only)
Xilisoft Video Converter Ultimate
XML Paper Specification Shared Components Pack 1.0
XTreme-G 190.62m XP 32bit
Torrent
ûȸ

ڮ PROSet/ Ʈ
ڹοG4C ο߱α׷ 3.0
Ʈ
Ŭڽ ۰

==== Event Viewer Messages From Past Week ========

3/19/2010 9:35:19 AM, error: Service Control Manager [7034] - The Windows Config service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:19 AM, error: Service Control Manager [7034] - The npkcmsvc service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:19 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:19 AM, error: Service Control Manager [7034] - The Intel PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:19 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:18 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/19/2010 9:35:17 AM, error: Service Control Manager [7034] - The Intel PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:17 AM, error: Service Control Manager [7034] - The Intel PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:17 AM, error: Service Control Manager [7034] - The Intel PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
3/17/2010 8:35:25 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/17/2010 7:53:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file cdrom.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
3/17/2010 6:51:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/17/2010 6:47:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm
3/17/2010 6:46:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/17/2010 6:11:31 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
3/16/2010 11:27:01 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/16/2010 10:21:19 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/16/2010 10:19:58 PM, error: Service Control Manager [7000] - The DCMStandaloneSvc1 service failed to start due to the following error: The system cannot find the path specified.
3/16/2010 10:16:41 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file pci.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
3/15/2010 11:51:25 AM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.

==== End Of File ===========================

Edited by Maurice Naggar, 18 March 2010 - 09:42 PM.


#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:22 PM

Posted 18 March 2010 - 09:49 PM

Please do NOT use the attach feature when posting logs. Open NOTEPAD to open a log, then do a Select ALL [ CTRL+A ] then a Copy all [ CTRL+C ] and then in the body of forum reply box, do a Paste.

Looks better. We need to follow-up with some added tools.
Next steps
Place your USB flash drives in-place so that some of these programs will be able to find them.

I'm going to have you get and run two utilities.
The first stops automatic use of the AutoRun feature of XP. The second will write to any connected devices a Read-only, System protected Autorun.inf file on all of your hard drives, and all connected removable storage devices.

Download and Install Microsoft's TweakUI:
http://www.microsoft.com/windowsxp/downloa...ppowertoys.mspx
Obtain and install TweakUI (part of the PowerToys for Windows XP package), and then start TweakUI.
Expand the My Computer branch, then the AutoPlay branch, and then select Drives.
Turn off the checkbox next to every drive letter to disable AutoPlay -- except your CD/DVD drive letters.

Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
http://download.bleepingcomputer.com/sUBs/...Disinfector.exe
There is no GUI interface or log file produced.

Step 2
Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable". (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Restart back into Normal Windows mode.
Step 3
Download and Save, then RUN the Microsoft Windows Malicious Software Removal Tool from the Microsoft Download Center
http://www.microsoft.com/downloads/details...;displaylang=en


Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Reply with copy of the DrWeb Cure-It log

Edited by Maurice Naggar, 18 March 2010 - 09:54 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 crossmr

crossmr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seoul, South Korea
  • Local time:10:22 AM

Posted 18 March 2010 - 10:29 PM

Before we continue, can you tell my why my DVD drive has disappeared? Since performing the steps in your first post, my DVD drive is no longer present and in the device manager it has a yellow exclamation point and says:
Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)

[edit]
Fixed it. I had to uninstall them and then scan for changes.

[edit2]
and if you're wondering about the garbage characters that are showing up on the installed list, those are Korean apps. Windows doesn't always show their names properly.

Edited by crossmr, 18 March 2010 - 10:38 PM.


#10 crossmr

crossmr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seoul, South Korea
  • Local time:10:22 AM

Posted 18 March 2010 - 11:30 PM

We may have to talk about our definitions of short. I'm 30 minutes and 20% into this "express scan". At this rate it's going to be about 2 more hours. The system32 scan us excrutiatingly slow taking around 10 seconds per file or more.

#11 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:22 PM

Posted 19 March 2010 - 07:05 PM

I would expect that the DrWeb scan would have finished by now.

Good going on the CD/DVD fix. To no surprise, your last log had shown that as
QUOTE
==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROM_NEC_DVD+-RW_ND-6650A___________________102C____\5&D3986E7&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: _NEC DVD+-RW ND-6650A
PNP Device ID: IDE\CDROM_NEC_DVD+-RW_ND-6650A___________________102C____\5&D3986E7&0&0.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_NF4132U&PROD_EYH805C&REV_1.0\5&36E5972&0&000
Manufacturer: (Standard CD-ROM drives)
Name: NF4132U EYH805C SCSI CdRom Device

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#12 crossmr

crossmr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seoul, South Korea
  • Local time:10:22 AM

Posted 20 March 2010 - 02:29 AM

QUOTE(Maurice Naggar @ Mar 20 2010, 09:05 AM) View Post
I would expect that the DrWeb scan would have finished by now.

Good going on the CD/DVD fix. To no surprise, your last log had shown that as
QUOTE
==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROM_NEC_DVD+-RW_ND-6650A___________________102C____\5&D3986E7&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: _NEC DVD+-RW ND-6650A
PNP Device ID: IDE\CDROM_NEC_DVD+-RW_ND-6650A___________________102C____\5&D3986E7&0&0.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_NF4132U&PROD_EYH805C&REV_1.0\5&36E5972&0&000
Manufacturer: (Standard CD-ROM drives)
Name: NF4132U EYH805C SCSI CdRom Device


I didn't disable them. Did ave.exe disable them or one of the first procedures do that? I wasn't able to complete it yesterday. I had stuff to do and didn't have 2.5 hours to wait for the scan (I came down with a brutal flu last night and forgot to turn it on before crashing). It did turn up one trojan before I canceled it though (winconf.exe). I cleaned that up. It'll be the end of the day here soon and I'll run it over night. I tried also running it while windows was in regular mode, but it also was quite slow in the system32 area and looked like it was going to take 2.5 hours again.
Is that really what you think is short or is it taking abnormally long on my system for some reason?
Should it really be taking 10 seconds to scan each and every driver file?
I did the other steps though (tweakui, flashdrive disinfector, and I've got the malicious software removal tool ready, but I just did a windows update, so I think it was run as part of that anyway)
I installed microsoft security essentials, though interestingly enough it didn't detect winconf.exe as a trojan even when I scanned it directly. I still used MABM to delete it.

For some reason I didn't get any notification of your reply to this thread.

Edited by crossmr, 20 March 2010 - 02:29 AM.


#13 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:22 PM

Posted 20 March 2010 - 09:14 AM

I can't tell you what had disabled the CD/DVD drives.
but, there is this note from 1 of your logs
QUOTE
3/17/2010 7:53:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file cdrom.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.


As to DrWeb Cure-It scan, if you have not started it, let's not run it anymore.
The time it takes to run depends on the number of files your system has, and to some extent your system hardware.
IF on the other hand, you have started it and it is in progress, then let it finish - however long it takes.

As a sidenote, switching antivirus apps in the middle of a malware case is not recommended. Did you fully un-install your old antivirus program?

When you get over the flu and are in better shape, let's have you get some fresh reports.
You have MBAM and the DDS tool already.

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Next, do a new run of DDS
Reply with copy of the new MBAM log
and DDS logs

Do not use the attach feature. Copy & Paste the contents of reports inside body of text-reply-box.

Be sure you are subscribed to replies to this thread.
Click the Options drop down at the top right of the thread forum-window.
Select Track this topic. and select Immediate notification option.

Edited by Maurice Naggar, 20 March 2010 - 09:16 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#14 crossmr

crossmr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seoul, South Korea
  • Local time:10:22 AM

Posted 20 March 2010 - 08:08 PM

While doing the scan with MBAM, MSE popped up a warning about a dll. that had Fakerean in it.
it was cleaned successfully.
I am subscribed to updates for the thread, got the note for this one, just for some reason I didn't get one for the one before. Looks to be clean excet for a few leftover registry entries.

DDS (Ver_10-03-17.01) - NTFSx86
Run by crossmr at 10:05:59.31 on 03/21/2010 Sun
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.2046.1458 [GMT 9:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\crossmr\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://naver.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ActiveManager Class: {23ea2c70-586a-4fea-acac-4c40ff0af5e1} - c:\windows\downloaded program files\ActiveManager.dll
BHO: DaumLogin Class: {525ad11b-6557-46a5-8327-ecd06f7d20fd} - c:\windows\downloaded program files\DaumLoginHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {91E3920D-8E40-4B44-B312-D0CF20898BEF} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\crossmr\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\skytvh~2.lnk - c:\program files\sky digital\skytv hd6 usb\SkyRemocon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\skytvh~1.lnk - c:\program files\sky digital\skytv hd6 usb\Reservation.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {00D84FA2-E075-49BF-AF85-190FBB45DBB3} - hxxp://www.tkonline.co.kr/board/main/RunTkonline.cab
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {0E1C2A82-5135-42E6-8DA1-B82C24669E88} - hxxps://www.realscan.co.kr/data/realscan/RealScan_Launcher.cab
DPF: {15C09C80-BE98-4E30-B8C1-6B8935E32671} - hxxp://download.hts.nefficient.co.kr/hts/yesone/cab/MAOnFPS_NTS.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20091117.cab
DPF: {213B8BD2-9997-48A1-B385-7833F8D34B9D} - hxxp://220.90.139.13/Zaolmap/Download/AYUTIS_Zaolmap2.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://kbdownload.initech.com/kbstarActiveX/6.3.0.2/down/INIS60.cab
DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} - hxxp://download.zfile.co.kr/ZFileWebControl.cab
DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://static.plaync.co.kr/aion_v2/skin/AddOn_090806_v2.cab
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {39BC8B20-FB5A-43E5-9EBC-E637B700859E} - hxxp://sunonline.game.pmang.com/Common/CommonWebStarter.cab
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://download.kbstar.com/security/SCSK/scsk4.cab
DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} - hxxp://dl.bugsm.co.kr/install/BugsInstaller.cab
DPF: {45B6C54E-6486-4A5D-9947-8E279775E53D} - hxxp://www.clubcyon.com/club_test/ksd/WebSyncAX.cab
DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} - hxxp://ionair.sbs.co.kr/onair/IB_OnAir.CAB
DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} - hxxp://image.gmarket.co.kr/tools/tyscan/nps.cab
DPF: {525AD11B-6557-46A5-8327-ECD06F7D20FD} - hxxp://cfile204.uf.daum.net/attach/197F57184B5857416F2148
DPF: {5B9BE0A1-D671-4FB3-8E0B-E0821B65DAB5} - hxxp://www.quakewars.co.kr/file/cab/DragonflyControl.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1.cab
DPF: {5D29B0C9-EA06-4F47-A687-243EB9350272} - hxxp://onaironline.imbc.com/Activex/DANALGameLauncher.cab
DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/js/UniUpdTool/NCLoader.8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268962216578
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://www.taxsave.go.kr/CKKeyPro/CKKeyPro3023_32k.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258436801843
DPF: {77D54273-FD01-4E93-B109-68C1F375A7D4} - hxxp://api.2ndrive.com/update/NdStarter.cab
DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} - hxxp://mgameweb.nefficient.co.kr/mgameweb/download/cab/mgmanagerv1004.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://www.taxsave.go.kr/XecureObject/xw_install.cab
DPF: {81B14C2D-6436-42C6-83EC-F60DEF852AEC} - hxxp://www.gmarket.co.kr/challenge/neo_app/MakeShortCut.cab
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: {889E3D55-7B17-4101-ABA4-3078547B6C4C} - hxxp://hessian.yoitt.com/common/global/YoittSystemInfo.cab
DPF: {893BE5FA-2E09-48C7-801B-25C986A0AC5F} - hxxp://61.97.32.32/filemoa/fmoaload.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} - hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - hxxp://download.signgate.com/download/ews/ewsinstaller.cab
DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} - hxxp://speed.nia.or.kr/login/SysNIAforHuman.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://kings.nefficient.co.kr/kings/kdfx/kdfx321/kdfense8.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dl.pmang.com/common/neffy/NeffyLauncher_v1006.cab
DPF: {AC18AC7B-D553-4ED2-B9B9-41BB9A1BDDBB} - hxxp://221.157.125.211/MovieRgX.cab
DPF: {AC462D1A-E53E-4973-A30A-AB7E07D3DD2D} - hxxp://gcc.nefficient.co.kr/gcc/EzCertForClient.exe
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/HLauncher.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {BC44D4D0-D94D-4031-A76F-DD9B70078B2B} - hxxp://www.wawadisk.com/mmsv/WawaDiskControl.CAB
DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} - hxxp://www.mgoon.com/launcher.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://cdn.hangame.com/hangame/hansetup/HanSetup1030.cab
DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/login/SpeedTest.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} - hxxp://218.55.98.94/appx/pdpopax.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/nts/npkcx_inca.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60.cab
DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap4Asp_V2_0_0_19.cab
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - hxxp://nprotect.plaync.co.kr/nProtect/netizen2004/ncsoft/npz.cab
DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap_V2_0_0_13.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {E9E5E440-45DE-4D5B-8F8E-54212D160106} - hxxp://afocx.afreeca.com:9091/AFC/OpenTV.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.afreeca.com:8057/AFCStarter.cab - hxxp://live.afreeca.com:8057/AFCStarter.cab
DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} - hxxp://toolbar.imbc.com/toolbar/setup/MBCXeb.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://60.33.230.11/JpegInst.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} - hxxp://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1810/GWall.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/test/NaverAXGuide.cab
TCP: {95081AD2-DB2E-49B5-ADC4-6CB752F72A53} = 8.8.8.8,8.8.4.4
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\crossmr\applic~1\mozilla\firefox\profiles\ob50f35n.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - plugin: c:\documents and settings\all users\application data\nexon\ngm\npNxGame.dll
FF - plugin: c:\documents and settings\crossmr\application data\mozilla\firefox\profiles\ob50f35n.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\crossmr\application data\mozilla\firefox\profiles\ob50f35n.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin_file.dll
FF - plugin: c:\windows\system32\npKeyPro.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-8 64160]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
S0 maysfut;maysfut; [x]
S0 ravxxma;ravxxma; [x]
S3 {A2C6D8E5-00FB-42fd-95D4-11AF68333408};SKYTV HD6 USB Device;c:\windows\system32\drivers\skyhd6uc.sys [2010-3-19 156160]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-1-26 38200]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-1-26 126048]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-24 50704]
S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [2009-8-15 41600]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;c:\windows\system32\npids.sys [2009-8-15 48384]
S3 npkakl;npkakl;c:\windows\system32\npkakl.sys [2009-8-20 29216]
S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\prodefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]
S3 QuickDownload Agent;QuickDownload Agent;c:\program files\quickdownloadservice\qdownagent.exe [2009-8-22 114688]
S3 QuickDownload Service;QuickDownload Service;c:\program files\quickdownloadservice\qdownservice.exe [2009-8-22 102400]
S3 QuickDownload Update;QuickDownload Update;c:\program files\quickdownloadservice\qdownupdate.exe [2009-8-22 94208]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]
S3 SKTBus;SK Telecom USB Composite Device Support;c:\windows\system32\drivers\SKTBus.sys [2009-7-7 31232]
S3 SKTMdm;SK Telecom USB Modem Support;c:\windows\system32\drivers\SKTMdm.sys [2009-7-7 28672]
S3 SKTOBEX;SK Telecom USB OBEX Device Support;c:\windows\system32\drivers\SKTOBEX.sys [2009-7-7 16384]
S3 SKTVsp;SK Telecom USB Virtual Serial Port Driver;c:\windows\system32\drivers\SKTVsp.sys [2009-7-7 28672]
S4 DCMStandaloneSvc1;DCMStandaloneSvc1;"c:\documents and settings\crossmr\desktop\dellcm_cleanup_service\dcmstandalonesvc1.exe" --> c:\documents and settings\crossmr\desktop\dellcm_cleanup_service\DCMStandaloneSvc1.exe [?]
S4 procEntry;procEntry;c:\windows\system32\procreport.exe --> c:\windows\system32\procreport.exe [?]
S4 wcnf;Windows Config;c:\windows\system32\winconf.exe -service --> c:\windows\system32\winconf.exe -service [?]

=============== Created Last 30 ================

2010-03-19 06:16:33 156160 ----a-w- c:\windows\system32\drivers\skyhd6uc.sys
2010-03-19 04:43:56 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-19 04:38:57 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-03-19 04:38:56 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-19 04:38:42 0 d-----w- c:\program files\Microsoft Security Essentials
2010-03-19 03:58:42 0 d-----w- c:\documents and settings\crossmr\DoctorWeb
2010-03-19 03:36:10 0 d-sha-r- C:\autorun.inf
2010-03-19 03:30:49 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-19 03:30:49 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-19 03:21:34 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-03-19 03:21:34 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-03-19 01:54:51 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-19 01:49:14 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-19 00:39:54 0 d-----w- C:\_OTL
2010-03-18 02:42:47 90112 ----a-w- c:\windows\system32\lfjbg13n.dll
2010-03-18 02:42:47 73728 ----a-w- c:\windows\system32\lffax13n.dll
2010-03-18 02:42:47 453120 ----a-w- c:\windows\system32\ltkrn13n.dll
2010-03-18 02:42:47 445440 ----a-w- c:\windows\system32\ltimg13n.dll
2010-03-18 02:42:47 388608 ----a-w- c:\windows\system32\lfcmp13n.dll
2010-03-18 02:42:47 265216 ----a-w- c:\windows\system32\ltdis13n.dll
2010-03-18 02:42:47 246272 ----a-w- c:\windows\system32\lfj2k13n.dll
2010-03-18 02:42:47 206848 ----a-w- c:\windows\system32\ltefx13n.dll
2010-03-18 02:42:47 189976 ----a-w- c:\windows\system32\mfimgvwr.ocx
2010-03-18 02:42:47 1693696 ----a-w- c:\windows\system32\ltclr13n.dll
2010-03-18 02:42:47 154112 ----a-w- c:\windows\system32\ltfil13n.dll
2010-03-18 02:42:47 142848 ----a-w- c:\windows\system32\lftif13n.dll
2010-03-18 02:42:30 0 d-----w- c:\program files\MFInstall
2010-03-17 12:20:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-17 12:20:38 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-17 12:20:38 0 d-----w- c:\docume~1\crossmr\applic~1\SUPERAntiSpyware.com
2010-03-17 10:57:43 4336 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-17 10:20:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-03-17 10:18:10 0 d-----w- c:\program files\common files\iS3
2010-03-17 10:18:09 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-03-16 14:27:08 0 d-----w- c:\windows\system32\Log
2010-03-16 13:17:14 0 d-----w- c:\docume~1\crossmr\applic~1\Malwarebytes
2010-03-16 13:17:13 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-03-16 13:17:11 7168 ----a-w- c:\windows\system32\hccoin.dll
2010-03-16 13:17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-16 13:17:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 13:17:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 13:17:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-16 13:17:00 74240 ----a-w- c:\windows\system32\usbui.dll
2010-03-16 13:17:00 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-03-16 13:17:00 143872 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-03-16 13:16:59 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-03-16 13:16:57 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-03-16 13:16:56 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-16 13:16:56 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-03-16 13:16:35 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-03-16 13:16:30 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-03-16 12:48:26 0 d-----w- c:\program files\Skydigital Inc
2010-03-16 12:43:47 0 d-----w- c:\documents and settings\crossmr\SKY DIGITAL
2010-03-16 12:43:35 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-03-16 12:43:35 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-03-16 12:43:20 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-03-16 12:43:20 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-03-16 12:43:19 18432 -c--a-w- c:\windows\system32\dllcache\bdaplgin.ax
2010-03-16 12:43:19 18432 ----a-w- c:\windows\system32\BdaPlgIn.ax
2010-03-16 12:35:20 0 d-----w- c:\program files\SKY DIGITAL
2010-03-16 12:35:20 0 d-----w- c:\program files\common files\SKY DIGITAL
2010-03-10 09:38:50 0 d-----w- c:\docume~1\crossmr\applic~1\2ndrive
2010-03-10 09:37:59 0 d-----w- c:\program files\Nowcom
2010-03-09 11:40:06 509432 ----a-w- c:\windows\RealScan_Launcher.dll
2010-03-09 11:40:02 0 d-----w- C:\CREFREE
2010-03-05 00:11:22 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-21 13:46:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Firefly Studios

==================== Find3M ====================

2010-03-12 00:53:48 83288 ----a-w- c:\windows\system32\kdfapi.dll
2010-03-12 00:53:48 59976 ----a-w- c:\windows\system32\Kdfhok.dll
2010-03-12 00:53:48 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2010-03-12 00:53:47 674384 ----a-w- c:\windows\system32\QZKJAAMQ.exe
2010-03-12 00:53:47 61440 ----a-w- c:\windows\system32\proDefense.dll
2010-03-05 10:54:15 38200 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-03-05 10:54:15 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-03-05 10:54:15 126048 ----a-w- c:\windows\system32\kcrtx86.sys
2010-03-05 02:57:00 11377 ----a-w- c:\windows\system32\teexcept.dat
2010-02-23 08:17:28 2801664 ----a-w- c:\windows\system32\clubbox.exe
2010-02-18 09:43:25 73728 ----a-w- c:\windows\system32\aspnet_stat.exe
2010-02-18 05:18:42 648600 ----a-w- c:\windows\system32\HanSetup.exe
2010-02-12 05:27:48 72508 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-01 13:10:52 191008 ----a-w- c:\windows\system32\npkcmsvc.exe
2010-01-29 08:40:58 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-29 08:40:58 964608 ----a-w- c:\windows\system32\mfc70u.dll
2010-01-29 08:40:58 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-29 08:40:58 245408 ----a-w- c:\windows\system32\unicows.dll
2010-01-29 08:40:21 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2010-01-29 08:40:21 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2010-01-29 08:40:21 2187264 ----a-w- c:\windows\system32\mfc71d.dll
2010-01-29 08:40:21 2183168 ----a-w- c:\windows\system32\mfc71ud.dll
2010-01-29 08:38:36 2801756 ----a-w- c:\windows\system32\libmmd.dll
2010-01-27 10:14:50 46640 ----a-w- c:\windows\system32\npPCStatusUninst.exe
2010-01-26 09:19:58 124216 ----a-r- c:\windows\system32\CKAgent.exe
2010-01-21 07:33:42 104400 ----a-w- c:\windows\system32\MAOnFPS_NTSC.dll
2010-01-21 07:33:39 440272 ----a-w- c:\windows\system32\MAOnFPS_NTSV.dll
2010-01-21 03:00:44 30592 ----a-w- c:\windows\system32\drivers\vshook.sys
2010-01-17 23:51:44 644224 ----a-w- c:\windows\system32\NowUpdate.exe
2010-01-12 06:53:55 6324114 ----a-w- c:\windows\system32\2ndrive_setup.exe
2010-01-12 04:22:36 355060 ---h--w- c:\windows\system32\MaPrintInfo.dat
2010-01-07 05:10:30 311296 ----a-w- c:\windows\system32\Bugsctrl.dll
2010-01-07 05:10:30 167936 ----a-w- c:\windows\system32\jukeon_e.exe
2010-01-07 05:10:30 135168 ----a-w- c:\windows\system32\p3aodf1.dll
2010-01-07 05:10:30 135168 ----a-w- c:\windows\system32\Bugsedf1.dll
2009-12-28 06:32:13 78057 ----a-w- c:\windows\system32\nvModes.dat
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 10:06:29.82 ===============

Malwarebytes' Anti-Malware 1.44
Database version: 3888
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/21/2010 10:01:41 AM
mbam-log-2010-03-21 (10-01-41).txt

Scan type: Quick Scan
Objects scanned: 123883
Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\clientmetasearch.clientmetasearch (Adware.PlusOn) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{115e6c42-6f14-4f9f-9a03-eabeb5e8a082} (Adware.PlusOn) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5b8501e4-75e0-429f-89e2-549cf97d1692} (Adware.PlusOn) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8c3a5df0-de2f-4ea2-b5d8-078c79f5b942} (Adware.PlusOn) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89fbf526-ab75-4d2d-ab79-c64221c7f354} (Adware.PlusOn) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Freechal Corp (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Freechal Corp (Adware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:
C:\Program Files\Mini Search (Adware.MiniSerach) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\CCProxy.ini (Trojan.CCProxy) -> Quarantined and deleted successfully.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2009 10:42:05 AM
System Uptime: 3/21/2010 10:02:45 AM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz | Microprocessor | 1655/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 33.683 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 21.306 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Serial
Device ID: ROOT\LEGACY_SERIAL\0000
Manufacturer:
Name: Serial
PNP Device ID: ROOT\LEGACY_SERIAL\0000
Service: Serial

==== System Restore Points ===================

RP216: 12/21/2009 4:30:47 PM - System Checkpoint
RP217: 12/22/2009 5:03:25 PM - System Checkpoint
RP218: 12/23/2009 5:16:55 PM - System Checkpoint
RP219: 12/24/2009 6:15:09 PM - System Checkpoint
RP220: 12/25/2009 12:10:56 PM - 구성됨 AION
RP221: 12/26/2009 12:12:08 PM - System Checkpoint
RP222: 12/26/2009 1:00:21 PM - Installed DirectX
RP223: 12/26/2009 1:04:02 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP224: 12/26/2009 1:04:17 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP225: 12/27/2009 10:03:49 AM - Unsigned driver install
RP226: 12/27/2009 10:08:17 AM - Unsigned driver install
RP227: 12/28/2009 11:26:29 PM - System Checkpoint
RP228: 12/29/2009 10:59:50 AM - Installed Bonjour
RP229: 12/30/2009 11:34:21 AM - System Checkpoint
RP230: 12/31/2009 12:09:29 PM - System Checkpoint
RP231: 1/1/2010 9:57:00 PM - System Checkpoint
RP232: 1/2/2010 11:27:21 PM - System Checkpoint
RP233: 1/4/2010 2:03:22 AM - System Checkpoint
RP234: 1/4/2010 9:55:40 PM - Installed Chessmaster Grandmaster Edition
RP235: 1/5/2010 10:51:13 PM - System Checkpoint
RP236: 1/6/2010 10:58:25 PM - System Checkpoint
RP237: 1/7/2010 11:49:51 PM - System Checkpoint
RP238: 1/9/2010 12:07:50 AM - System Checkpoint
RP239: 1/10/2010 12:48:31 AM - System Checkpoint
RP240: 1/11/2010 2:24:22 AM - System Checkpoint
RP241: 1/12/2010 2:48:31 AM - System Checkpoint
RP242: 1/13/2010 2:48:45 AM - System Checkpoint
RP243: 1/14/2010 3:48:45 AM - System Checkpoint
RP244: 1/15/2010 4:48:47 AM - System Checkpoint
RP245: 1/15/2010 1:15:33 PM - Configured Chessmaster Grandmaster Edition
RP246: 1/15/2010 5:05:33 PM - Installed DirectX
RP247: 1/16/2010 5:48:46 PM - System Checkpoint
RP248: 1/17/2010 6:24:04 PM - System Checkpoint
RP249: 1/18/2010 6:39:09 PM - System Checkpoint
RP250: 1/19/2010 7:21:02 PM - System Checkpoint
RP251: 1/20/2010 8:11:53 PM - System Checkpoint
RP252: 1/21/2010 8:17:57 PM - System Checkpoint
RP253: 1/22/2010 5:11:40 PM - Removed ToolSuite
RP254: 1/22/2010 5:13:08 PM - Installed ToolSuite
RP255: 1/22/2010 5:30:52 PM - Removed ToolSuite
RP256: 1/22/2010 5:33:40 PM - Installed ToolSuite
RP257: 1/23/2010 7:49:21 PM - System Checkpoint
RP258: 1/24/2010 8:11:53 PM - System Checkpoint
RP259: 1/25/2010 9:13:08 PM - System Checkpoint
RP260: 1/26/2010 11:33:01 PM - System Checkpoint
RP261: 1/28/2010 12:34:14 AM - System Checkpoint
RP262: 1/28/2010 5:38:40 PM - Unsigned driver install
RP263: 1/28/2010 5:42:18 PM - Unsigned driver install
RP264: 1/29/2010 2:13:41 PM - Printer Driver Universal Document Converter Installed
RP265: 1/29/2010 2:13:53 PM - Printer Driver Universal Document Converter Installed
RP266: 1/30/2010 3:20:07 PM - System Checkpoint
RP267: 1/31/2010 12:45:23 PM - Installed DirectX
RP268: 1/31/2010 1:51:25 PM - Installed DirectX
RP269: 2/1/2010 3:21:35 PM - System Checkpoint
RP270: 2/2/2010 5:28:39 PM - Installed DirectX
RP271: 2/3/2010 6:27:25 PM - System Checkpoint
RP272: 2/4/2010 7:38:53 PM - System Checkpoint
RP273: 2/5/2010 8:23:49 PM - System Checkpoint
RP274: 2/6/2010 9:23:37 PM - System Checkpoint
RP275: 2/7/2010 10:12:26 PM - System Checkpoint
RP276: 2/9/2010 3:41:24 AM - System Checkpoint
RP277: 2/10/2010 4:23:57 AM - System Checkpoint
RP278: 2/11/2010 5:24:06 AM - System Checkpoint
RP279: 2/12/2010 6:23:56 AM - System Checkpoint
RP280: 2/13/2010 7:23:56 AM - System Checkpoint
RP281: 2/14/2010 8:23:58 AM - System Checkpoint
RP282: 2/15/2010 9:23:58 AM - System Checkpoint
RP283: 2/16/2010 11:03:06 AM - System Checkpoint
RP284: 2/17/2010 2:24:57 PM - System Checkpoint
RP285: 2/18/2010 2:32:23 PM - System Checkpoint
RP286: 2/19/2010 6:51:43 PM - System Checkpoint
RP287: 2/20/2010 7:33:54 PM - System Checkpoint
RP288: 2/22/2010 2:22:02 AM - System Checkpoint
RP289: 2/23/2010 2:34:35 AM - System Checkpoint
RP290: 2/24/2010 3:34:04 AM - System Checkpoint
RP291: 2/25/2010 3:34:09 AM - System Checkpoint
RP292: 2/25/2010 9:54:03 AM - Installed Windows Media Player Firefox Plugin
RP293: 2/26/2010 10:57:43 AM - System Checkpoint
RP294: 2/27/2010 12:34:16 PM - System Checkpoint
RP295: 2/28/2010 3:07:53 PM - System Checkpoint
RP296: 3/1/2010 3:49:28 PM - System Checkpoint
RP297: 3/2/2010 7:34:14 PM - System Checkpoint
RP298: 3/3/2010 8:18:25 PM - System Checkpoint
RP299: 3/5/2010 1:35:18 AM - System Checkpoint
RP300: 3/6/2010 2:18:26 AM - System Checkpoint
RP301: 3/7/2010 2:22:52 AM - System Checkpoint
RP302: 3/8/2010 3:18:37 AM - System Checkpoint
RP303: 3/8/2010 5:18:06 PM - Software Distribution Service 3.0
RP304: 3/9/2010 6:32:20 PM - System Checkpoint
RP305: 3/10/2010 10:46:34 PM - System Checkpoint
RP306: 3/11/2010 10:57:12 PM - System Checkpoint
RP307: 3/13/2010 2:53:01 AM - System Checkpoint
RP308: 3/14/2010 3:09:51 AM - System Checkpoint
RP309: 3/15/2010 3:10:05 AM - System Checkpoint
RP310: 3/16/2010 3:53:06 AM - System Checkpoint
RP311: 3/16/2010 9:34:03 PM - Installed SKYTV HD6 USB Driver Installer
RP312: 3/16/2010 9:34:42 PM - Configured SKYTV HD6 USB Driver Installer
RP313: 3/16/2010 9:35:20 PM - Installed SKYTV HD6 USB
RP314: 3/16/2010 9:40:45 PM - Configured SKYTV HD6 USB Driver Installer
RP315: 3/16/2010 9:41:21 PM - Installed SKYTV HD6 USB Driver Installer
RP316: 3/16/2010 9:41:58 PM - Configured SKYTV HD6 USB Driver Installer
RP317: 3/16/2010 9:43:40 PM - Installed SKYTV HD6 USB Driver Installer
RP318: 3/16/2010 9:48:25 PM - Installed SKY TP Converter
RP319: 3/16/2010 9:50:19 PM - Installed SKY AVI Converter
RP320: 3/17/2010 7:17:57 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP321: 3/17/2010 8:07:22 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP322: 3/17/2010 9:20:36 PM - Installed SUPERAntiSpyware Free Edition
RP323: 3/19/2010 12:13:43 AM - System Checkpoint
RP324: 3/19/2010 10:56:09 AM - Software Distribution Service 3.0
RP325: 3/19/2010 1:43:50 PM - Software Distribution Service 3.0
RP326: 3/19/2010 3:12:02 PM - Configured SKYTV HD6 USB Driver
RP327: 3/19/2010 3:12:43 PM - Installed SKYTV HD6 USB Driver
RP328: 3/19/2010 3:13:06 PM - Installed SKYTV HD6 USB Driver
RP329: 3/19/2010 3:14:03 PM - Removed SKYTV HD6 USB
RP330: 3/19/2010 3:14:52 PM - Installed SKYTV HD6 USB
RP331: 3/19/2010 3:15:56 PM - Configured SKYTV HD6 USB Driver
RP332: 3/19/2010 3:16:18 PM - Configured SKYTV HD6 USB Driver
RP333: 3/19/2010 3:17:04 PM - Installed SKYTV HD6 USB Driver
RP334: 3/20/2010 4:02:45 PM - Software Distribution Service 3.0
RP335: 3/21/2010 1:42:29 AM - Software Distribution Service 3.0

==== Installed Programs ======================

??? ?? ????
??? ActiveX ???
2ndrive (remove only)
32 Bit HP CIO Components Installer
A.V.A
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Lightroom 2.4
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advanced SystemCare 3
afreeca player 제거
ANNO 1404
Anno 1404 Bonus
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artist Colony 1.00
AviSynth 2.5
Bonjour
Broadcom Gigabit Integrated Controller
BufferChm
Byki
Byki Deluxe
CivCity: Rome
ClientKeeper KeyPro with E2E for 32bit
Conexant HDA D110 MDC V.92 Modem
ConvertXtoDVD 3.0.0.13
Copy
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
Download Manager 2.3.9
Drakensang
EA Download Manager
eMule Plus 1.2e
eMusic Download Manager 4.1.2
ERUNT 1.1j
Escape From Paradise City 1.0.0
eSupportQFolder
F4200
F4200_Help
ffdshow [rev 3097] [2009-10-08]
Fraps (remove only)
GPBaseService
Haansoft Hangul 2007
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Solution Center 10.0
HPProductAssistant
ImgBurn
INISafeWeb 6.0
iTunes
Japanese Fonts Support For Adobe Reader 9
Jasc Paint Shop Pro 9
Java™ 6 Update 15
K-Defense8 Control - 키보드 보안
K-Lite Codec Pack 4.9.5 (Full)
Korean Fonts Support For Adobe Reader 9
LG USB Modem driver
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft MechCommander 2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
mIWA
mLogView
mMHouse
Mobile Sync II
Mozilla Firefox (3.6)
Mozilla Thunderbird (2.0.0.24)
mPfMgr
mPfWiz
mProSafe
mSSO
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
mWlsSafe
mWMI
mXML
mZConfig
Neffy 1,2,1,13
NewsLeecher v3.9 Final
npPCStatus
nProtect KeyCrypt
nProtect Netizen(remove only)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Otto
OZ776 SCR CardBus V1.1.3.6
Peggle Deluxe
Photomatix Pro version 3.2
PlayNCLauncher
PunkBuster Services
QuickDownloadService
QuickSet
QuickTime
Railroad Tycoon 3
RealScan 개인정보유출진단
Rosetta Stone Version 3
Samsung Anycall HSP Plus Driver
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SigmaTel Audio
SignGATE EWS v3.1
SK Telecom 통합 USB 드라이버 프로그램
SKY AVI Converter
SKY TP Converter
Skype 4.2
SKYTV HD6 USB
SKYTV HD6 USB Driver
SoftCamp Secure KeyStroke 4.0
SolutionCenter
Sonic Encoders
Stanza
Status
Steam
SubSync
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Team Fortress 2
The KMPlayer (remove only)
TightVNC 1.3.10
Toolbox
ToolSuite
TrayApp
Tweak UI
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Videora iPod touch Converter 4.08
Virtual City
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 9.0 ATL (x86) WinSXS MSM
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 MFC (x86) WinSXS MSM
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
WebFldrs XP
WebReg
Winamp
WinDjView 1.0.3
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPcap 4.1 beta5
WinRAR archiver
Wireshark 1.2.0
XecureWeb Control
Xfire (remove only)
Xilisoft Video Converter Ultimate
XML Paper Specification Shared Components Pack 1.0
XTreme-G 190.62m XP 32bit
μTorrent
국세청보안모듈
엔젤팝
인텔® PROSet/무선 소프트웨어
전자민원G4C 민원발급프로그램 3.0
제트파일
클럽박스 파일전송관리자

==== Event Viewer Messages From Past Week ========

3/19/2010 9:35:19 AM, error: Service Control Manager [7034] - The Windows Config service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:19 AM, error: Service Control Manager [7034] - The npkcmsvc service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:19 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:19 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:19 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:18 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/19/2010 9:35:17 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:17 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 9:35:17 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
3/19/2010 12:54:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/19/2010 12:53:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
3/19/2010 12:53:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2010 12:53:58 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2010 12:53:58 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2010 12:53:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2010 12:53:58 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2010 12:53:58 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2010 1:23:08 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/17/2010 8:35:25 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/17/2010 7:53:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file cdrom.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
3/17/2010 6:51:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/17/2010 6:47:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm
3/17/2010 6:46:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/17/2010 6:11:31 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
3/16/2010 11:27:01 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/16/2010 10:16:41 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file pci.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
3/15/2010 11:51:25 AM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
3/15/2010 11:50:56 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/15/2010 11:49:29 AM, error: Service Control Manager [7000] - The DCMStandaloneSvc1 service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================


#15 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:22 PM

Posted 21 March 2010 - 07:13 AM

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3







* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on Combo-Fix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.
Reply with copy of C:\Combofix.txt
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users