Submit Your Article Forum Rules FAQ About Us
Search the forums:

Tech Support Team

Join Now!Nav Seperator FAQNav Seperator GalleryNav Seperator TutorialsNav Seperator BlogNav Seperator SearchNav Seperator Today's PostsNav Seperator Mark Forums ReadNav Seperator Navigation Right

Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below.


Tech Support Team » Malware Removal & Security » Malware Removal » Antivir alerts, Trojans

Notices
Before creating a new thread, we ask that you please read our Removal guide first: Malware Removal Guide - Read Before Posting. We also advise you reading this thread before continuing: P2P programs - please remove before posting for help

NOTE: NEVER follow someone elses fix. Just because the symptoms may appear to be the same, it does NOT mean your system has the same malware infection. ALWAYS start a new thread so that a member of our Security Team can take you through the steps of cleaning your computer.

Reply
Page 1 of 2 1 2 >
Thread Tools
 
  #1 (permalink)   Top
Old 24th July 2009, 11:06 PM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
Antivir alerts, Trojans
Hey everyone,

First time posting on this website. I'm home from college and trying to fix up my windows XP computer.

About 6 months ago I had an infection with something called "XP antivirus 2009". I believe it was a Trojan that infected my system restore and I had fixed it to some degree following the removal guide on this forum.

Recently though, Avira Antivir has been warning me of some trojans I hadn't seen before. I followed the "before you post" guide and followed every step. The only thing I have done other than what was in that guide was run the Antivir scan (I will include a copy of this log as well). I also installed the symantec endpoint protection which my school provides for free about a month ago.


Here are the logs,


Antivir


Avira AntiVir Personal
Report file date: Friday, July 24, 2009 15:51

Scanning for 1567743 virus strains and unwanted programs.

Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANYTHING

Version information:
BUILD.DAT : 8.2.0.353 17048 Bytes 2009-05-15 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-26 19:58:43
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 20:01:57
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 2009-06-24 19:09:12
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 2009-07-19 03:11:57
ANTIVIR3.VDF : 7.1.5.28 214528 Bytes 2009-07-24 19:50:41
Engineversion : 8.2.0.228
AEVDF.DLL : 8.1.1.1 106868 Bytes 2009-05-06 22:07:40
AESCRIPT.DLL : 8.1.2.18 442746 Bytes 2009-07-21 03:12:09
AESCN.DLL : 8.1.2.4 127348 Bytes 2009-07-22 18:58:14
AERDL.DLL : 8.1.2.4 430452 Bytes 2009-07-15 19:13:35
AEPACK.DLL : 8.1.3.18 401783 Bytes 2009-05-27 18:58:24
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 2009-06-17 19:02:45
AEHEUR.DLL : 8.1.0.143 1864055 Bytes 2009-07-21 03:12:07
AEHELP.DLL : 8.1.5.3 233846 Bytes 2009-07-22 18:58:12
AEGEN.DLL : 8.1.1.50 352629 Bytes 2009-07-22 18:58:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-15 20:03:39
AECORE.DLL : 8.1.7.6 184694 Bytes 2009-07-22 18:58:08
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-15 20:03:35
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 2009-04-22 18:58:22
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, July 24, 2009 15:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'Rtvscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MSCamSvc.exe' - '1' Module(s) have been scanned
Scan process 'SmcGui.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'ewidoctrl.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\ewidoctrl.exe'
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rnathchk.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ccApp.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'vVX6000.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'hpztsb08.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'shwicon2k.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'ps2.EXE' - '1' Module(s) have been scanned
Scan process 'ltmsg.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Smc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'ewidoctrl.exe' has been terminated
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\ewidoctrl.exe
[DETECTION] Is the TR/Agent.16448 Trojan
[NOTE] The file was moved to '4ad3114c.qua'!

52 processes with 51 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '83' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Owner\Desktop\starcraft\starcraft\iccscbn .icc
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '4acd12d7.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\edwido\ewido-setup.exe
[0] Archive type: NSIS
--> [ProgramFilesDir]/ewido/security suite/autostartviewer.dll
[DETECTION] Is the TR/Agent.53312 Trojan
--> [ProgramFilesDir]/ewido/security suite/connectionWatch.dll
[DETECTION] Is the TR/Agent.36928 Trojan
--> [ProgramFilesDir]/ewido/security suite/processviewer.dll
[DETECTION] Is the TR/Agent.30272 Trojan
--> [ProgramFilesDir]/ewido/security suite/configuration.dll
[DETECTION] Is the TR/Agent.61504 Trojan
--> [ProgramFilesDir]/ewido/security suite/tray_dll.dll
[DETECTION] Is the TR/Spy.45120 Trojan
--> [ProgramFilesDir]/ewido/security suite/wizard.dll
[DETECTION] Is the TR/Agent.90176 Trojan
--> [ProgramFilesDir]/ewido/security suite/archive.dll
[DETECTION] Is the TR/Agent.233536 Trojan
--> [ProgramFilesDir]/ewido/security suite/ewidoctrl.exe
[DETECTION] Is the TR/Agent.16448 Trojan
--> [ProgramFilesDir]/ewido/security suite/shellhook.dll
[DETECTION] Is the TR/BHO.39488 Trojan
[NOTE] The file was moved to '4ad31370.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\archive.dll
[DETECTION] Is the TR/Agent.233536 Trojan
[NOTE] The file was moved to '4acd136c.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\configuration.dll
[DETECTION] Is the TR/Agent.61504 Trojan
[NOTE] The file was moved to '4ad81369.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\shellhook.dll
[DETECTION] Is the TR/BHO.39488 Trojan
[NOTE] The file was moved to '4acf1363.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\tray_dll.dll
[DETECTION] Is the TR/Spy.45120 Trojan
[NOTE] The file was moved to '4acb136e.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\wizard.dll
[DETECTION] Is the TR/Agent.90176 Trojan
[NOTE] The file was moved to '4ae41365.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\Modules\autostartviewer.dll
[DETECTION] Is the TR/Agent.53312 Trojan
[NOTE] The file was moved to '4ade1372.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\Modules\connectionWatch.dll
[DETECTION] Is the TR/Agent.36928 Trojan
[NOTE] The file was moved to '4ad8136c.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\Modules\processviewer.dll
[DETECTION] Is the TR/Agent.30272 Trojan
[NOTE] The file was moved to '4ad9136f.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\당나귀\donkeyp2p\instcount.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4add14d1.qua'!
C:\Documents and Settings\Owner\My Documents\bryan\당나귀\donkeyp2p\update_check.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ace14d4.qua'!
C:\Program Files\ICCup\Launcher\wmode.bwl
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4ad9186a.qua'!
C:\Program Files\infodonkey\uninstall.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ad3186f.qua'!
C:\Program Files\sakuracash\uninstall.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ad31a73.qua'!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP176\A0010561.exe
[DETECTION] Is the TR/Dldr.Agent.chig Trojan
[NOTE] The file was moved to '4a9a1b60.qua'!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP176\A0010789.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4a9a1b67.qua'!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP176\A0010790.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b0179d0.qua'!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: Friday, July 24, 2009 17:01
Used time: 1:09:37 Hour(s)

The scan has been done completely.

10254 Scanning directories
551143 Files were scanned
28 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
19 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
551113 Files not concerned
14560 Archives were scanned
6 Warnings
19 Notes





Superantispyware

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 07/24/2009 at 03:36 PM

Application Version : 4.24.1004

Core Rules Database Version : 4016
Trace Rules Database Version: 1956

Scan type : Complete Scan
Total Scan Time : 01:49:08

Memory items scanned : 475
Memory threats detected : 0
Registry items scanned : 6765
Registry threats detected : 0
File items scanned : 111094
File threats detected : 1

Adware.Vundo/Variant-MSFake
C:\WINDOWS\SYSTEM32\DIVXA32.ACM



Malwarebytes

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

7/24/2009 6:28:40 PM
mbam-log-2009-07-24 (18-28-40).txt

Scan type: Quick Scan
Objects scanned: 99889
Time elapsed: 16 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\ProcObsrv (Rogue.NetCom3) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:15 PM, on 7/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: utilsguides - {19EA4A41-DB3E-4C59-A137-B954167B0AC9} - C:\PROGRA~1\UTILGU~1\UTILGU~1.DLI
O2 - BHO: WinAUClass - {6079C124-89CE-45E9-B0C4-E37AD02BC9B8} - C:\WINDOWS\system32\winauclass.dat
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O2 - BHO: ulguide Helper - {BE3CABEC-084B-49DF-B235-753B869A06A5} - C:\Program Files\ulguide\ulguide.dll
O2 - BHO: ulineguide Helper - {C3105EEE-9977-460E-B842-B04DE95921B5} - C:\Program Files\ulineguide\ulineguidepack.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: AIÆ÷´c³ª±I - {EF0DA19E-5CCD-4B29-AFCE-3B37E91F8589} - C:\PROGRA~1\INFODO~1\INFODO~1.DLL
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Donkey Toolbar (&D) - {638886B2-CF33-4EA0-AFF8-DC8E504500CB} - C:\PROGRA~1\donkeytb\donkeytb.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [donkeytb] C:\Program Files\donkeytb\updatecheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AutoUtil] C:\Program Files\AutoUtil\AutoUtil.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [donkeyp2p] C:\Documents and Settings\Owner\My Documents\bryan\´c³ª±I\donkeyp2p\update_check.exe /start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIÆ÷μ¿A° - {089F95DD-370D-43CD-B472-99DD3EB7EEC1} - C:\PROGRA~1\INFODO~1\INFODO~1.DLL
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: ¸®¼*A¡ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Owner\My Documents\bryan\poker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Owner\My Documents\bryan\poker\PartyPoker.exe (file missing)
O9 - Extra button: ≫cAi¶oA³½¬ - {B9F6E34F-369A-443F-BBB6-E610771F619E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.teri.org
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: 799BB2EC-572A-42A9-84AD-112806F4F551 -
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://www.netmarble.net/game/nmstarter/NMStarter16.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - NintendoWIFI.com
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary...s.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {24960521-7F51-4743-9D83-906B16D188E5} (Archlord_downloader Control) - http://download.archlord.com/archlor...loader0623.cab
O16 - DPF: {2AE5077E-2BCD-4B77-9D19-237C882BD6AF} - http://www.monario.com/ActiveX/monariofiledownload.cab
O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} (S2PlayerPan Class) - http://listen.daum.net/52st/52street/S2MusicPlayer.dll
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall.cab
O16 - DPF: {35B93CED-4B24-4FA7-B143-B4F5BBBA9F7A} (BugsPatcher Control) - http://gamepatch.bugs.co.kr/BugsPatcher.cab
O16 - DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} (DownStarter Control) - http://bgweb.clubbox.co.kr/bin/DownStarter.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48ED5A74-A5A6-4EDE-AAC5-42D697FC3F19} (cyberX Control) - http://www.cyberoro.com/download/cyber.cab
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.cyberoro.com/download/OroCheck.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://cafe.naver.com/common/activex/nbgm.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://img.pandora.tv/pan_img/liveupdate/SVPorsche.cab
O16 - DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} (ToonsXContentsPlug Control) - http://comic.daum.net/download/new/T...ntentsPlug.cab
O16 - DPF: {710E4921-F77C-4D42-8EC4-4DFDEE52508F} (ictPrintXForm Control) - http://210.90.46.53/activeX/ictPrintX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.paran.com/paranac...data/imweb.cab
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} - http://ahnlabdownload.nefficient.co....firewall20.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040811.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B2AEC562-9C98-459D-A596-6850EB2CE623} - http://www.omi.co.kr/search/chart_pa...omparison4.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} (PDRInst1 Class) - http://imgcdn.pandora.tv/pan_img/p3p...ge/pdrinst.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2
O16 - DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} (CN°OAOA¢¼OCA·I±×·¥) - http://cdn.hangame.com/hangame/messe.../HanWebMsg.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary...t.cab27591.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cab
O16 - DPF: {C415C83B-3FE3-4AAA-ABD0-53D812D25593} (JCUpdaterAx Control) - http://www.joycity.com/_app/JCUpdaterAX.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - ijji - Where Gamers Unite!
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://gameguard.nefficient.co.kr/gr...rypt/npkcx.cab
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} (INIwallet60 Control) - http://plugin.inicis.com/wallet60/INIwallet60.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - ÇÁ¸®½ºÅ¸ÀÏ, Â¥¸´ÇÑ ÇÑÆÇ!!
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - http://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {E8FC4708-B43C-4B2D-8D3F-A5D583D822F4} (ParanOnDemandX Control) - http://gamedown.paran.com/cab/ParanOnDemandX.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B194D895-CE3A-40D7-8D35-A58D582028FD}: NameServer = 4.2.2.1 4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: !SASWinLogon - C:\Documents and Settings\Owner\Desktop\pigeon\SASWINLO.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\ewidoctrl.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMJPMIG8.3 - Unknown owner - C:\WINDOWS\System32\IMJPMIG8_3.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 19528 bytes




Sorry there's so much. Thanks in advance for your help.

Bryan
Reply With Quote
  #2 (permalink)   Top
Old 25th July 2009, 05:13 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #3 (permalink)   Top
Old 25th July 2009, 09:10 PM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
DDS.txt


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 17:04:59.01 on 07/25/2009 Sat
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.511.262 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://81.222.131.49/index.php
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://us10.hpwis.com/
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: utilsguides: {19ea4a41-db3e-4c59-a137-b954167b0ac9} - c:\progra~1\utilgu~1\UTILGU~1.DLI
BHO: WinAUClass: {6079c124-89ce-45e9-b0c4-e37ad02bc9b8} - c:\windows\system32\winauclass.dat
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\ swg.dll
BHO: ulguide Class: {be3cabec-084b-49df-b235-753b869a06a5} - c:\program files\ulguide\ulguide.dll
BHO: ulineguide Class: {c3105eee-9977-460e-b842-b04de95921b5} - c:\program files\ulineguide\ulineguidepack.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: 인포당나귀: {ef0da19e-5ccd-4b29-afce-3b37e91f8589} - c:\progra~1\infodo~1\INFODO~1.DLL
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Donkey Toolbar (&D): {638886b2-cf33-4ea0-aff8-dc8e504500cb} - c:\progra~1\donkeytb\donkeytb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [WebCamRT.exe]
uRun: [ctfmon.exe]
uRun: [RealPlayer] "c:\program files\real\realone player\realplay.exe" /RunUPGToolCommandReBoot
uRun: [donkeyp2p] c:\documents and settings\owner\my documents\bryan\당나깊\donkeyp2p\update_check.exe /start
uRun: [Steam]
uRun: [Aim6]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb0 8.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [donkeytb] c:\program files\donkeytb\updatecheck.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AutoUtil] c:\program files\autoutil\AutoUtil.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri _di~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri _di~1\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\owner\my documents\bryan\poker\PartyPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {089F95DD-370D-43CD-B472-99DD3EB7EEC1} - {C3184C2D-3FFD-4E62-AA11-1E5123811752} - c:\progra~1\infodo~1\INFODO~1.DLL
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B9F6E34F-369A-443F-BBB6-E610771F619E} - {A8E64858-0D1D-4E0C-9C53-6F8C9EB1E893}
Trusted Zone: teri.org
DPF: 799BB2EC-572A-42A9-84AD-112806F4F551
DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} - hxxp://www.netmarble.net/game/nmstarter/NMStarter16.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshooting/usbaptest.cab
DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} - hxxp://messenger.zone.msn.com/binary/Upwords.cab31267.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/ArchlordDownloader0623.cab
DPF: {2AE5077E-2BCD-4B77-9D19-237C882BD6AF} - hxxp://www.monario.com/ActiveX/monariofiledownload.cab
DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} - hxxp://listen.daum.net/52st/52street/S2MusicPlayer.dll
DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} - hxxp://player.bugs.co.kr/install/BugsInstall.cab
DPF: {35B93CED-4B24-4FA7-B143-B4F5BBBA9F7A} - hxxp://gamepatch.bugs.co.kr/BugsPatcher.cab
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.clubbox.co.kr/bin/DownStarter.cab
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
DPF: {48ED5A74-A5A6-4EDE-AAC5-42D697FC3F19} - hxxp://www.cyberoro.com/download/cyber.cab
DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} - hxxp://www.cyberoro.com/download/OroCheck.cab
DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} - hxxp://cafe.naver.com/common/activex/nbgm.cab
DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} - hxxp://img.pandora.tv/pan_img/liveupdate/SVPorsche.cab
DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} - hxxp://comic.daum.net/download/new/ToonsXContentsPlug.cab
DPF: {710E4921-F77C-4D42-8EC4-4DFDEE52508F} - hxxp://210.90.46.53/activeX/ictPrintX.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} - hxxp://activexdown.paran.com/paranactivex/data/imweb.cab
DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} - hxxp://www.cabal.co.kr/Include/SysInfo.cab
DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - hxxp://www.bitdefender.com/scan/Msie/bitdefender.cab
DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} - hxxp://player.bugs.co.kr/install/mv/p3bvset.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.com/NMChatX/NMTransX.cab
DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - hxxp://cafeimg.hanmail.net/cab9/dmcc2.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} - hxxp://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab
DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} - hxxp://player.bugs.co.kr/install/XTools.cab
DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} - hxxp://player.bugs.co.kr/install/bugsLoader20040811.cab
DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - hxxp://www.ravantivirus.com/scan/ravonline.cab
DPF: {B2AEC562-9C98-459D-A596-6850EB2CE623} - hxxp://www.omi.co.kr/search/chart_package/comparison4.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} - hxxp://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2
DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} - hxxp://cdn.hangame.com/hangame/messenger/hani/webmsg/HanWebMsg.cab
DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} - hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab27591.cab
DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} - hxxp://player.bugs.co.kr/install/bugsLoader20041018.cab
DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} - hxxp://www.melon.com/cab/P3Melon.cab
DPF: {C415C83B-3FE3-4AAA-ABD0-53D812D25593} - hxxp://www.joycity.com/_app/JCUpdaterAX.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://gameguard.nefficient.co.kr/grigon/gamegard/nProtect/keycrypt/npkcx.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab31267.cab
DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} - hxxp://www.jceports.com/_app/cab/JSUpdaterAx.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {E8FC4708-B43C-4B2D-8D3F-A5D583D822F4} - hxxp://gamedown.paran.com/cab/ParanOnDemandX.cab
DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} - hxxp://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {B194D895-CE3A-40D7-8D35-A58D582028FD} = 4.2.2.1 4.2.2.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\documents and settings\owner\desktop\pigeon\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: ,
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\documents and settings\owner\my documents\bryan\edwido\security suite\shellhook.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\documents and settings\owner\desktop\pigeon\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-8-9 11608]
R1 LIKECDN2;LIKECDN2;c:\windows\system32\drivers\LIKE CDN2.sys [2004-3-7 20972]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-8-9 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-8-9 151297]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-1-27 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-1-27 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-1-27 2440120]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R2 XSPACEWG;XSPACEWG;c:\windows\system32\drivers\XSpa ceWg.sys [2004-3-7 3503]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-8-9 52056]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-18 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd ~1\20090725.003\NAVENG.SYS [2009-7-25 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\viru sd~1\20090725.003\NAVEX15.SYS [2009-7-25 875728]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\owner\desktop\pigeon\sasdifsv.sys --> c:\documents and settings\owner\desktop\pigeon\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\owner\desktop\pigeon\saskutil.sys --> c:\documents and settings\owner\desktop\pigeon\SASKUTIL.sys [?]
S2 ewido security suite control;ewido security suite control;c:\documents and settings\owner\my documents\bryan\edwido\security suite\ewidoctrl.exe --> c:\documents and settings\owner\my

documents\bryan\edwido\security suite\ewidoctrl.exe [?]
S2 IMJPMIG8.3;IMJPMIG8.3;"c:\windows\system32\imjpmig 8_3.exe" -service --> c:\windows\system32\IMJPMIG8_3.exe [?]
S3 cdrm9;cdrm9;\??\c:\windows\system32\kauz.sys --> c:\windows\system32\kauz.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [2009-1-27 23888]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwus bdnt.sys [2004-3-14 10368]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\owner\desktop\pigeon\sasenum.sys --> c:\documents and settings\owner\desktop\pigeon\SASENUM.SYS [?]
S3 scgsk;SCGSK Driver Service;c:\windows\system32\drivers\scgsk.sys [2004-10-28 6656]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-6-29 2383152]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-2-10 45840]

=============== Created Last 30 ================

2009-07-24 19:42 283,648 -c------ c:\windows\system32\dllcache\pdh.dll
2009-07-24 19:42 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-07-24 19:42 399,360 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-07-24 19:42 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-07-24 19:42 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-07-24 19:42 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-07-24 19:42 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-24 19:42 616,960 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-07-24 19:42 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-07-24 19:19 1,193,414 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-07-24 19:19 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-24 18:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-23 14:46 <DIR> --d----- c:\program files\ulguide
2009-07-23 14:44 <DIR> --d----- c:\program files\utilguides
2009-07-23 14:44 <DIR> --d----- c:\program files\utilpack
2009-07-23 14:43 574,464 a------- c:\windows\system32\winauclass.dat
2009-07-23 14:43 <DIR> --d----- c:\program files\ulineguide
2009-07-09 03:54 128,000 a------- c:\windows\system32\UtilDownLauncher.dll
2009-07-01 13:48 202,072 a----r-- c:\windows\system32\cpnprt2.cid
2009-07-01 13:48 <DIR> --d----- c:\program files\Coupons

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll

============= FINISH: 17:05:46.37 ===============









Attach.txt





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2004 9:20:58 PM
System Uptime: 7/25/2009 9:18:48 AM (8 hours ago)

Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 |

3200/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 |

3200/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 63.596 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.922 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP96: 4/26/2009 7:43:17 PM - System Checkpoint
RP97: 4/27/2009 9:37:16 PM - System Checkpoint
RP98: 4/28/2009 10:28:18 PM - System Checkpoint
RP99: 4/30/2009 1:24:58 PM - System Checkpoint
RP100: 5/1/2009 5:31:59 PM - System Checkpoint
RP101: 5/3/2009 1:42:57 PM - System Checkpoint
RP102: 5/4/2009 1:57:26 PM - System Checkpoint
RP103: 5/5/2009 2:05:51 PM - System Checkpoint
RP104: 5/6/2009 6:55:35 PM - System Checkpoint
RP105: 5/7/2009 7:00:11 PM - System Checkpoint
RP106: 5/8/2009 7:25:20 PM - System Checkpoint
RP107: 5/9/2009 9:38:17 PM - System Checkpoint
RP108: 5/10/2009 10:49:33 PM - System Checkpoint
RP109: 5/12/2009 7:44:57 AM - System Checkpoint
RP110: 5/13/2009 5:37:46 PM - System Checkpoint
RP111: 5/14/2009 6:45:24 PM - System Checkpoint
RP112: 5/15/2009 7:08:58 PM - System Checkpoint
RP113: 5/16/2009 7:25:15 PM - System Checkpoint
RP114: 5/17/2009 7:27:12 PM - System Checkpoint
RP115: 5/18/2009 7:36:57 PM - System Checkpoint
RP116: 5/19/2009 9:03:08 PM - System Checkpoint
RP117: 5/20/2009 9:39:15 PM - System Checkpoint
RP118: 5/21/2009 12:07:00 AM - Installed GKLauncher
RP119: 5/22/2009 5:45:24 PM - System Checkpoint
RP120: 5/23/2009 5:56:07 PM - System Checkpoint
RP121: 5/24/2009 7:08:19 PM - System Checkpoint
RP122: 5/25/2009 8:11:42 PM - System Checkpoint
RP123: 5/26/2009 9:03:41 PM - System Checkpoint
RP124: 5/27/2009 10:12:44 PM - System Checkpoint
RP125: 5/28/2009 11:02:37 PM - System Checkpoint
RP126: 5/30/2009 8:12:34 AM - System Checkpoint
RP127: 5/31/2009 5:55:47 PM - System Checkpoint
RP128: 6/1/2009 8:21:23 PM - System Checkpoint
RP129: 6/2/2009 9:29:28 PM - System Checkpoint
RP130: 6/4/2009 1:42:02 AM - System Checkpoint
RP131: 6/5/2009 7:54:48 AM - System Checkpoint
RP132: 6/6/2009 9:29:25 AM - System Checkpoint
RP133: 6/7/2009 10:24:49 AM - System Checkpoint
RP134: 6/8/2009 11:47:38 AM - System Checkpoint
RP135: 6/9/2009 12:15:37 PM - System Checkpoint
RP136: 6/10/2009 1:00:42 PM - System Checkpoint
RP137: 6/11/2009 1:08:34 PM - System Checkpoint
RP138: 6/12/2009 4:06:39 PM - System Checkpoint
RP139: 6/13/2009 4:45:49 PM - System Checkpoint
RP140: 6/14/2009 9:21:00 PM - System Checkpoint
RP141: 6/15/2009 10:44:58 PM - System Checkpoint
RP142: 6/17/2009 1:03:48 AM - System Checkpoint
RP143: 6/18/2009 12:41:27 PM - System Checkpoint
RP144: 6/19/2009 12:54:50 PM - System Checkpoint
RP145: 6/20/2009 2:00:05 PM - System Checkpoint
RP146: 6/21/2009 2:43:33 PM - System Checkpoint
RP147: 6/22/2009 3:18:00 PM - System Checkpoint
RP148: 6/23/2009 3:27:55 PM - System Checkpoint
RP149: 6/24/2009 3:28:42 PM - System Checkpoint
RP150: 6/25/2009 4:12:15 PM - System Checkpoint
RP151: 6/26/2009 6:34:08 PM - System Checkpoint
RP152: 6/27/2009 11:22:10 PM - System Checkpoint
RP153: 6/29/2009 12:12:19 AM - System Checkpoint
RP154: 6/30/2009 9:07:02 AM - System Checkpoint
RP155: 7/1/2009 9:36:28 AM - System Checkpoint
RP156: 7/2/2009 10:22:53 AM - System Checkpoint
RP157: 7/3/2009 11:30:38 AM - System Checkpoint
RP158: 7/4/2009 1:18:26 PM - System Checkpoint
RP159: 7/5/2009 4:43:32 PM - System Checkpoint
RP160: 7/6/2009 4:45:52 PM - System Checkpoint
RP161: 7/7/2009 5:25:41 PM - System Checkpoint
RP162: 7/8/2009 7:36:14 PM - System Checkpoint
RP163: 7/9/2009 8:02:11 PM - System Checkpoint
RP164: 7/10/2009 9:32:54 PM - System Checkpoint
RP165: 7/11/2009 9:41:31 PM - System Checkpoint
RP166: 7/12/2009 11:26:11 PM - System Checkpoint
RP167: 7/13/2009 11:33:38 PM - System Checkpoint
RP168: 7/15/2009 1:55:55 PM - System Checkpoint
RP169: 7/16/2009 2:03:11 PM - System Checkpoint
RP170: 7/17/2009 2:25:27 PM - System Checkpoint
RP171: 7/18/2009 3:02:21 PM - System Checkpoint
RP172: 7/19/2009 8:41:07 PM - System Checkpoint
RP173: 7/20/2009 9:43:45 PM - System Checkpoint
RP174: 7/21/2009 9:55:01 PM - System Checkpoint
RP175: 7/22/2009 11:18:04 PM - System Checkpoint
RP176: 7/24/2009 9:52:24 AM - System Checkpoint
RP177: 7/24/2009 6:38:53 PM - Installed Java(TM) 6 Update 14
RP178: 7/24/2009 9:00:34 PM - Software Distribution Service 3.0

==== Installed Programs ======================


ACDSee
Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader Korean Fonts
Ahead Nero 6 Demo
AIM 6
AIM Toolbar 5.0
ALZip
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz 2
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Bonjour
CC¸A °OAO
CCleaner (remove only)
CDSpace 4.0 Upgrade
Chinese Traditional Fonts Support For Adobe Reader 8
Clubbox 파일전송관리자
Counter-Strike
Coupon Printer for Windows
Crossword Weaver 6.0
Daum ActiveX 컨트롤 - Daum 음악 플레이어
Daum ActiveX 컨트롤 - 음악 플레이
Daum ActiveX 컨트롤 - 한메일 파일업로더
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP WMA V8 Codec
Drivers Install For Linksys Easylink Advisor
Easy Barcode Creator
ewido security suite
Excavation from Hewlett-Packard Desktops (remove only)
FinePixViewer Ver.4.2
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
FUJIFILM USB Driver
GKLauncher
GOM Player
Google Toolbar for Internet Explorer
Gunbound Revolution
Hangul 2004
Hangul 2004's Package
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Deskjet Preloaded Printer Drivers
HpSdpAppCoreApp
ICCup Launcher
ijji
ijji Auto Installer
ImageMixer VCD2 for FinePix
INFO DONKEY 인포당나귀
INIplugin 4.0
INISafeWeb 5.0
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iPod for Windows 2005-01-11
iTunes
Java(TM) 6 Update 14
Korean Fonts Support For Adobe Reader 8
LimeWire 4.18.8
Linksys EasyLink Advisor 1.6 (0032)
LiveReg (Symantec Corporation)
LiveUpdate 3.3 (Symantec Corporation)
Logitech ImageStudio
Logitech MouseWare 9.79.1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
MFP 300 Logo Editor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
MicroStaff WINASPI
Move Networks Media Player for Internet Explorer
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Mu
Multimedia Card Reader
My BootDisk V2.51
MyFirewall
Nintendo Wi-Fi USB Connector Registration Tool
Ntamin_FreeStyle
NVIDIA GART Driver
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
PChome - Skype 3.0
Polar Bowler from Hewlett-Packard Desktops (remove only)
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RAW FILE CONVERTER LE
RealOne Player
RecordNow!
Sakuracash
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Shockwave
Skype Plugin Manager
Smart Update Utility
Sonic Update Manager
Spy Sweeper
Spybot - Search & Destroy 1.3
Starcraft
Steam
SUPERAntiSpyware Free Edition
Symantec Endpoint Protection
The KMPlayer(remove only)
TI Connect 1.5
toolkit
ulguide
ulineguide
Uninstall dTomoyo's Unified Codec Pack (Type 3, Ver. 7.08.12)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
utilguide Uninstall
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtools 3D Life Player
Warcraft III: All Products
WebFldrs XP
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Donkey Toolbar
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
나모 웹에디터 5
당나귀 P2P
리워드넷(샵가이드/웹가이드)
알씨
킫orrent
판도라TV미니

==== Event Viewer Messages From Past Week ========

7/24/2009 3:51:42 PM, error: Service Control Manager [7034] - The

ewido security suite control service terminated unexpectedly. It has done

this 1 time(s).
7/24/2009 1:41:59 PM, error: Service Control Manager [7000] - The

SASENUM service failed to start due to the following error: The system

cannot find the path specified.
7/24/2009 1:41:58 PM, error: Service Control Manager [7000] - The

SASKUTIL service failed to start due to the following error: The system

cannot find the path specified.
7/24/2009 1:41:58 PM, error: Service Control Manager [7000] - The

SASDIFSV service failed to start due to the following error: The system

cannot find the path specified.
7/24/2009 1:29:14 PM, error: DCOM [10005] - DCOM got error "%1058"

attempting to start the service wuauserv with arguments "" in order to

run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/22/2009 9:50:35 AM, error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: SASDIFSV

SASKUTIL
7/22/2009 9:50:35 AM, error: Service Control Manager [7000] - The

nVidia WDM Video Capture (universal) service failed to start due to the

following error: The service cannot be started, either because it is

disabled or because it has no enabled devices associated with it.
7/22/2009 9:50:35 AM, error: Service Control Manager [7000] - The

nVidia WDM A/V Crossbar service failed to start due to the following error:

The service cannot be started, either because it is disabled or because it

has no enabled devices associated with it.
7/22/2009 9:50:35 AM, error: Service Control Manager [7000] - The

IMJPMIG8.3 service failed to start due to the following error: The system

cannot find the file specified.
7/19/2009 9:30:31 AM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Windows Image Acquisition (WIA)

service to connect.
7/19/2009 9:30:31 AM, error: Service Control Manager [7000] - The

Windows Image Acquisition (WIA) service failed to start due to the

following error: The service did not respond to the start or control

request in a timely fashion.

==== End Of File ===========================
Reply With Quote
  #4 (permalink)   Top
Old 26th July 2009, 09:45 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Avira
Symantec

Multiple antivirus warning!

Microsoft, Kaspersky and Symantec recommend that you do not have more than one antivirus product installed and running on your computer at the same time.

The real-time protection of two antivirus programs may conflict with each other and cause the following:

* False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
* Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
* Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
* Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

----------

Please uninstall either Avira or Symantec/Norton before continuing.

----------

Download Trend Micro CWShredder.exe to the Desktop.

1. Double click the CWShredder.exe to open the Program and Click on I AGREE to accept the license agreement.
2. Checkmark the option Move CWS files found to the Recycle Bin instead of deleting them as a precaution. We can empty the Recycle Bin later once the infection is cured.
3. Click on Update to ensure the latest updates are installed.
4. Click Fix to let the CWShredder look for and fix any CWS infection it finds.
5. Click OK in the confirmation screen to continue.

) CWShredder will scan your system for known variants of CWS infections.
) The scan results are shown.

6. Click Next to continue.
7. Click Exit to exit the program.

----------

BitDefender Online Scanner is available only works with Internet Explorer! Click here for the latest version of Internet Explorer

* Scan with the BitDefender Online Scanner
* Click Start Scanner to begin.
* Place a check mark next to I agree with the Terms and Conditions then click Start Here
* Agree to the license and then Install the ActiveX control.
* Please DO NOT change any of the Scanning Options!
* Click Start Scan to begin updating the BitDefender Online Scanner. The scan will start once the definitions are up-to-date.

* This scan can take a while so please be patient and let it complete.

* Once BitDefender completes the scan:
* Click-on the Detected Problems tab.
* Then select Click here to export the scan report



This will save a file named bdscan.html I would suggest saving it to the desktop so you can easily find it. (take notice of where you save it so you can find it later)

You will have to upload the file online. The forums will not accept HTML.

Go to File Dropper

* Click Upload
* Locate the file and double click it.
* Copy the link below Share This Link: and post it back here.

----------

Now run a new DDS scan and post the logs please.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #5 (permalink)   Top
Old 9th August 2009, 06:26 AM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
Thanks for replying so quick. I was away for a while so it took me a while to get back to you, sorry.

First I uninstalled the Symantec Enpoint program from the control panel. It's something my college gives us, if you think I should be using that instead of Avira, let me know.

I did the CWS shredder but the only thing it did was fix hidden options tab or something. It didn't find any infections.


Here is the link from the bdscanner

http://www.filedropper.com/bdscan_2



And the 2 DDS logs:

DDS.txt


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 2:11:15.39 on 08/09/2009 Sun
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.511.222 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Desktop\CLEAN\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL =
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://us10.hpwis.com/
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: utilsguides: {19ea4a41-db3e-4c59-a137-b954167b0ac9} - c:\progra~1\utilgu~1\UTILGU~1.DLI
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\ swg.dll
BHO: ulguide Class: {be3cabec-084b-49df-b235-753b869a06a5} - c:\program files\ulguide\ulguide.dll
BHO: ulineguide Class: {c3105eee-9977-460e-b842-b04de95921b5} - c:\program files\ulineguide\ulineguidepack.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: 인포당나귀: {ef0da19e-5ccd-4b29-afce-3b37e91f8589} - c:\progra~1\infodo~1\INFODO~1.DLL
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Donkey Toolbar (&D): {638886b2-cf33-4ea0-aff8-dc8e504500cb} - c:\progra~1\donkeytb\donkeytb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [WebCamRT.exe]
uRun: [ctfmon.exe]
uRun: [RealPlayer] "c:\program files\real\realone player\realplay.exe" /RunUPGToolCommandReBoot
uRun: [donkeyp2p] c:\documents and settings\owner\my documents\bryan\당나깊\donkeyp2p\update_check.exe /start
uRun: [Steam]
uRun: [Aim6]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb0 8.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [donkeytb] c:\program files\donkeytb\updatecheck.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AutoUtil] c:\program files\autoutil\AutoUtil.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri _di~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri _di~1\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\owner\my documents\bryan\poker\PartyPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {089F95DD-370D-43CD-B472-99DD3EB7EEC1} - {C3184C2D-3FFD-4E62-AA11-1E5123811752} - c:\progra~1\infodo~1\INFODO~1.DLL
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B9F6E34F-369A-443F-BBB6-E610771F619E} - {A8E64858-0D1D-4E0C-9C53-6F8C9EB1E893}
Trusted Zone: teri.org
DPF: 799BB2EC-572A-42A9-84AD-112806F4F551
DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} - hxxp://www.netmarble.net/game/nmstarter/NMStarter16.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshooting/usbaptest.cab
DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} - hxxp://messenger.zone.msn.com/binary/Upwords.cab31267.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/ArchlordDownloader0623.cab
DPF: {2AE5077E-2BCD-4B77-9D19-237C882BD6AF} - hxxp://www.monario.com/ActiveX/monariofiledownload.cab
DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} - hxxp://listen.daum.net/52st/52street/S2MusicPlayer.dll
DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} - hxxp://player.bugs.co.kr/install/BugsInstall.cab
DPF: {35B93CED-4B24-4FA7-B143-B4F5BBBA9F7A} - hxxp://gamepatch.bugs.co.kr/BugsPatcher.cab
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.clubbox.co.kr/bin/DownStarter.cab
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
DPF: {48ED5A74-A5A6-4EDE-AAC5-42D697FC3F19} - hxxp://www.cyberoro.com/download/cyber.cab
DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} - hxxp://www.cyberoro.com/download/OroCheck.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} - hxxp://cafe.naver.com/common/activex/nbgm.cab
DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} - hxxp://img.pandora.tv/pan_img/liveupdate/SVPorsche.cab
DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} - hxxp://comic.daum.net/download/new/ToonsXContentsPlug.cab
DPF: {710E4921-F77C-4D42-8EC4-4DFDEE52508F} - hxxp://210.90.46.53/activeX/ictPrintX.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} - hxxp://activexdown.paran.com/paranactivex/data/imweb.cab
DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} - hxxp://www.cabal.co.kr/Include/SysInfo.cab
DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - hxxp://www.bitdefender.com/scan/Msie/bitdefender.cab
DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} - hxxp://player.bugs.co.kr/install/mv/p3bvset.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.com/NMChatX/NMTransX.cab
DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - hxxp://cafeimg.hanmail.net/cab9/dmcc2.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} - hxxp://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab
DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} - hxxp://player.bugs.co.kr/install/XTools.cab
DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} - hxxp://player.bugs.co.kr/install/bugsLoader20040811.cab
DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - hxxp://www.ravantivirus.com/scan/ravonline.cab
DPF: {B2AEC562-9C98-459D-A596-6850EB2CE623} - hxxp://www.omi.co.kr/search/chart_package/comparison4.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} - hxxp://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2
DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} - hxxp://cdn.hangame.com/hangame/messenger/hani/webmsg/HanWebMsg.cab
DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} - hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab27591.cab
DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} - hxxp://player.bugs.co.kr/install/bugsLoader20041018.cab
DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} - hxxp://www.melon.com/cab/P3Melon.cab
DPF: {C415C83B-3FE3-4AAA-ABD0-53D812D25593} - hxxp://www.joycity.com/_app/JCUpdaterAX.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://gameguard.nefficient.co.kr/grigon/gamegard/nProtect/keycrypt/npkcx.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab31267.cab
DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} - hxxp://www.jceports.com/_app/cab/JSUpdaterAx.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {E8FC4708-B43C-4B2D-8D3F-A5D583D822F4} - hxxp://gamedown.paran.com/cab/ParanOnDemandX.cab
DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} - hxxp://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {B194D895-CE3A-40D7-8D35-A58D582028FD} = 4.2.2.1 4.2.2.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\documents and settings\owner\desktop\pigeon\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: ,
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\documents and settings\owner\my documents\bryan\edwido\security suite\shellhook.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\documents and settings\owner\desktop\pigeon\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profile s\51ippmes.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-8-9 11608]
R1 LIKECDN2;LIKECDN2;c:\windows\system32\drivers\LIKE CDN2.sys [2004-3-7 20972]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-8-9 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-8-9 151297]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R2 XSPACEWG;XSPACEWG;c:\windows\system32\drivers\XSpa ceWg.sys [2004-3-7 3503]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-8-9 52056]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\owner\desktop\pigeon\sasdifsv.sys --> c:\documents and settings\owner\desktop\pigeon\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\owner\desktop\pigeon\saskutil.sys --> c:\documents and settings\owner\desktop\pigeon\SASKUTIL.sys [?]
S2 ewido security suite control;ewido security suite control;c:\documents and settings\owner\my documents\bryan\edwido\security suite\ewidoctrl.exe --> c:\documents and settings\owner\my documents\bryan\edwido\security suite\ewidoctrl.exe [?]
S2 IMJPMIG8.3;IMJPMIG8.3;"c:\windows\system32\imjpmig 8_3.exe" -service --> c:\windows\system32\IMJPMIG8_3.exe [?]
S3 cdrm9;cdrm9;\??\c:\windows\system32\kauz.sys --> c:\windows\system32\kauz.sys [?]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwus bdnt.sys [2004-3-14 10368]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\owner\desktop\pigeon\sasenum.sys --> c:\documents and settings\owner\desktop\pigeon\SASENUM.SYS [?]
S3 scgsk;SCGSK Driver Service;c:\windows\system32\drivers\scgsk.sys [2004-10-28 6656]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-6-29 2383152]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-2-10 45840]

=============== Created Last 30 ================

2009-07-29 21:01 <DIR> --d----- c:\windows\ie8updates
2009-07-29 12:03 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-29 12:03 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-28 22:14 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-07-28 22:14 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-07-28 22:10 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-07-28 22:03 <DIR> -cd-h--- c:\windows\ie8
2009-07-24 19:42 283,648 -c------ c:\windows\system32\dllcache\pdh.dll
2009-07-24 19:42 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-07-24 19:42 399,360 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-07-24 19:42 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-07-24 19:42 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-07-24 19:42 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-07-24 19:42 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-24 19:42 616,960 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-07-24 19:42 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-07-24 19:19 1,193,414 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-07-24 19:19 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-24 18:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-23 14:46 <DIR> --d----- c:\program files\ulguide
2009-07-23 14:44 <DIR> --d----- c:\program files\utilguides
2009-07-23 14:44 <DIR> --d----- c:\program files\utilpack
2009-07-23 14:43 <DIR> --d----- c:\program files\ulineguide

==================== Find3M ====================

2009-08-04 14:16 114,589 a------- c:\windows\War3Unin.dat
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-09 03:54 128,000 a------- c:\windows\system32\UtilDownLauncher.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll

============= FINISH: 2:12:01.95 ===============




Attach.txt



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2004 9:20:58 PM
System Uptime: 8/9/2009 12:08:30 AM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3199/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3200/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 63.559 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.922 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP109: 5/12/2009 7:44:57 AM - System Checkpoint
RP110: 5/13/2009 5:37:46 PM - System Checkpoint
RP111: 5/14/2009 6:45:24 PM - System Checkpoint
RP112: 5/15/2009 7:08:58 PM - System Checkpoint
RP113: 5/16/2009 7:25:15 PM - System Checkpoint
RP114: 5/17/2009 7:27:12 PM - System Checkpoint
RP115: 5/18/2009 7:36:57 PM - System Checkpoint
RP116: 5/19/2009 9:03:08 PM - System Checkpoint
RP117: 5/20/2009 9:39:15 PM - System Checkpoint
RP118: 5/21/2009 12:07:00 AM - Installed GKLauncher
RP119: 5/22/2009 5:45:24 PM - System Checkpoint
RP120: 5/23/2009 5:56:07 PM - System Checkpoint
RP121: 5/24/2009 7:08:19 PM - System Checkpoint
RP122: 5/25/2009 8:11:42 PM - System Checkpoint
RP123: 5/26/2009 9:03:41 PM - System Checkpoint
RP124: 5/27/2009 10:12:44 PM - System Checkpoint
RP125: 5/28/2009 11:02:37 PM - System Checkpoint
RP126: 5/30/2009 8:12:34 AM - System Checkpoint
RP127: 5/31/2009 5:55:47 PM - System Checkpoint
RP128: 6/1/2009 8:21:23 PM - System Checkpoint
RP129: 6/2/2009 9:29:28 PM - System Checkpoint
RP130: 6/4/2009 1:42:02 AM - System Checkpoint
RP131: 6/5/2009 7:54:48 AM - System Checkpoint
RP132: 6/6/2009 9:29:25 AM - System Checkpoint
RP133: 6/7/2009 10:24:49 AM - System Checkpoint
RP134: 6/8/2009 11:47:38 AM - System Checkpoint
RP135: 6/9/2009 12:15:37 PM - System Checkpoint
RP136: 6/10/2009 1:00:42 PM - System Checkpoint
RP137: 6/11/2009 1:08:34 PM - System Checkpoint
RP138: 6/12/2009 4:06:39 PM - System Checkpoint
RP139: 6/13/2009 4:45:49 PM - System Checkpoint
RP140: 6/14/2009 9:21:00 PM - System Checkpoint
RP141: 6/15/2009 10:44:58 PM - System Checkpoint
RP142: 6/17/2009 1:03:48 AM - System Checkpoint
RP143: 6/18/2009 12:41:27 PM - System Checkpoint
RP144: 6/19/2009 12:54:50 PM - System Checkpoint
RP145: 6/20/2009 2:00:05 PM - System Checkpoint
RP146: 6/21/2009 2:43:33 PM - System Checkpoint
RP147: 6/22/2009 3:18:00 PM - System Checkpoint
RP148: 6/23/2009 3:27:55 PM - System Checkpoint
RP149: 6/24/2009 3:28:42 PM - System Checkpoint
RP150: 6/25/2009 4:12:15 PM - System Checkpoint
RP151: 6/26/2009 6:34:08 PM - System Checkpoint
RP152: 6/27/2009 11:22:10 PM - System Checkpoint
RP153: 6/29/2009 12:12:19 AM - System Checkpoint
RP154: 6/30/2009 9:07:02 AM - System Checkpoint
RP155: 7/1/2009 9:36:28 AM - System Checkpoint
RP156: 7/2/2009 10:22:53 AM - System Checkpoint
RP157: 7/3/2009 11:30:38 AM - System Checkpoint
RP158: 7/4/2009 1:18:26 PM - System Checkpoint
RP159: 7/5/2009 4:43:32 PM - System Checkpoint
RP160: 7/6/2009 4:45:52 PM - System Checkpoint
RP161: 7/7/2009 5:25:41 PM - System Checkpoint
RP162: 7/8/2009 7:36:14 PM - System Checkpoint
RP163: 7/9/2009 8:02:11 PM - System Checkpoint
RP164: 7/10/2009 9:32:54 PM - System Checkpoint
RP165: 7/11/2009 9:41:31 PM - System Checkpoint
RP166: 7/12/2009 11:26:11 PM - System Checkpoint
RP167: 7/13/2009 11:33:38 PM - System Checkpoint
RP168: 7/15/2009 1:55:55 PM - System Checkpoint
RP169: 7/16/2009 2:03:11 PM - System Checkpoint
RP170: 7/17/2009 2:25:27 PM - System Checkpoint
RP171: 7/18/2009 3:02:21 PM - System Checkpoint
RP172: 7/19/2009 8:41:07 PM - System Checkpoint
RP173: 7/20/2009 9:43:45 PM - System Checkpoint
RP174: 7/21/2009 9:55:01 PM - System Checkpoint
RP175: 7/22/2009 11:18:04 PM - System Checkpoint
RP176: 7/24/2009 9:52:24 AM - System Checkpoint
RP177: 7/24/2009 6:38:53 PM - Installed Java(TM) 6 Update 14
RP178: 7/24/2009 9:00:34 PM - Software Distribution Service 3.0
RP179: 7/25/2009 9:45:49 PM - System Checkpoint
RP180: 7/26/2009 10:35:43 PM - System Checkpoint
RP181: 7/28/2009 11:04:43 AM - System Checkpoint
RP182: 7/28/2009 9:00:29 PM - Software Distribution Service 3.0
RP183: 7/28/2009 9:59:05 PM - Software Distribution Service 3.0
RP184: 7/29/2009 9:00:23 PM - Software Distribution Service 3.0
RP185: 7/30/2009 10:04:20 PM - System Checkpoint
RP186: 7/31/2009 11:11:55 PM - System Checkpoint
RP187: 8/2/2009 3:20:47 AM - System Checkpoint
RP188: 8/3/2009 2:18:38 PM - System Checkpoint
RP189: 8/4/2009 3:39:23 PM - System Checkpoint
RP190: 8/5/2009 7:14:28 PM - System Checkpoint
RP191: 8/6/2009 9:16:55 PM - System Checkpoint
RP192: 8/7/2009 9:24:43 PM - System Checkpoint
RP193: 8/8/2009 10:39:31 PM - System Checkpoint
RP194: 8/9/2009 12:03:25 AM - Removed Symantec Endpoint Protection.

==== Installed Programs ======================


ACDSee
Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader Korean Fonts
Ahead Nero 6 Demo
AIM 6
AIM Toolbar 5.0
ALZip
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz 2
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Bonjour
CC¸A °OAO
CCleaner (remove only)
CDSpace 4.0 Upgrade
Chinese Traditional Fonts Support For Adobe Reader 8
Clubbox 파일전송관리자
Counter-Strike
Coupon Printer for Windows
Crossword Weaver 6.0
Daum ActiveX 컨트롤 - Daum 음악 플레이어
Daum ActiveX 컨트롤 - 음악 플레이
Daum ActiveX 컨트롤 - 한메일 파일업로더
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP WMA V8 Codec
Drivers Install For Linksys Easylink Advisor
Easy Barcode Creator
ewido security suite
Excavation from Hewlett-Packard Desktops (remove only)
FinePixViewer Ver.4.2
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
FUJIFILM USB Driver
GKLauncher
GOM Player
Google Toolbar for Internet Explorer
Gunbound Revolution
Hangul 2004
Hangul 2004's Package
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Deskjet Preloaded Printer Drivers
HpSdpAppCoreApp
ICCup Launcher
ijji
ijji Auto Installer
ImageMixer VCD2 for FinePix
INFO DONKEY 인포당나귀
INIplugin 4.0
INISafeWeb 5.0
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iPod for Windows 2005-01-11
iTunes
Java(TM) 6 Update 14
Korean Fonts Support For Adobe Reader 8
LimeWire 4.18.8
Linksys EasyLink Advisor 1.6 (0032)
LiveReg (Symantec Corporation)
LiveUpdate 3.3 (Symantec Corporation)
Logitech ImageStudio
Logitech MouseWare 9.79.1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
MFP 300 Logo Editor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
MicroStaff WINASPI
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.2)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Mu
Multimedia Card Reader
My BootDisk V2.51
MyFirewall
Nintendo Wi-Fi USB Connector Registration Tool
Ntamin_FreeStyle
NVIDIA GART Driver
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
PChome - Skype 3.0
Polar Bowler from Hewlett-Packard Desktops (remove only)
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RAW FILE CONVERTER LE
RealOne Player
RecordNow!
Sakuracash
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Shockwave
Skype Plugin Manager
Smart Update Utility
Sonic Update Manager
Spy Sweeper
Spybot - Search & Destroy 1.3
Starcraft
Steam
SUPERAntiSpyware Free Edition
The KMPlayer(remove only)
TI Connect 1.5
toolkit
ulguide
ulineguide
Uninstall dTomoyo's Unified Codec Pack (Type 3, Ver. 7.08.12)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
utilguide Uninstall
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtools 3D Life Player
Warcraft III: All Products
WebFldrs XP
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Donkey Toolbar
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
나모 웹에디터 5
당나귀 P2P
리워드넷(샵가이드/웹가이드)
알씨
킫orrent
판도라TV미니

==== Event Viewer Messages From Past Week ========

8/9/2009 12:10:57 AM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
8/9/2009 12:00:32 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/3/2009 2:05:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
8/3/2009 2:05:21 PM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/3/2009 2:05:21 PM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/3/2009 2:05:21 PM, error: Service Control Manager [7000] - The IMJPMIG8.3 service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================




Hope that helped.
Reply With Quote
  #6 (permalink)   Top
Old 10th August 2009, 10:43 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Go to Add or Remove Programs and uninstall:

  • ewido security suite <- Outdated
  • INFO DONKEY 인포당나귀 (see here)
  • LiveReg (Symantec Corporation)
  • LiveUpdate 3.3 (Symantec Corporation)
  • Spybot - Search & Destroy 1.3 <- Needs to be updated to the new Version 1.6.2
  • Viewpoint Manager (Remove Only)
  • Viewpoint Media Player
  • Windows Donkey Toolbar <- You need a safer p2p client. This one is not secure!

----------

Download the Norton Removal Tool (SymNRT) to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
* Once open Click Next
* Accept the license agreement and click Next
* Type in the letters/numbers that you see into the text box then click Next.
* Then click Next and the tool will start running.
* Once finished restart the PC.
* Delete the 'Norton_Removal_Tool' from your desktop.[/list]

 ----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

DDS::
uStart Page = about:blank
uDefault_Page_URL =
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ulineguide Class: {c3105eee-9977-460e-b842-b04de95921b5} - c:\program files\ulineguide\ulineguidepack.dll
BHO: 인포당나귀: {ef0da19e-5ccd-4b29-afce-3b37e91f8589} - c:\progra~1\infodo~1\INFODO~1.DLL
TB: Donkey Toolbar (&D): {638886b2-cf33-4ea0-aff8-dc8e504500cb} - c:\progra~1\donkeytb\donkeytb.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - 
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [donkeyp2p] c:\documents and settings\owner\my documents\bryan\당나깊\donkeyp2p\update_check.exe /start
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [donkeytb] c:\program files\donkeytb\updatecheck.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {089F95DD-370D-43CD-B472-99DD3EB7EEC1} - {C3184C2D-3FFD-4E62-AA11-1E5123811752} - c:\progra~1\infodo~1\INFODO~1.DLL
IE: {B9F6E34F-369A-443F-BBB6-E610771F619E} - {A8E64858-0D1D-4E0C-9C53-6F8C9EB1E893}
DPF: 799BB2EC-572A-42A9-84AD-112806F4F551
AppInit_DLLs:  , 

Firefox::
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #7 (permalink)   Top
Old 13th August 2009, 05:13 AM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
OK. I followed everything.

1) I uninstalled everything, INFODONKEY and windows donkey toolbar said it might have been already uninstalled. I checked after reboot, everything is gone.

2) This isn't anything new, just thought I might point it out. When the computer starts, an error message saying that "windows defender" application failed to initialize. It's been like that for a long time.

3) Here is the Combofix.txt



ComboFix 09-08-10.06 - Owner 3/2009 Thu 0:41.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.511.220 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\infodo~1\INFODO~1.DLL
c:\program files\messenger\msmsgs.exe
c:\program files\ulineguide\ulineguidepack.dll
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\rave
c:\windows\Downloaded Program Files\rave\avirexe.vdm
c:\windows\Downloaded Program Files\rave\avirscr.vdm
c:\windows\Downloaded Program Files\rave\base.vdm
c:\windows\Downloaded Program Files\rave\daily.vdm
c:\windows\Downloaded Program Files\rave\daily.vdt
c:\windows\Downloaded Program Files\rave\filters.vdm
c:\windows\Downloaded Program Files\rave\kernel.vdk
c:\windows\Downloaded Program Files\rave\keyring.vdk
c:\windows\Downloaded Program Files\rave\mapi_vdm.vdm
c:\windows\Downloaded Program Files\rave\modules.vdk
c:\windows\Downloaded Program Files\rave\rav8def.vdm
c:\windows\Downloaded Program Files\rave\rufs.vdm
c:\windows\Downloaded Program Files\rave\rufsplg.vdm
c:\windows\Downloaded Program Files\rave\unarch.vdm
c:\windows\Downloaded Program Files\rave\unmail.vdm
c:\windows\Downloaded Program Files\rave\unpack.vdm
c:\windows\Downloaded Program Files\TEMP
c:\windows\Downloaded Program Files\update
c:\windows\Downloaded Program Files\update\ahn.ui
c:\windows\Downloaded Program Files\update\ahninst.dll
c:\windows\Downloaded Program Files\update\ahnupctl.dll
c:\windows\Downloaded Program Files\update\autoup.exe
c:\windows\Downloaded Program Files\update\mf20\ahnupctl.dl-
c:\windows\Downloaded Program Files\update\mf20\mfnt.ex-
c:\windows\Downloaded Program Files\update\mf20\psapi.dl-
c:\windows\Downloaded Program Files\update\mf20\rc_chs.da-
c:\windows\Downloaded Program Files\update\mf20\rc_enu.da-
c:\windows\Downloaded Program Files\update\mf20\rc_index.da-
c:\windows\Downloaded Program Files\update\mf20\rc_jpn.da-
c:\windows\Downloaded Program Files\update\mf20\rc_kor.da-
c:\windows\Downloaded Program Files\update\mf20\troylist.da-
c:\windows\Downloaded Program Files\update\mf20\v3drex.dl-
c:\windows\Downloaded Program Files\update\mf20\v3sr32.dl-
c:\windows\Downloaded Program Files\update\mf20\v3wshook.dl-
c:\windows\Downloaded Program Files\update\mf20\v3wsui.dl-
c:\windows\Downloaded Program Files\update\readme.tx-
c:\windows\Downloaded Program Files\update\v3bz32.dll
c:\windows\Downloaded Program Files\update\v3pro32s.dl-
c:\windows\Downloaded Program Files\update\v3warpds.v3-
c:\windows\Downloaded Program Files\update\v3warpns.v3-
c:\windows\Installer\1014c22.msi
c:\windows\Installer\10be16.msi
c:\windows\Installer\123ee.msi
c:\windows\Installer\123fc.msi
c:\windows\Installer\15f964e.msi
c:\windows\Installer\16020d9.msi
c:\windows\Installer\195ea.msi
c:\windows\Installer\211ca2d.msi
c:\windows\Installer\4af6b.msi
c:\windows\Installer\932ee.msi
c:\windows\patch.exe
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\MSrev41.dll
D:\Autorun.inf


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSLLR
-------\Legacy_SVCPROC


((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 04:31 . 2009-08-13 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-12 20:26 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-08-09 04:20 . 2009-08-09 06:07 -------- d-----w- c:\windows\BDOSCAN8
2009-08-05 09:11 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 01:01 . 2009-07-30 01:01 -------- d-----w- c:\windows\ie8updates
2009-07-29 16:03 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-29 16:03 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-29 03:13 . 2009-07-29 03:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-29 02:14 . 2009-07-29 02:14 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-07-29 02:14 . 2009-07-29 02:14 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-07-29 02:10 . 2009-07-29 02:10 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-07-29 02:03 . 2009-07-29 02:06 -------- dc-h--w- c:\windows\ie8
2009-07-26 16:00 . 2009-07-26 16:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-07-24 23:42 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-24 23:42 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-07-24 23:42 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-24 23:42 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-24 23:42 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-24 23:42 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-24 23:42 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-24 23:42 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-24 23:42 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-24 23:19 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-24 22:39 . 2009-07-24 22:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 22:38 . 2009-07-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-24 22:38 . 2009-07-24 22:38 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-24 17:43 . 2009-07-24 19:48 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-07-23 18:46 . 2009-07-23 18:46 -------- d-----w- c:\program files\ulguide
2009-07-23 18:44 . 2009-08-07 16:54 -------- d-----w- c:\program files\utilguides
2009-07-23 18:44 . 2009-07-24 17:31 -------- d-----w- c:\program files\utilpack
2009-07-23 18:43 . 2009-08-13 04:49 -------- d-----w- c:\program files\ulineguide
2009-07-17 18:55 . 2009-07-17 18:55 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-13 04:49 . 2008-08-08 21:28 -------- d-----w- c:\program files\infodonkey
2009-08-13 04:25 . 2005-08-18 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-13 04:25 . 2005-05-15 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 04:25 . 2005-05-15 01:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-09 05:24 . 2007-06-18 16:11 -------- d-----w- c:\program files\PandoraTVMini
2009-08-05 09:11 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:16 . 2005-03-05 20:14 114589 ----a-w- c:\windows\War3Unin.dat
2009-07-24 22:42 . 2003-10-11 03:09 -------- d-----w- c:\program files\Java
2009-07-24 21:05 . 2009-01-05 02:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 21:05 . 2009-05-04 06:23 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-24 20:31 . 2008-08-08 21:28 -------- d-----w- c:\program files\sakuracash
2009-07-17 18:55 . 2003-11-06 00:04 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:36 . 2009-01-05 02:24 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-01-05 02:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 14:08 . 2003-10-11 03:06 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 07:54 . 2009-07-09 07:54 128000 ----a-w- c:\windows\system32\UtilDownLauncher.dll
2009-07-03 17:09 . 2005-04-27 14:54 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 17:48 . 2009-07-01 17:48 -------- d-----w- c:\program files\Coupons
2009-06-25 08:44 . 2003-11-06 00:06 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2003-11-06 00:06 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2003-11-06 00:05 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2003-11-05 23:26 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2003-11-05 23:24 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2003-11-05 23:24 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-22 11:34 . 2003-10-11 02:22 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2003-11-06 00:05 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2003-11-05 23:26 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2003-10-11 02:22 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2003-11-06 00:04 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2003-11-05 23:26 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2003-11-06 00:06 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2003-05-30 23:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 18:58 . 2008-08-09 18:53 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-19 05:36 . 2009-06-12 20:43 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-12 20:43 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-12 20:43 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-12 20:43 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-12 20:43 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 05:36 . 2009-06-12 20:43 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 05:36 . 2009-06-12 20:43 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:36 . 2009-06-12 20:43 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RealPlayer"="c:\program files\Real\RealOne Player\realplay.exe" [2006-05-26 1003520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-15 39408]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-08-19 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 148888]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86 \3\hpztsb08.exe" [2003-03-12 172032]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScI nst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT \TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TIN TSETP.EXE" [2002-08-29 455168]
"NeroCheck"="c:\windows\system32\NeroCheck.exe " [2001-07-09 155648]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2003-07-15 19520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-02-10 1420560]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104]
"VX6000"="c:\windows\vVX6000.exe" [2006-06-29 994096]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-15 40960]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-3-7 113664]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-7-15 1073152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\Warcraft III\\Frozen Throne.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\p3aodsvr.exe"=
"c:\\WINDOWS\\system32\\p3bvsvr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\소리바다\\SORIBADA\\SORIBADA.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\BugsSvr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\trueplay.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\torrentz\\utorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\FSCAgent.exe"=
"c:\\WINDOWS\\system32\\ClubBox.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\soomyung0817@hotma il.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\pdrtvsvr.exe"=
"c:\\WINDOWS\\system32\\P3MelonSvr.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\당나귀\\donkeyp2p\\donkeyp2p.exe"=
"c:\\WINDOWS\\system32\\nowdownloader.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\PandoraTVMini\\MiniStream.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\´c³ª±I\\donkeyp2p\\donkeyp2p.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:warcraft
"29101:TCP"= 29101:TCP:파일전송 데몬
"6348:TCP"= 6348:TCP:Limewire
"6348:UDP"= 6348:UDP:Limewire

R1 LIKECDN2;LIKECDN2;c:\windows\system32\drivers\LIKE CDN2.sys [3/7/2004 7:12 PM 20972]
R2 XSPACEWG;XSPACEWG;c:\windows\system32\drivers\XSpa ceWg.sys [3/7/2004 7:12 PM 3503]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\Owner\Desktop\pigeon\SASDIFSV.SYS --> c:\documents and settings\Owner\Desktop\pigeon\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\Owner\Desktop\pigeon\SASKUTIL.sys --> c:\documents and settings\Owner\Desktop\pigeon\SASKUTIL.sys [?]
S2 IMJPMIG8.3;IMJPMIG8.3;"c:\windows\System32\IMJPMIG 8_3.exe" -service --> c:\windows\System32\IMJPMIG8_3.exe [?]
S3 cdrm9;cdrm9;\??\c:\windows\System32\kauz.sys --> c:\windows\System32\kauz.sys [?]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwus bdnt.sys [3/14/2004 12:24 AM 10368]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\Owner\Desktop\pigeon\SASENUM.SYS --> c:\documents and settings\Owner\Desktop\pigeon\SASENUM.SYS [?]
S3 scgsk;SCGSK Driver Service;c:\windows\system32\drivers\scgsk.sys [10/28/2004 6:21 PM 6656]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/29/2006 7:56 PM 2383152]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2/10/2006 4:27 PM 45840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2006-12-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 20:27]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WebCamRT.exe - (no file)
HKCU-Run-Steam - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-AutoUtil - c:\program files\AutoUtil\AutoUtil.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\documents and settings\Owner\Desktop\pigeon\SASSEH.DLL
Notify-!SASWinLogon - c:\documents and settings\Owner\Desktop\pigeon\SASWINLO.dll


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://us10.hpwis.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: teri.org
TCP: {B194D895-CE3A-40D7-8D35-A58D582028FD} = 4.2.2.1 4.2.2.2
DPF: 799BB2EC-572A-42A9-84AD-112806F4F551
DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} - hxxp://www.netmarble.net/game/nmstarter/NMStarter16.cab
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshooting/usbaptest.cab
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/ArchlordDownloader0623.cab
DPF: {2AE5077E-2BCD-4B77-9D19-237C882BD6AF} - hxxp://www.monario.com/ActiveX/monariofiledownload.cab
DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} - hxxp://player.bugs.co.kr/install/BugsInstall.cab
DPF: {35B93CED-4B24-4FA7-B143-B4F5BBBA9F7A} - hxxp://gamepatch.bugs.co.kr/BugsPatcher.cab
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.clubbox.co.kr/bin/DownStarter.cab
DPF: {48ED5A74-A5A6-4EDE-AAC5-42D697FC3F19} - hxxp://www.cyberoro.com/download/cyber.cab
DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} - hxxp://www.cyberoro.com/download/OroCheck.cab
DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} - hxxp://cafe.naver.com/common/activex/nbgm.cab
DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} - hxxp://img.pandora.tv/pan_img/liveupdate/SVPorsche.cab
DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} - hxxp://comic.daum.net/download/new/ToonsXContentsPlug.cab
DPF: {710E4921-F77C-4D42-8EC4-4DFDEE52508F} - hxxp://210.90.46.53/activeX/ictPrintX.cab
DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} - hxxp://activexdown.paran.com/paranactivex/data/imweb.cab
DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} - hxxp://www.cabal.co.kr/Include/SysInfo.cab
DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} - hxxp://player.bugs.co.kr/install/mv/p3bvset.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.com/NMChatX/NMTransX.cab
DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - hxxp://cafeimg.hanmail.net/cab9/dmcc2.cab
DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} - hxxp://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab
DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} - hxxp://player.bugs.co.kr/install/XTools.cab
DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} - hxxp://player.bugs.co.kr/install/bugsLoader20040811.cab
DPF: {B2AEC562-9C98-459D-A596-6850EB2CE623} - hxxp://www.omi.co.kr/search/chart_package/comparison4.CAB
DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} - hxxp://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2
DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} - hxxp://cdn.hangame.com/hangame/messenger/hani/webmsg/HanWebMsg.cab
DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} - hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab
DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} - hxxp://player.bugs.co.kr/install/bugsLoader20041018.cab
DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} - hxxp://www.melon.com/cab/P3Melon.cab
DPF: {C415C83B-3FE3-4AAA-ABD0-53D812D25593} - hxxp://www.joycity.com/_app/JCUpdaterAX.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60.cab
DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} - hxxp://www.jceports.com/_app/cab/JSUpdaterAx.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {E8FC4708-B43C-4B2D-8D3F-A5D583D822F4} - hxxp://gamedown.paran.com/cab/ParanOnDemandX.cab
DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} - hxxp://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\51ippmes.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-13 00:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{46D387E 9-41FC-4F71-A7C3-B0BEB3568F00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\IMEKR70.IME

- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\IMEKR70.IME
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Real\Update_OB\rnathchk.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-08-13 1:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 05:04

Pre-Run: 67,927,814,144 bytes free
Post-Run: 67,912,679,424 bytes free

420 --- E O F --- 2009-08-13 04:17







Quite a long log...the only problem might have been that when it restarted, Avira automatically ran so I disabled it.
Reply With Quote
  #8 (permalink)   Top
Old 13th August 2009, 05:16 AM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
Sorry I forgot to mention,

My computer was trying to update and install "windows XP service pack 3". I wasn't sure if it would affect this so I cancelled. If it's something I need to get later, could you tell me how to download? The update icon does not come up anymore.
Reply With Quote
  #9 (permalink)   Top
Old 13th August 2009, 07:55 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Quote:
Originally Posted by ysb21189 View Post
Sorry I forgot to mention,

My computer was trying to update and install "windows XP service pack 3". I wasn't sure if it would affect this so I cancelled. If it's something I need to get later, could you tell me how to download? The update icon does not come up anymore.
No please don't update Windows until we are done. It can cause problems when infected.

Quote:
2) This isn't anything new, just thought I might point it out. When the computer starts, an error message saying that "windows defender" application failed to initialize. It's been like that for a long time.
You actually still have a very outdated version of Windows Defender still running that I was going to mention later but since you are getting errors we can Take care of it now.

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

FixCSet::

DDS::
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

Folder::
c:\documents and settings\All Users\Application Data\NortonInstaller

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\´c³ª±I\\donkeyp2p\\donkeyp2p.exe"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{46D387E 9-41FC-4F71-A7C3-B0BEB3568F00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #10 (permalink)   Top
Old 14th August 2009, 02:26 AM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
Here is the log from combofix. The windows defender error came up again on restart.




ComboFix 09-08-10.06 - Owner 3/2009 Thu 22:00.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.511.291 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\08-13-2009-00h31m29s\SymNRT-08-13-2009-00h31m29s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\08-13-2009-00h31m29s\SymNRT.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\progra~1\wifd1f~1\MpShHook.dll


.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-12 20:26 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-08-09 04:20 . 2009-08-09 06:07 -------- d-----w- c:\windows\BDOSCAN8
2009-08-05 09:11 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 01:01 . 2009-07-30 01:01 -------- d-----w- c:\windows\ie8updates
2009-07-29 16:03 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-29 16:03 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-29 03:13 . 2009-07-29 03:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-29 02:14 . 2009-07-29 02:14 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-07-29 02:14 . 2009-07-29 02:14 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-07-29 02:10 . 2009-07-29 02:10 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-07-29 02:03 . 2009-07-29 02:06 -------- dc-h--w- c:\windows\ie8
2009-07-26 16:00 . 2009-07-26 16:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-07-24 23:42 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-24 23:42 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-07-24 23:42 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-24 23:42 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-24 23:42 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-24 23:42 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-24 23:42 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-24 23:42 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-24 23:42 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-24 23:19 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-24 22:39 . 2009-07-24 22:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 22:38 . 2009-07-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-24 22:38 . 2009-07-24 22:38 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-24 17:43 . 2009-07-24 19:48 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-07-23 18:46 . 2009-07-23 18:46 -------- d-----w- c:\program files\ulguide
2009-07-23 18:44 . 2009-08-07 16:54 -------- d-----w- c:\program files\utilguides
2009-07-23 18:44 . 2009-07-24 17:31 -------- d-----w- c:\program files\utilpack
2009-07-23 18:43 . 2009-08-13 04:49 -------- d-----w- c:\program files\ulineguide
2009-07-17 18:55 . 2009-07-17 18:55 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-14 02:09 . 2006-04-06 22:18 -------- d-----w- c:\program files\Windows Defender
2009-08-13 04:49 . 2008-08-08 21:28 -------- d-----w- c:\program files\infodonkey
2009-08-13 04:25 . 2005-08-18 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-13 04:25 . 2005-05-15 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 04:25 . 2005-05-15 01:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-09 05:24 . 2007-06-18 16:11 -------- d-----w- c:\program files\PandoraTVMini
2009-08-05 09:11 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:16 . 2005-03-05 20:14 114589 ----a-w- c:\windows\War3Unin.dat
2009-07-24 22:42 . 2003-10-11 03:09 -------- d-----w- c:\program files\Java
2009-07-24 21:05 . 2009-01-05 02:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 21:05 . 2009-05-04 06:23 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-24 20:31 . 2008-08-08 21:28 -------- d-----w- c:\program files\sakuracash
2009-07-17 18:55 . 2003-11-06 00:04 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:36 . 2009-01-05 02:24 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-01-05 02:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 14:08 . 2003-10-11 03:06 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 07:54 . 2009-07-09 07:54 128000 ----a-w- c:\windows\system32\UtilDownLauncher.dll
2009-07-03 17:09 . 2005-04-27 14:54 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 17:48 . 2009-07-01 17:48 -------- d-----w- c:\program files\Coupons
2009-06-25 08:44 . 2003-11-06 00:06 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2003-11-06 00:06 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2003-11-06 00:05 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2003-11-05 23:26 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2003-11-05 23:24 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2003-11-05 23:24 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-22 11:34 . 2003-10-11 02:22 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2003-11-06 00:05 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2003-11-05 23:26 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2003-10-11 02:22 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2003-11-06 00:04 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2003-11-05 23:26 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2003-11-06 00:06 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2003-05-30 23:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 18:58 . 2008-08-09 18:53 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-19 05:36 . 2009-06-12 20:43 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-12 20:43 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-12 20:43 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-12 20:43 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-12 20:43 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 05:36 . 2009-06-12 20:43 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 05:36 . 2009-06-12 20:43 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:36 . 2009-06-12 20:43 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-13_04.57.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-14 02:14 . 2009-08-14 02:14 16384 c:\windows\temp\Perflib_Perfdata_578.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RealPlayer"="c:\program files\Real\RealOne Player\realplay.exe" [2006-05-26 1003520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-15 39408]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-08-19 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 148888]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86 \3\hpztsb08.exe" [2003-03-12 172032]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScI nst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT \TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TIN TSETP.EXE" [2002-08-29 455168]
"NeroCheck"="c:\windows\system32\NeroCheck.exe " [2001-07-09 155648]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2003-07-15 19520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-02-10 1420560]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104]
"VX6000"="c:\windows\vVX6000.exe" [2006-06-29 994096]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-15 40960]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-3-7 113664]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-7-15 1073152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\Warcraft III\\Frozen Throne.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\p3aodsvr.exe"=
"c:\\WINDOWS\\system32\\p3bvsvr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\소리바다\\SORIBADA\\SORIBADA.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\BugsSvr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\trueplay.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\torrentz\\utorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\FSCAgent.exe"=
"c:\\WINDOWS\\system32\\ClubBox.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\soomyung0817@hotma il.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\pdrtvsvr.exe"=
"c:\\WINDOWS\\system32\\P3MelonSvr.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\당나귀\\donkeyp2p\\donkeyp2p.exe"=
"c:\\WINDOWS\\system32\\nowdownloader.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\PandoraTVMini\\MiniStream.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\bryan\\´c³ª±I\\donkeyp2p\\donkeyp2p.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:warcraft
"29101:TCP"= 29101:TCP:파일전송 데몬
"6348:TCP"= 6348:TCP:Limewire
"6348:UDP"= 6348:UDP:Limewire

R1 LIKECDN2;LIKECDN2;c:\windows\system32\drivers\LIKE CDN2.sys [3/7/2004 7:12 PM 20972]
R2 XSPACEWG;XSPACEWG;c:\windows\system32\drivers\XSpa ceWg.sys [3/7/2004 7:12 PM 3503]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\Owner\Desktop\pigeon\SASDIFSV.SYS --> c:\documents and settings\Owner\Desktop\pigeon\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\Owner\Desktop\pigeon\SASKUTIL.sys --> c:\documents and settings\Owner\Desktop\pigeon\SASKUTIL.sys [?]
S2 IMJPMIG8.3;IMJPMIG8.3;"c:\windows\System32\IMJPMIG 8_3.exe" -service --> c:\windows\System32\IMJPMIG8_3.exe [?]
S3 cdrm9;cdrm9;\??\c:\windows\System32\kauz.sys --> c:\windows\System32\kauz.sys [?]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwus bdnt.sys [3/14/2004 12:24 AM 10368]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\Owner\Desktop\pigeon\SASENUM.SYS --> c:\documents and settings\Owner\Desktop\pigeon\SASENUM.SYS [?]
S3 scgsk;SCGSK Driver Service;c:\windows\system32\drivers\scgsk.sys [10/28/2004 6:21 PM 6656]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/29/2006 7:56 PM 2383152]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2/10/2006 4:27 PM 45840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2006-12-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 20:27]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://us10.hpwis.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: teri.org
DPF: 799BB2EC-572A-42A9-84AD-112806F4F551
DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} - hxxp://www.netmarble.net/game/nmstarter/NMStarter16.cab
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshooting/usbaptest.cab
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/ArchlordDownloader0623.cab
DPF: {2AE5077E-2BCD-4B77-9D19-237C882BD6AF} - hxxp://www.monario.com/ActiveX/monariofiledownload.cab
DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} - hxxp://player.bugs.co.kr/install/BugsInstall.cab
DPF: {35B93CED-4B24-4FA7-B143-B4F5BBBA9F7A} - hxxp://gamepatch.bugs.co.kr/BugsPatcher.cab
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.clubbox.co.kr/bin/DownStarter.cab
DPF: {48ED5A74-A5A6-4EDE-AAC5-42D697FC3F19} - hxxp://www.cyberoro.com/download/cyber.cab
DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} - hxxp://www.cyberoro.com/download/OroCheck.cab
DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} - hxxp://cafe.naver.com/common/activex/nbgm.cab
DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} - hxxp://img.pandora.tv/pan_img/liveupdate/SVPorsche.cab
DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} - hxxp://comic.daum.net/download/new/ToonsXContentsPlug.cab
DPF: {710E4921-F77C-4D42-8EC4-4DFDEE52508F} - hxxp://210.90.46.53/activeX/ictPrintX.cab
DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} - hxxp://activexdown.paran.com/paranactivex/data/imweb.cab
DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} - hxxp://www.cabal.co.kr/Include/SysInfo.cab
DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} - hxxp://player.bugs.co.kr/install/mv/p3bvset.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.com/NMChatX/NMTransX.cab
DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - hxxp://cafeimg.hanmail.net/cab9/dmcc2.cab
DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} - hxxp://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab
DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} - hxxp://player.bugs.co.kr/install/XTools.cab
DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} - hxxp://player.bugs.co.kr/install/bugsLoader20040811.cab
DPF: {B2AEC562-9C98-459D-A596-6850EB2CE623} - hxxp://www.omi.co.kr/search/chart_package/comparison4.CAB
DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} - hxxp://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2
DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} - hxxp://cdn.hangame.com/hangame/messenger/hani/webmsg/HanWebMsg.cab
DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} - hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab
DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} - hxxp://player.bugs.co.kr/install/bugsLoader20041018.cab
DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} - hxxp://www.melon.com/cab/P3Melon.cab
DPF: {C415C83B-3FE3-4AAA-ABD0-53D812D25593} - hxxp://www.joycity.com/_app/JCUpdaterAX.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60.cab
DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} - hxxp://www.jceports.com/_app/cab/JSUpdaterAx.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {E8FC4708-B43C-4B2D-8D3F-A5D583D822F4} - hxxp://gamedown.paran.com/cab/ParanOnDemandX.cab
DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} - hxxp://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\51ippmes.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-13 22:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{46D387E 9-41FC-4F71-A7C3-B0BEB3568F00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\IMEKR70.IME

- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\IMEKR70.IME
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Real\Update_OB\rnathchk.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-08-14 22:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 02:23
ComboFix2.txt 2009-08-13 05:04

Pre-Run: 67,928,121,344 bytes free
Post-Run: 67,922,198,528 bytes free

359 --- E O F --- 2009-08-13 04:17
Reply With Quote
  #11 (permalink)   Top
Old 14th August 2009, 03:13 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Can you tell me the exact error you get?
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #12 (permalink)   Top
Old 14th August 2009, 05:39 AM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
The error message that comes up is

Windows Defender
Application failed to initialize 0x800106ba. A problem caused windows defender to stop. To start the service restart or search for help on how to start manually.

Thats the message almost word for word.


BUT bigger problem...

My internet crashed around midnight. I was on an image hosting site of some sort. After it crashed my computer slowed down for a few minutes and the windows security alert told me that firewall was off. While it was crashing, java came up on the bottom right toolbar. So I turned firewall back on and in a few minutes, I got a bunch of antivir alerts telling me about 4 different trojans...So I ran a scan with antivir and it found a TR/fakealert then restarted while it was still scanning. It seems normal when it restarted except that the antivir guard cannot be enabled.

I think I might have just undone everything you helped with. I'm going to try running an antivir scan one more time but other than that I will wait to do what you tell me to do.

This happened a while after the combofix so I'm pretty sure they are unrelated.

Sorry.
Reply With Quote
  #13 (permalink)   Top
Old 14th August 2009, 05:42 AM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
OK It is not all normal.

When I go on internet explorer and search something on google, the results come out in a larger font after some delay and when I click on a result, it opens another ad page. firefox still works the same.
Reply With Quote
  #14 (permalink)   Top
Old 14th August 2009, 06:22 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Update Malwarebytes and run a new scan. Post the log.

Then run a new ComboFix scan and post that log also.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #15 (permalink)   Top
Old 14th August 2009, 07:05 AM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
Neither of them will run. they show up as running processes but nothing happens. I tried reinstalling malwarebytes but it would not even uninstall.
Reply With Quote
  #16 (permalink)   Top
Old 14th August 2009, 07:17 AM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
I will post the Avira scan, although since the guard didn't do anything I guess this scan will be just as useless.






Avira AntiVir Personal
Report file date: Friday, August 14, 2009 01:43

Scanning for 1637477 virus strains and unwanted programs.

Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANYTHING

Version information:
BUILD.DAT : 8.2.0.353 17048 Bytes 2009-05-15 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-26 19:58:43
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 20:01:57
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 2009-06-24 19:09:12
ANTIVIR2.VDF : 7.1.5.88 2668032 Bytes 2009-08-10 04:14:06
ANTIVIR3.VDF : 7.1.5.110 263680 Bytes 2009-08-13 05:15:53
Engineversion : 8.2.1.1
AEVDF.DLL : 8.1.1.1 106868 Bytes 2009-05-06 22:07:40
AESCRIPT.DLL : 8.1.2.25 459130 Bytes 2009-08-13 04:14:16
AESCN.DLL : 8.1.2.4 127348 Bytes 2009-07-22 18:58:14
AERDL.DLL : 8.1.2.4 430452 Bytes 2009-07-15 19:13:35
AEPACK.DLL : 8.1.3.18 401783 Bytes 2009-05-27 18:58:24
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 2009-06-17 19:02:45
AEHEUR.DLL : 8.1.0.154 1917302 Bytes 2009-08-08 06:45:24
AEHELP.DLL : 8.1.5.3 233846 Bytes 2009-07-22 18:58:12
AEGEN.DLL : 8.1.1.56 356725 Bytes 2009-08-13 04:14:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-15 20:03:39
AECORE.DLL : 8.1.7.6 184694 Bytes 2009-07-22 18:58:08
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-15 20:03:35
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 2009-04-22 18:58:22
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, August 14, 2009 01:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MSCamSvc.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
Scan process 'rnathchk.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'vVX6000.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb08.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'shwicon2k.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'ps2.EXE' - '1' Module(s) have been scanned
Scan process 'ltmsg.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '82' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Owner\Local Settings\temp\b.exe
[DETECTION] Is the TR/Fakealert.139264 Trojan
[NOTE] The file was moved to '4ae9fb3f.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\V0YIHXM4\voj[1].png
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
[NOTE] The file was moved to '4aeefb84.qua'!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: Friday, August 14, 2009 02:37
Used time: 54:22 Minute(s)

The scan has been done completely.

10064 Scanning directories
456842 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
456838 Files not concerned
8717 Archives were scanned
6 Warnings
2 Notes
Reply With Quote
  #17 (permalink)   Top
Old 14th August 2009, 06:45 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Try the renamer download for Malwarbytes.

http://kixhelp.com/wr/files/mb/randmbam.exe

The randmbam.exe will try to create random names and shortcuts for Malwarebytes Anti Malware (MBAM) if you have it installed already.

If it installs then use this link to download the updates.

Download Malwarebytes' Anti-Malware Database - GT500.org

Just download it to the desktop and run the exe then run Malwarebytes.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #18 (permalink)   Top
Old 15th August 2009, 07:42 PM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
Ok, the renamer created a new shortcut on my desktop for malwarebytes and i could run it. When I tried to update though, it froze my computer. I manually restarted and it went to a black screen so restarted manually one more time. I then ran a scan without updating (definitions up to 7/14/09). The google results to ad is gone now.

Here is the log:

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

8/15/2009 3:29:13 PM
mbam-log-2009-08-15 (15-29-13).txt

Scan type: Quick Scan
Objects scanned: 100873
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Reply With Quote
  #19 (permalink)   Top
Old 15th August 2009, 09:47 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
You should be able to update MalwareBytes now and run a new scan please.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #20 (permalink)   Top
Old 15th August 2009, 10:11 PM
ysb21189's Avatar
Newcomer
  
Join Date: Jan 2009, 21 posts.
Reputation: ysb21189 is on a distinguished road
I can still only run it under the changed name. When I update, it connects, downloads, and says that the newest version was downloaded and that it will close to install the latest version. Then it closes and nothing happens. Same thing happens everytime.
Reply With Quote
Reply
Page 1 of 2 1 2 >

Only registered members can participate in forum threads. You must register or log in to contribute.


« Previous Thread | Next Thread »
Thread Tools

Forum Jump


All times are GMT. The time now is 11:19 PM.

Contact Us - Tech Support Team - Terms of Service - Top


Member Login
Forgot Password?



Post A Question!
Useful Links
Main Menu
Home
Forum Rules
FAQ
About Us
Welcome Pack
Search the forums
TST Mobile
Contact Us
Send Message

These are the 8 most used thread tags
Tag Cloud
geforce modem monitor no ring response no signal nvidia soft modem win7
Copyright © Tech Support Team, Inc. All rights reserved.
TechSupportTeam.org is an Privacy Policy and Legal Powered by vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.