Spyware continuously reinitilizing itself and interfering with internet access!

jkwak01jkwak01 Pennsylvania
edited January 2010 in Spyware & Virus Removal
Greetings Icrontic Forums!

Here's my problem:

I have a series of weird spyware that keep on screwing around with my internet browsing. For example, let's say I do a general search for just about anything, like the name of a local bakery (that has a website). Upon clicking it, I am redirected to a website that provides further searches based on my key words.

One of such sites I was redirected to was a yellowpages site that tried to further search my key words.


Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:04 PM, on 1/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\tppaldr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\DOCUME~1\Julius\LOCALS~1\Temp\clclean.0001
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/resetpw.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Julius\jye.exe \s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: (no name) - {21608B66-026F-4DCB-9244-0DACA328DCED} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CM108Sound] RunDll32 CM108.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BMIMZMHMFM] C:\DOCUME~1\Julius\LOCALS~1\Temp\Clz.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AccuWeatherDesktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe
O4 - Global Startup: AccuWeather Desktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ADB7F55-8A5D-40C5-8F76-4D3294BA90C4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{36FE65F5-4428-411B-BD74-91AA7CBA48AB}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VLC media player - Unknown owner - C:\Program Files\VideoLAN\VLC\vlc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12816 bytes


I have already identified some of the processes that keep reoccurring and that I recognize being new/foreign:

clz.exe
jye.exe
msa.exe


Some programs I run that are not malware (and that I don't wish to get rid of): (some people might/might-not mistaken them for malware)

Accuweather Desktop application
Andrea Voice Center (Voice recording program)
AIM (AoL Instant Messenger)
Logitech Gaming Keyboard processes (G15 Keyboard applications)
Peer Guardian 2 (IP blocking application)
Razer Copperhead Mouse applications
Spybot SD (Search & Destroy)
Steam.exe (Steampowered game portal utility)
VLC Media Player
Winamp Agent
Zone Labs Zone Alarm Firewall


Some that I am iffy on keeping or uninstalling:

SUMP.exe (Speed Up My Computer by Uniblue)

And so I will wait for further assistance now. Thank you.

Comments

  • gringo_prgringo_pr Puerto Rico
    edited January 2010
    Hello and Welcome to the forums!

    My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

    Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Somethings to remember while we are working together.
      1.Please do not run any other tool untill instructed to do so!
      2.Please reply to this thread, do not start another!
      3.Please tell me about any problems that have occurred during the fix.
      4.Please tell me of any other symptoms you may be having as these can help also.
      5.Please try as much as possible not to run anything while executing a fix.


      If you follow these instructions, everything should go smoothly.

      I would like to get a better look at your system, please do the following so I can get some more detailed logs.


      DeFogger:
        Please download
      DeFogger to your desktop.

      Double click DeFogger to run the tool.
      • The application window will appear
      • Click the Disable button to disable your CD Emulation drivers
      • Click Yes to continue
      • A 'Finished!' message will appear
      • Click OK
      • DeFogger will now ask to reboot the machine - click OK
      Do not re-enable these drivers until otherwise instructed.

      IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.




      Download DDS:
        Please download
      DDS by sUBs from one of the links below and save it to your desktop:

      dds_scr.gif
      Download DDS and save it to your desktop

      Link1
      Link2
      Link3

      Please disable any anti-malware program that will block scripts from running before running DDS.
      • Double-Click on dds.scr and a command window will appear. This is normal.
      • Shortly after two logs will appear:
        • DDS.txt
        • Attach.txt
      • A window will open instructing you save & post the logs
      • Save the logs to a convenient place such as your desktop
      • Copy the contents of both logs & post in your next reply


      GMER:
        Download GMER Rootkit Scanner from
      here or here.
      • Extract the contents of the zipped file to desktop.
      • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
      • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..
      Gmer_initScan2.gif
      • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
        • Sections
        • IAT/EAT
        • Drives/Partition other than Systemdrive (typically C:\)
        • Show All (don't miss this one)
      • Then click the Scan button & wait for it to finish.
      • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
      Save it where you can easily find it, such as your desktop

      **Caution**
      Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


      information and logs:

        In your next post I need the following
        1.logs from DDS 2.log from GMER 3.let me know of any problems you may have had


      Gringo
    • jkwak01jkwak01 Pennsylvania
      edited January 2010
      Here are the Logs:

      DDS Logs:

      attach.txt:


      UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
      IF REQUESTED, ZIP IT UP & ATTACH IT

      DDS (Ver_09-12-01.01)

      Microsoft Windows XP Professional
      Boot Device: \Device\HarddiskVolume2
      Install Date: 5/16/2006 3:36:35 PM
      System Uptime: 1/16/2010 11:00:07 PM (0 hours ago)

      Motherboard: Dell Inc. | | 0YD479
      Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz | Microprocessor | 1997/133mhz

      ==== Disk Partitions =========================

      C: is FIXED (NTFS) - 51 GiB total, 0.646 GiB free.
      D: is CDROM (UDF)

      ==== Disabled Device Manager Items =============

      Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
      Description: Cisco Systems VPN Adapter
      Device ID: ROOT\NET\0000
      Manufacturer: Cisco Systems
      Name: Cisco Systems VPN Adapter
      PNP Device ID: ROOT\NET\0000
      Service: CVirtA

      ==== System Restore Points ===================

      RP1996: 12/20/2009 8:02:45 AM - System Checkpoint
      RP1997: 12/20/2009 8:27:03 PM - Installed Compatibility Pack for the 2007 Office system
      RP1998: 12/21/2009 2:29:16 PM - Software Distribution Service 3.0
      RP1999: 12/21/2009 2:33:53 PM - Software Distribution Service 3.0
      RP2000: 12/22/2009 11:31:53 AM - Avg8 Update
      RP2001: 12/22/2009 12:01:13 PM - Software Distribution Service 3.0
      RP2002: 12/23/2009 12:12:33 PM - System Checkpoint
      RP2003: 12/23/2009 1:21:17 PM - Installed LG USB Modem Drivers
      RP2004: 12/24/2009 1:41:35 PM - System Checkpoint
      RP2005: 12/25/2009 6:55:35 PM - System Checkpoint
      RP2006: 12/26/2009 8:19:30 PM - System Checkpoint
      RP2007: 12/27/2009 2:34:39 PM - Installed Java(TM) 6 Update 17
      RP2008: 12/28/2009 6:49:59 PM - System Checkpoint
      RP2009: 12/29/2009 9:51:38 PM - System Checkpoint
      RP2010: 12/31/2009 5:10:56 PM - System Checkpoint
      RP2011: 1/1/2010 4:18:54 PM - Avg8 Update
      RP2012: 1/3/2010 1:57:30 PM - System Checkpoint
      RP2013: 1/4/2010 10:12:11 PM - System Checkpoint
      RP2014: 1/6/2010 10:18:14 AM - System Checkpoint
      RP2015: 1/8/2010 3:24:46 PM - System Checkpoint
      RP2016: 1/10/2010 5:01:48 PM - System Checkpoint
      RP2017: 1/12/2010 6:31:35 AM - System Checkpoint
      RP2018: 1/13/2010 9:44:05 AM - Software Distribution Service 3.0
      RP2019: 1/13/2010 9:40:06 PM - Installed Cisco Systems VPN Client 5.0.06.0110
      RP2020: 1/15/2010 5:54:36 PM - System Checkpoint

      ==== Installed Programs ======================

      µTorrent
      32 Bit HP CIO Components Installer
      AccuWeather Desktop
      Adobe Flash Player 10 ActiveX
      Adobe Flash Player 10 Plugin
      Adobe Reader 8.2.0
      Adobe Shockwave Player
      AGEIA PhysX v7.09.13
      AIM 6
      AJB 6000 update
      Amazon MP3 Downloader 1.0.3
      Andrea VoiceCenter
      Apple Application Support
      Audacity 1.2.6
      AV Voice Changer Software DIAMOND 6.0
      AV Voice Changer Software DIAMOND 7.0
      AVG Free 9.0
      Avid DVD by Sonic
      BitPim 1.0.7.20091103
      Bonjour
      Broadcom 440x 10/100 Integrated Controller
      C-Media USB 108 Sound
      CCleaner
      Cisco Systems VPN Client 5.0.06.0110
      Compatibility Pack for the 2007 Office system
      Conexant HDA D110 MDC V.92 Modem
      Coupon Printer for Windows
      Crash Analysis Tool
      Creative MediaSource
      Critical Update for Windows Media Player 11 (KB959772)
      DefilerPak 1.22 (Remove Only)
      Dell Digital Jukebox Driver
      Digital Line Detect
      ELIcon
      Final Fantasy VII
      FINAL FANTASY VIII
      Finale Reader 2009
      Fraps (remove only)
      Half-Life(R) 2
      High Definition Audio Driver Package - KB835221
      HijackThis 2.0.2
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
      Hotfix for Windows Internet Explorer 7 (KB947864)
      Hotfix for Windows Media Format 11 SDK (KB929399)
      Hotfix for Windows Media Player 11 (KB939683)
      Hotfix for Windows XP (KB915800-v4)
      Hotfix for Windows XP (KB952287)
      Hotfix for Windows XP (KB954550-v5)
      Hotfix for Windows XP (KB954708)
      Hotfix for Windows XP (KB961118)
      Hotfix for Windows XP (KB970653-v3)
      Hotfix for Windows XP (KB976098-v2)
      Intel(R) PROSet/Wireless Software
      Internal Network Card Power Management
      iTunes
      Japanese Fonts Support For Adobe Reader 8
      Java(TM) 6 Update 17
      LAME v3.98.2 for Audacity
      LeechFTP
      LG USB Modem Drivers
      Logitech GamePanel Software 3.03.133
      mCore
      MCU
      Microsoft .NET Framework 1.1
      Microsoft .NET Framework 1.1 Security Update (KB953297)
      Microsoft .NET Framework 2.0 Service Pack 2
      Microsoft .NET Framework 3.0 Service Pack 2
      Microsoft .NET Framework 3.5 SP1
      Microsoft Application Error Reporting
      Microsoft Base Smart Card Cryptographic Service Provider Package
      Microsoft Choice Guard
      Microsoft Compression Client Pack 1.0 for Windows XP
      Microsoft Internationalized Domain Names Mitigation APIs
      Microsoft National Language Support Downlevel APIs
      Microsoft Office Live Add-in 1.3
      Microsoft Office Outlook Connector
      Microsoft Office Standard Edition 2003
      Microsoft Search Enhancement Pack
      Microsoft Silverlight
      Microsoft User-Mode Driver Framework Feature Pack 1.0
      Microsoft Virtual PC 2004
      Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Web Publishing Wizard 1.52
      Microsoft Windows Theme Nunavut
      mIRC
      Modem Helper
      Movie Maker Background Music Files
      Movie Maker Sound Effects
      Movie Maker Title Images
      Mozilla Firefox (3.5.7)
      mProSafe
      MSXML 4.0 SP2 (KB927978)
      MSXML 4.0 SP2 (KB936181)
      MSXML 4.0 SP2 (KB954430)
      MSXML 4.0 SP2 (KB973688)
      Musicnotes Player V1.22.3
      Musicnotes Software Suite 1.0
      mWlsSafe
      NVIDIA Drivers
      Paint Shop Pro 6.01 CD
      PeerGuardian 2.0
      QuickTime
      Razer Copperhead
      SecondLife (remove only)
      Security Update for Step By Step Interactive Training (KB898458)
      Security Update for Step By Step Interactive Training (KB923723)
      Security Update for Windows Internet Explorer 7 (KB928090)
      Security Update for Windows Internet Explorer 7 (KB929969)
      Security Update for Windows Internet Explorer 7 (KB931768)
      Security Update for Windows Internet Explorer 7 (KB933566)
      Security Update for Windows Internet Explorer 7 (KB937143)
      Security Update for Windows Internet Explorer 7 (KB938127)
      Security Update for Windows Internet Explorer 7 (KB939653)
      Security Update for Windows Internet Explorer 7 (KB942615)
      Security Update for Windows Internet Explorer 7 (KB944533)
      Security Update for Windows Internet Explorer 7 (KB950759)
      Security Update for Windows Internet Explorer 7 (KB953838)
      Security Update for Windows Internet Explorer 7 (KB956390)
      Security Update for Windows Internet Explorer 7 (KB958215)
      Security Update for Windows Internet Explorer 7 (KB960714)
      Security Update for Windows Internet Explorer 7 (KB961260)
      Security Update for Windows Internet Explorer 7 (KB963027)
      Security Update for Windows Internet Explorer 8 (KB969897)
      Security Update for Windows Internet Explorer 8 (KB971961)
      Security Update for Windows Internet Explorer 8 (KB972260)
      Security Update for Windows Internet Explorer 8 (KB974455)
      Security Update for Windows Internet Explorer 8 (KB976325)
      Security Update for Windows Media Encoder (KB954156)
      Security Update for Windows Media Player (KB911564)
      Security Update for Windows Media Player (KB952069)
      Security Update for Windows Media Player (KB954155)
      Security Update for Windows Media Player (KB968816)
      Security Update for Windows Media Player (KB973540)
      Security Update for Windows Media Player 10 (KB911565)
      Security Update for Windows Media Player 11 (KB936782)
      Security Update for Windows Media Player 11 (KB954154)
      Security Update for Windows Search 4 - KB963093
      Security Update for Windows XP (KB923561)
      Security Update for Windows XP (KB938464)
      Security Update for Windows XP (KB941569)
      Security Update for Windows XP (KB946648)
      Security Update for Windows XP (KB950760)
      Security Update for Windows XP (KB950762)
      Security Update for Windows XP (KB950974)
      Security Update for Windows XP (KB951066)
      Security Update for Windows XP (KB951376-v2)
      Security Update for Windows XP (KB951376)
      Security Update for Windows XP (KB951698)
      Security Update for Windows XP (KB951748)
      Security Update for Windows XP (KB952004)
      Security Update for Windows XP (KB952954)
      Security Update for Windows XP (KB953155)
      Security Update for Windows XP (KB953839)
      Security Update for Windows XP (KB954211)
      Security Update for Windows XP (KB954459)
      Security Update for Windows XP (KB954600)
      Security Update for Windows XP (KB955069)
      Security Update for Windows XP (KB956391)
      Security Update for Windows XP (KB956572)
      Security Update for Windows XP (KB956744)
      Security Update for Windows XP (KB956802)
      Security Update for Windows XP (KB956803)
      Security Update for Windows XP (KB956841)
      Security Update for Windows XP (KB956844)
      Security Update for Windows XP (KB957095)
      Security Update for Windows XP (KB957097)
      Security Update for Windows XP (KB958644)
      Security Update for Windows XP (KB958687)
      Security Update for Windows XP (KB958690)
      Security Update for Windows XP (KB958869)
      Security Update for Windows XP (KB959426)
      Security Update for Windows XP (KB960225)
      Security Update for Windows XP (KB960715)
      Security Update for Windows XP (KB960803)
      Security Update for Windows XP (KB960859)
      Security Update for Windows XP (KB961371)
      Security Update for Windows XP (KB961373)
      Security Update for Windows XP (KB961501)
      Security Update for Windows XP (KB968537)
      Security Update for Windows XP (KB969059)
      Security Update for Windows XP (KB969898)
      Security Update for Windows XP (KB969947)
      Security Update for Windows XP (KB970238)
      Security Update for Windows XP (KB970430)
      Security Update for Windows XP (KB970483)
      Security Update for Windows XP (KB971486)
      Security Update for Windows XP (KB971557)
      Security Update for Windows XP (KB971633)
      Security Update for Windows XP (KB971657)
      Security Update for Windows XP (KB972270)
      Security Update for Windows XP (KB973346)
      Security Update for Windows XP (KB973354)
      Security Update for Windows XP (KB973507)
      Security Update for Windows XP (KB973525)
      Security Update for Windows XP (KB973869)
      Security Update for Windows XP (KB973904)
      Security Update for Windows XP (KB974112)
      Security Update for Windows XP (KB974318)
      Security Update for Windows XP (KB974392)
      Security Update for Windows XP (KB974571)
      Security Update for Windows XP (KB975025)
      Security Update for Windows XP (KB975467)
      Shipping Assistant 3.6
      Sibelius Scorch Plugin
      Sonic Audio module
      Sonic Copy Module
      Sonic Data Module
      Sonic DLA
      Sonic MyDVD LE
      Sonic Update Manager
      Sound Blaster ADVANCED MB Drivers
      Sound Blaster Audigy ADVANCED MB
      Sound Blaster Audigy ADVANCED MB Product Registration
      Source SDK Base
      Spybot - Search & Destroy
      Steam(TM)
      Synaptics Pointing Device Driver
      Synthesia (remove only)
      Team Fortress Classic
      TI Connect 1.6
      Tomb Raider:
      TPP Storage Driver Installation
      Uniblue ProcessScanner
      Uniblue RegistryBooster 2009
      Uniblue SpeedUpMyPC 2009
      Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
      Update for Microsoft Windows (KB971513)
      Update for Windows Internet Explorer 8 (KB971180)
      Update for Windows Internet Explorer 8 (KB975364)
      Update for Windows Internet Explorer 8 (KB976749)
      Update for Windows XP (KB943729)
      Update for Windows XP (KB951072-v2)
      Update for Windows XP (KB951978)
      Update for Windows XP (KB955759)
      Update for Windows XP (KB955839)
      Update for Windows XP (KB961503)
      Update for Windows XP (KB967715)
      Update for Windows XP (KB968389)
      Update for Windows XP (KB971737)
      Update for Windows XP (KB973687)
      Update for Windows XP (KB973815)
      USB Dual Vibration Joystick
      USB Storage Adapter (TPP)
      USB Storage Adapter V2 (TPP)
      USB Storage Adapter V3 (TPP)
      VC 9.0 Runtime
      VLC media player 1.0.3
      Warcraft III: All Products
      WC3Banlist
      WebFldrs XP
      Winamp
      Winamp Application Detect
      Windows Defender Signatures
      Windows Driver Package - Razer (HidUsb) HIDClass (01/10/2007 1.00)
      Windows Genuine Advantage Notifications (KB905474)
      Windows Installer 3.1 (KB893803)
      Windows Internet Explorer 7
      Windows Internet Explorer 8
      Windows Media Bonus Pack for Windows XP
      Windows Media Encoder 9 Series
      Windows Media Format 11 runtime
      Windows Media Player 10
      Windows Media Player 11
      Windows Media Player 9 Series Power Toy - Ratings Migration
      Windows Media Player 9 Series TweakMP PowerToy
      Windows Media Player Firefox Plugin
      Windows Media Player Playlist Import to Excel Wizard
      Windows Media Player Skin Importer
      Windows Media Player Tray Control
      Windows PowerShell(TM) 1.0
      Windows XP Service Pack 3
      WinPcap 4.1.1
      WinRAR archiver
      WM Recorder 14
      YAMAHA SoftSynthesizer S-YXG70
      ZoneAlarm

      ==== Event Viewer Messages From Past Week ========

      1/16/2010 7:12:35 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
      1/16/2010 2:05:09 PM, error: DCOM [10005] - DCOM got error "%3" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
      1/13/2010 9:41:06 PM, error: PSched [14107] - QoS [Adapter {E1F33DB1-977E-4E1C-8D31-32DA14DD64A9}]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
      1/13/2010 9:08:51 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
      1/13/2010 7:29:36 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
      1/13/2010 7:06:26 PM, error: Service Control Manager [7034] - The VLC media player service terminated unexpectedly. It has done this 1 time(s).
      1/12/2010 6:11:52 AM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.
      1/11/2010 7:53:39 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.0.103. The machine with the IP address 192.168.0.188 did not allow the name to be claimed by this machine.
      1/11/2010 7:32:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VLC media player service to connect.

      ==== End Of File ===========================





      DDS.txt:


      DDS (Ver_09-12-01.01) - NTFSx86
      Run by Julius at 23:06:24.31 on Sat 01/16/2010
      Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
      Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.980 [GMT -5:00]

      AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
      FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

      ============== Running Processes ===============

      C:\WINDOWS\system32\svchost -k DcomLaunch
      svchost.exe
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      svchost.exe
      C:\Program Files\AVG\AVG9\avgchsvx.exe
      C:\Program Files\AVG\AVG9\avgrsx.exe
      C:\Program Files\AVG\AVG9\avgcsrvx.exe
      C:\WINDOWS\system32\spoolsv.exe
      svchost.exe
      C:\Program Files\AVG\AVG9\avgwdsvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\AVG\AVG9\avgnsx.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe -k HPZ12
      C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe -k HPZ12
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\System32\snmp.exe
      C:\Program Files\VideoLAN\VLC\vlc.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Julius\jye.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\DOCUME~1\Julius\LOCALS~1\Temp\Clz.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\stsystra.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\WINDOWS\tppaldr.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Microsoft IntelliPoint\point32.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
      C:\Program Files\ZoneAlarm\zlclient.exe
      C:\Program Files\Razer\Copperhead\razerhid.exe
      C:\PROGRA~1\AVG\AVG9\avgtray.exe
      C:\DOCUME~1\Julius\LOCALS~1\Temp\clclean.0001
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
      C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
      C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
      C:\Program Files\Razer\Copperhead\razertra.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\Program Files\Razer\Copperhead\razerofa.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\AIM6\aim6.exe
      C:\Program Files\PeerGuardian2\pg2.exe
      C:\program files\valve\steam\steam.exe
      C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
      C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
      C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
      C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
      C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe
      C:\Program Files\AIM6\aolsoftware.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
      C:\Documents and Settings\Julius\My Documents\Downloads\dds.scr

      ============== Pseudo HJT Report ===============

      uInternet Connection Wizard,ShellNext = https://login.live.com/resetpw.srf?lc=1033
      uInternet Settings,ProxyOverride = *.local
      mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\julius\jye.exe \s
      BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
      BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
      BHO: {21608B66-026F-4DCB-9244-0DACA328DCED} - No File
      BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
      BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
      BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
      BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
      BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
      BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
      BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
      BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
      BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
      TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
      uRun: [SetDefaultMIDI] MIDIDef.exe
      uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
      uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
      uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
      uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
      uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
      uRun: [UniblueSpeedUpMyPC] c:\program files\uniblue\speedupmypc\Launcher.exe
      uRun: [Steam] "c:\program files\valve\steam\steam.exe" -silent
      uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
      uRun: [BMIMZMHMFM] c:\docume~1\julius\locals~1\temp\Clz.exe
      mRun: [SigmatelSysTrayApp] stsystra.exe
      mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
      mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
      mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
      mRun: [TPP Auto Loader] c:\windows\tppaldr.exe
      mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
      mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
      mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
      mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
      mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
      mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
      mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
      mRun: [nwiz] nwiz.exe /installquiet
      mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
      mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
      mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
      mRun: [UpdReg] c:\windows\UpdReg.EXE
      mRun: [ZoneAlarm Client] "c:\program files\zonealarm\zlclient.exe"
      mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
      mRun: [razer] c:\program files\razer\copperhead\razerhid.exe
      mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
      mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
      mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
      mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
      mRun: [CM108Sound] RunDll32 CM108.cpl,CMICtrlWnd
      mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
      mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
      mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
      mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
      mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
      dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
      dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
      StartupFolder: c:\docume~1\julius\startm~1\programs\startup\accuweatherdesktop.lnk - c:\program files\accuweather\desktop\AccuWeatherDesktop.exe
      StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\accuweather desktop.lnk - c:\program files\accuweather\desktop\AccuWeatherDesktop.exe
      StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
      StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpn client.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.ico
      IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
      IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
      Trusted Zone: saramin.co.kr\bestiz
      DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
      DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
      DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
      DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
      DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
      DPF: {CD995117-98E5-4169-9920-6C12D4C0B548}
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      TCP: {2ADB7F55-8A5D-40C5-8F76-4D3294BA90C4} = 208.67.220.220,208.67.222.222
      TCP: {36FE65F5-4428-411B-BD74-91AA7CBA48AB} = 208.67.220.220,208.67.222.222
      Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
      Notify: avgrsstarter - avgrsstx.dll
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
      Hosts: 127.0.0.1 www.spywareinfo.com

      ================= FIREFOX ===================

      FF - ProfilePath - c:\docume~1\julius\applic~1\mozilla\firefox\profiles\eyaig5oh.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
      FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
      FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
      FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
      FF - plugin: c:\program files\microsoft\office live\npOLW.dll
      FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
      FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
      FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
      FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
      FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
      FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
      FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
      FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

      ---- FIREFOX POLICIES ----
      FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

      ============= SERVICES / DRIVERS ===============

      R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-16 333192]
      R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-16 28424]
      R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-16 360584]
      R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-5-16 353672]
      R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-16 285392]
      R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
      R2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
      R2 VLC media player;VLC media player;c:\program files\videolan\vlc\vlc.exe [2009-10-30 135592]
      R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
      R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-7-14 19720]
      R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2007-11-22 19020]
      R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2010-1-16 17792]
      S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2010-1-13 1294336]
      S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
      S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\drivers\TPP200.SYS [2006-5-16 35541]

      =============== Created Last 30 ================

      2010-01-17 03:58:31 0 ----a-w- c:\documents and settings\julius\defogger_reenable
      2010-01-16 19:06:15 232960 ----a-w- c:\windows\system32\sshnas21.dll
      2010-01-16 19:05:05 58368 ---h--w- c:\documents and settings\julius\jye.exe
      2010-01-16 19:05:05 58368 ----a-w- c:\windows\system32\nkqebv.exe
      2010-01-16 19:05:03 6435 ----a-w- c:\windows\system32\WORK.DAT
      2010-01-16 19:04:52 0 d
      w- C:\AV_LOGS
      2010-01-16 18:54:01 0 d
      w- c:\docume~1\julius\applic~1\Avnex
      2010-01-16 18:53:51 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys
      2010-01-16 18:53:25 0 d
      w- c:\program files\AV Vcs 7.0 DIAMOND
      2010-01-14 02:40:12 0 d
      w- c:\program files\common files\Deterministic Networks
      2010-01-14 02:40:10 0 d
      w- c:\program files\Cisco Systems
      2010-01-14 02:39:55 1594 ----a-w- c:\windows\VPNInstall.MIF
      2010-01-13 23:58:10 414 ----a-w- c:\windows\system\Cm108.ini
      2010-01-13 23:57:51 712704 ----a-r- c:\windows\system32\a3d108pu.dll
      2010-01-13 23:57:51 5783552 ----a-r- c:\windows\system\CM108.cpl
      2010-01-13 23:57:51 315392 ----a-r- c:\windows\system\fltr108.dll
      2010-01-13 23:57:51 249856 ----a-r- c:\windows\system32\CM108rm.exe
      2010-01-13 23:57:50 45056 ----a-r- c:\windows\system32\CM108rm.dll
      2010-01-13 23:57:50 32768 ----a-r- c:\windows\system32\c108prop.dll
      2010-01-13 23:57:50 1294336 ----a-r- c:\windows\system32\drivers\CM108.sys
      2010-01-13 23:57:34 262144
      r- c:\windows\Cmi108Uninstall.exe
      2010-01-13 23:57:15 0 d
      w- c:\program files\C-Media USB 108 Sound
      2010-01-11 12:55:54 0 d
      w- c:\docume~1\alluse~1\applic~1\Stardock
      2010-01-11 12:55:39 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{198DF385-4721-45F3-BF73-6D54286CF458}
      2010-01-11 12:55:37 0 d
      w- c:\program files\common files\Stardock
      2010-01-11 12:55:37 0 d
      w- c:\program files\AccuWeather
      2009-12-27 20:15:48 218624 ----a-w- c:\windows\system32\uxtheme.backup
      2009-12-23 23:14:36 0 d
      w- c:\program files\Audacity
      2009-12-23 23:09:57 0 d
      w- c:\program files\Lame for Audacity
      2009-12-23 23:03:29 0 d
      w- c:\program files\BitPim
      2009-12-23 18:22:41 0 d
      w- c:\program files\V CAST Music with Rhapsody
      2009-12-23 18:21:17 0 d
      w- c:\program files\LG Electronics
      2009-12-21 01:46:27 73 ----a-w- c:\windows\system32\-1
      2009-12-21 01:26:47 0 d
      w- c:\program files\MSECache
      2009-12-21 01:00:24 0 d
      w- c:\program files\WMR14
      2009-12-19 19:24:38 0 d
      w- c:\docume~1\julius\applic~1\Sibelius Software

      ==================== Find3M ====================

      2010-01-17 03:56:28 85622 -c--a-w- c:\windows\system32\nvModes.dat
      2009-12-04 03:51:27 146320 -c--a-w- c:\windows\War3Unin.dat
      2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
      2009-11-16 15:39:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
      2009-11-10 03:02:30 64128 -c-ha-w- c:\windows\system32\mlfcache.dat
      2009-11-07 22:25:36 86016 -c--a-w- c:\windows\system32\frapsvid.dll
      2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
      2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
      2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\dllcache\strmfilt.dll
      2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
      2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\dllcache\httpapi.dll
      2009-10-20 18:19:54 281104 ----a-w- c:\windows\system32\wpcap.dll
      2009-10-20 18:19:46 100880 ----a-w- c:\windows\system32\Packet.dll
      2009-10-20 18:19:30 53299 ----a-w- c:\windows\system32\pthreadVC.dll
      2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\dllcache\http.sys
      2001-10-05 16:53:04 21866 -c--a-w- c:\program files\common files\tppupd2k.dll
      2008-02-13 08:55:42 5 -csha-w- c:\windows\system32\bdbbcdcbaaaebcf_s.dll
      2008-04-13 11:30:27 821780 --sha-r- c:\windows\system32\csrcs.exe
      2008-08-24 13:56:03 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat

      ============= FINISH: 23:07:16.17 ===============



      GMER Logs:

      ark.txt:

      GMER 1.0.15.15281 - http://www.gmer.net
      Rootkit scan 2010-01-16 23:27:31
      Windows 5.1.2600 Service Pack 3
      Running: gmer.exe; Driver: C:\DOCUME~1\Julius\LOCALS~1\Temp\pfrcrkow.sys


      ---- System - GMER 1.0.15 ----

      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB43C1FC0]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB43BEC80]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB43D9170]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB43C2580]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB43D6900]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB43D6B10]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB43DAB10]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB43C2670]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB43BF210]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB43D99F0]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB43D97A0]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB43D6280]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB43D9F10]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB43D9F90]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB43BF070]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB43D8180]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB43D7F40]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB43DA6F0]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB43DA150]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB43C1BE0]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB43DA540]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB43C2190]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB43BF440]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB43D94E0]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB43D7200]
      SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB43D7080]

      ---- Devices - GMER 1.0.15 ----

      Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
      Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
      Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

      AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
      AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
      AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

      Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

      AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

      Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

      AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

      Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

      AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

      Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
      Device \FileSystem\Fastfat \Fat AEA0FD20

      AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

      ---- Registry - GMER 1.0.15 ----

      Reg HKLM\SOFTWARE\Classes\CLSID\{0A04E0F8-DC88-B943-2C7B-226A2C7B226A}\InprocServer32@ C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMENG.DLL
      Reg HKLM\SOFTWARE\Classes\CLSID\{0A04E0F8-DC88-B943-2C7B-226A2C7B226A}\InprocServer32@ThreadingModel Both
      Reg HKLM\SOFTWARE\Classes\CLSID\{0A04E0F8-DC88-B943-2C7B-226A2C7B226A}\ProgID@ DMM.Classifier.1
      Reg HKLM\SOFTWARE\Classes\CLSID\{0A04E0F8-DC88-B943-2C7B-226A2C7B226A}\TypeLib@ {C1CD5353-28E5-11D3-8C76-00600832DCED}
      Reg HKLM\SOFTWARE\Classes\CLSID\{0A04E0F8-DC88-B943-2C7B-226A2C7B226A}\VersionIndependentProgID@ DMM.Classifier
      Reg HKLM\SOFTWARE\Classes\CLSID\{14427C58-FFDA-DC11-C543-A85CDB4A49C1}\Implemented Categories\{B19CAC33-475D-11D2-9714-00C04F79E98B}
      Reg HKLM\SOFTWARE\Classes\CLSID\{14427C58-FFDA-DC11-C543-A85CDB4A49C1}\InprocServer32@ C:\WINDOWS\system32\csseqchk.dll
      Reg HKLM\SOFTWARE\Classes\CLSID\{14427C58-FFDA-DC11-C543-A85CDB4A49C1}\InprocServer32@ThreadingModel Apartment
      Reg HKLM\SOFTWARE\Classes\CLSID\{14427C58-FFDA-DC11-C543-A85CDB4A49C1}\ProgID@ ISCHindi.ISCHindi.1
      Reg HKLM\SOFTWARE\Classes\CLSID\{14427C58-FFDA-DC11-C543-A85CDB4A49C1}\VersionIndependentProgID@ ISCHindi.ISCHindi

      ---- EOF - GMER 1.0.15 ----


      Problems & Errors:

      GMER would sometimes crash. Would also sometimes cause my computer to crash instead.

      After running GMER, computer would suddenly increase in CPU demand and lag out with insane 10+ minute delays. Minor functionality was still available such as ALT+TAB.

      Edit: Had to force shutdown the machine in order to restart and post new posts to this topic.
    • gringo_prgringo_pr Puerto Rico
      edited January 2010
      Hello jkwak01

      thank you for the logs!!

      Please do the following.

      :run combofix:
        Please visit this webpage for download links, and instructions for running the tool:
      http://www.bleepingcomputer.com/combofix/how-to-use-combofix

      Please ensure you read this guide carefully and install the Recovery Console first.

      The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
      This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
      It is a simple procedure that will only take a few moments of your time.


      Once installed, you should see a blue screen prompt that says:
        The Recovery Console was successfully installed.

        Please continue as follows:
        • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
        • Click Yes to allow ComboFix to continue scanning for malware.

        When the tool is finished, it will produce a report for you.

        Please include the report in your next post:

        C:\ComboFix.txt


        Gringo
      • jkwak01jkwak01 Pennsylvania
        edited January 2010
        Here's the ComboFix.txt log!

        ComboFix 10-01-16.04 - Julius 01/17/2010 11:00:47.2.2 - x86
        Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1429 [GMT -5:00]
        Running from: c:\documents and settings\Julius\Desktop\ComboFix.exe
        AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
        FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
        .

        ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\docume~1\Julius\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
        c:\documents and settings\Julius\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
        C:\khq
        c:\recycler\S-1-5-21-3173197536-107439084-4173312072-1006
        c:\windows\CouponPrinter.ocx
        c:\windows\system32\Cache
        c:\windows\system32\csrcs.exe
        c:\windows\system32\Data
        c:\windows\system32\dumphive.exe
        c:\windows\system32\Process.exe
        c:\windows\system32\SrchSTS.exe
        c:\windows\system32\sshnas21.dll
        c:\windows\system32\Thumbs.db
        c:\windows\system32\VCCLSID.exe
        c:\windows\system32\WORK.DAT
        c:\windows\system32\WS2Fix.exe
        c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
        c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

        .
        ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        \Legacy_SSHNAS
        \Service_SSHNAS


        ((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
        .

        2010-01-16 19:41 . 2010-01-16 19:41
        d
        w- c:\documents and settings\All Users\Application Data\Logitech
        2010-01-16 19:41 . 2010-01-16 19:41
        d
        w- c:\program files\Logitech
        2010-01-16 19:05 . 2010-01-16 19:04 58368 ---h--w- c:\documents and settings\Julius\jye.exe
        2010-01-16 19:05 . 2010-01-16 19:04 58368 ----a-w- c:\windows\system32\nkqebv.exe
        2010-01-16 19:04 . 2010-01-16 19:06
        d
        w- C:\AV_LOGS
        2010-01-16 18:54 . 2010-01-16 18:54
        d
        w- c:\documents and settings\Julius\Application Data\Avnex
        2010-01-16 18:53 . 2008-12-26 17:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys
        2010-01-16 18:53 . 2010-01-16 19:32
        d
        w- c:\program files\AV Vcs 7.0 DIAMOND
        2010-01-14 02:40 . 2010-01-14 02:40
        d
        w- c:\program files\Common Files\Deterministic Networks
        2010-01-14 02:40 . 2010-01-14 02:40
        d
        w- c:\program files\Cisco Systems
        2010-01-13 23:57 . 2006-10-13 02:02 249856 ----a-r- c:\windows\system32\CM108rm.exe
        2010-01-13 23:57 . 2004-04-14 03:28 315392 ----a-r- c:\windows\system\fltr108.dll
        2010-01-13 23:57 . 2001-11-23 04:08 712704 ----a-r- c:\windows\system32\a3d108pu.dll
        2010-01-13 23:57 . 2006-12-21 09:05 1294336 ----a-r- c:\windows\system32\drivers\CM108.sys
        2010-01-13 23:57 . 2006-03-09 09:45 32768 ----a-r- c:\windows\system32\c108prop.dll
        2010-01-13 23:57 . 2005-03-07 06:29 45056 ----a-r- c:\windows\system32\CM108rm.dll
        2010-01-13 23:57 . 2006-10-02 11:02 262144
        r- c:\windows\Cmi108Uninstall.exe
        2010-01-13 23:57 . 2010-01-13 23:57
        d
        w- c:\program files\C-Media USB 108 Sound
        2010-01-12 23:26 . 2010-01-17 01:34 0 ----a-w- c:\documents and settings\Julius\Local Settings\Application Data\prvlcl.dat
        2010-01-11 12:56 . 2010-01-11 12:56
        d
        w- c:\documents and settings\Julius\Local Settings\Application Data\Stardock
        2010-01-11 12:55 . 2010-01-11 12:55
        d
        w- c:\documents and settings\All Users\Application Data\Stardock
        2010-01-11 12:55 . 2010-01-11 12:55
        dc-h--w- c:\documents and settings\All Users\Application Data\{198DF385-4721-45F3-BF73-6D54286CF458}
        2010-01-11 12:55 . 2010-01-11 12:55
        d
        w- c:\program files\Common Files\Stardock
        2010-01-11 12:55 . 2010-01-11 12:55
        d
        w- c:\program files\AccuWeather
        2009-12-23 23:14 . 2009-12-29 20:00
        d
        w- c:\program files\Audacity
        2009-12-23 23:09 . 2009-12-23 23:09
        d
        w- c:\program files\Lame for Audacity
        2009-12-23 23:03 . 2009-12-23 23:03
        d
        w- c:\program files\BitPim
        2009-12-23 23:03 . 2009-12-23 23:14
        d
        w- c:\documents and settings\Julius\Application Data\Audacity
        2009-12-23 18:22 . 2009-12-23 18:29
        d
        w- c:\program files\V CAST Music with Rhapsody
        2009-12-23 18:21 . 2009-12-23 18:21
        d
        w- c:\program files\LG Electronics
        2009-12-21 01:26 . 2009-12-21 01:26
        d
        w- c:\program files\MSECache
        2009-12-21 01:00 . 2009-12-28 01:55
        d
        w- c:\program files\WMR14
        2009-12-19 19:24 . 2009-12-19 19:24
        d
        w- c:\documents and settings\Julius\Application Data\Sibelius Software

        .
        (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2010-01-17 15:39 . 2006-08-01 19:04
        d
        w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
        2010-01-17 05:00 . 2010-01-17 05:03 31232 ----a-w- c:\windows\Internet Logs\xDB27.tmp
        2010-01-17 04:11 . 2010-01-17 04:14 2610688 ----a-w- c:\windows\Internet Logs\xDB26.tmp
        2010-01-17 03:56 . 2006-05-10 04:05 85622 -c--a-w- c:\windows\system32\nvModes.dat
        2010-01-17 01:26 . 2009-01-24 06:43
        d
        w- c:\program files\Warcraft III
        2010-01-16 23:59 . 2009-09-15 18:21 1459824 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
        2010-01-16 20:44 . 2009-03-19 03:12
        d
        w- c:\program files\AV Vcs 6.0 DIAMOND
        2010-01-16 20:44 . 2008-08-07 01:28
        d
        w- c:\program files\PeerGuardian2
        2010-01-16 20:44 . 2009-09-17 01:48
        d
        w- c:\documents and settings\Julius\Application Data\uTorrent
        2010-01-16 18:26 . 2006-06-02 20:33
        d
        w- c:\program files\Common Files\Adobe
        2010-01-16 15:24 . 2009-12-11 19:59
        d
        w- c:\documents and settings\Julius\Application Data\vlc
        2010-01-16 14:36 . 2006-08-01 19:04
        d
        w- c:\program files\Spybot - Search & Destroy
        2010-01-16 14:04 . 2006-08-03 12:18 4068953 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
        2010-01-14 00:29 . 2008-11-23 03:35
        d
        w- c:\documents and settings\Julius\Application Data\dvdcss
        2010-01-12 23:25 . 2006-05-17 12:58
        d
        w- c:\program files\Paint Shop Pro 6
        2009-12-27 20:04 . 2009-05-26 08:34
        d
        w- c:\documents and settings\Julius\Application Data\mIRC
        2009-12-27 19:35 . 2006-05-10 04:11
        d
        w- c:\program files\Java
        2009-12-27 19:33 . 2009-12-27 19:33 152576 ----a-w- c:\documents and settings\Julius\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
        2009-12-27 19:33 . 2009-11-27 19:41 79488 ----a-w- c:\documents and settings\Julius\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
        2009-12-27 19:02 . 2009-05-26 08:34
        d
        w- c:\program files\mIRC
        2009-12-26 16:26 . 2008-11-23 03:22 85656 -c--a-w- c:\documents and settings\Julius\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
        2009-12-21 01:46 . 2009-04-25 06:10
        d
        w- c:\program files\WinPcap
        2009-12-19 19:36 . 2009-07-26 18:37
        d
        w- c:\documents and settings\All Users\Application Data\Musicnotes
        2009-12-18 07:34 . 2009-01-20 08:22
        d
        w- c:\documents and settings\Julius\Application Data\SecondLife
        2009-12-17 14:51 . 2009-07-19 00:12
        d
        w- c:\program files\Winamp
        2009-12-17 14:51 . 2009-07-19 00:12
        d
        w- c:\documents and settings\Julius\Application Data\Winamp
        2009-12-17 14:51 . 2009-12-17 14:51
        d
        w- c:\program files\Winamp Detect
        2009-12-14 02:48 . 2007-04-06 05:30
        d
        w- c:\program files\Apple Software Update
        2009-12-14 02:45 . 2006-05-10 04:28
        d
        w- c:\program files\QuickTime
        2009-12-14 02:44 . 2008-11-18 20:17
        d
        w- c:\program files\Common Files\Apple
        2009-12-12 00:06 . 2009-12-12 00:06
        d
        w- c:\program files\DefilerPak
        2009-12-09 01:46 . 2009-08-26 14:44
        d
        w- c:\program files\Pando Networks
        2009-12-09 01:44 . 2007-05-21 21:54
        d
        w- c:\program files\Combined Community Codec Pack
        2009-12-05 16:28 . 2009-12-05 16:06
        d
        w- c:\program files\CCleaner
        2009-12-04 03:51 . 2006-05-17 02:52 146320 -c--a-w- c:\windows\War3Unin.dat
        2009-11-21 15:51 . 2004-08-11 22:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
        2009-11-16 18:10 . 2009-11-16 18:10 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
        2009-11-16 15:39 . 2009-11-16 15:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
        2009-11-16 15:39 . 2009-11-16 15:39 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
        2009-11-16 15:39 . 2009-11-16 15:39 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
        2009-11-16 15:39 . 2009-11-16 15:39 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
        2009-11-15 04:24 . 2009-11-15 04:24 15872 ----a-r- c:\documents and settings\Julius\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
        2009-11-10 03:02 . 2008-06-09 15:43 64128 -c-ha-w- c:\windows\system32\mlfcache.dat
        2009-11-07 22:25 . 2009-11-07 22:25 86016 -c--a-w- c:\windows\system32\frapsvid.dll
        2009-11-06 09:06 . 2009-11-06 14:04 6368256 ----a-w- c:\windows\Internet Logs\xDB25.tmp
        2009-11-03 23:28 . 2009-11-03 23:28 1527352 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4220\AIMinst.exe
        2009-10-29 07:45 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
        2009-10-21 05:38 . 2004-08-11 22:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
        2009-10-21 05:38 . 2004-08-11 22:00 25088 ----a-w- c:\windows\system32\httpapi.dll
        2009-10-20 18:19 . 2009-10-20 18:19 281104 ----a-w- c:\windows\system32\wpcap.dll
        2009-10-20 18:19 . 2009-10-20 18:19 100880 ----a-w- c:\windows\system32\Packet.dll
        2009-10-20 18:19 . 2009-10-20 18:19 50704 ----a-w- c:\windows\system32\drivers\npf.sys
        2009-10-20 18:19 . 2009-10-20 18:19 53299 ----a-w- c:\windows\system32\pthreadVC.dll
        2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
        2001-10-05 16:53 . 2006-05-16 22:03 21866 -c--a-w- c:\program files\Common Files\tppupd2k.dll
        2008-02-13 08:55 . 2008-02-13 08:55 5 -csha-w- c:\windows\system32\bdbbcdcbaaaebcf_s.dll
        .

        ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "SetDefaultMIDI"="MIDIDef.exe" [2004-12-23 24576]
        "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
        "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
        "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]
        "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
        "UniblueSpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe" [2009-04-28 614696]
        "Steam"="c:\program files\valve\steam\steam.exe" [2009-11-15 1217808]
        "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-12-21 1803064]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
        "MBMon"="CTMBHA.DLL" [2006-03-03 1355938]
        "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
        "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
        "TPP Auto Loader"="c:\windows\tppaldr.exe" [2001-10-05 118784]
        "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
        "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
        "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
        "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
        "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
        "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
        "NVHotkey"="nvHotkey.dll" [2006-05-01 73728]
        "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7118848]
        "nwiz"="nwiz.exe" [2005-12-15 1519616]
        "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
        "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
        "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
        "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
        "ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
        "razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
        "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
        "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-16 39424]
        "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
        "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
        "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
        "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 357384]
        "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 1573384]
        "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 3161608]
        "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
        "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        AccuWeather Desktop.lnk - c:\program files\AccuWeather\Desktop\AccuWeatherDesktop.exe [2009-4-30 967472]
        Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-9 24576]
        VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-1-13 6144]

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
        @=&quot;"

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
        2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
        "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
        "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
        "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
        "HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
        "WinampAgent"="c:\program files\Winamp\winampa.exe"
        "AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "c:\\Program Files\\Messenger\\msmsgs.exe"=
        "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
        "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
        "c:\\Program Files\\uTorrent\\uTorrent.exe"=
        "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
        "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
        "c:\\Program Files\\iTunes\\iTunes.exe"=
        "c:\\WINDOWS\\system32\\nkqebv.exe"=
        "c:\\Documents and Settings\\Julius\\jye.exe"=

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "67:UDP"= 67:UDP:DHCP Discovery Service

        R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/16/2009 10:39 AM 333192]
        R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/16/2009 10:39 AM 360584]
        R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/16/2009 10:38 AM 285392]
        R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
        R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [7/14/2009 3:35 PM 19720]
        R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [11/22/2007 12:49 PM 19020]
        R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [1/16/2010 1:53 PM 17792]
        S2 VLC media player;VLC media player;c:\program files\VideoLAN\VLC\vlc.exe [10/30/2009 6:28 AM 135592]
        S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [1/13/2010 6:57 PM 1294336]
        S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
        S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\drivers\TPP200.SYS [5/16/2006 5:03 PM 35541]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
        .
        Contents of the 'Scheduled Tasks' folder

        2010-01-11 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
        - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-02-13 20:31]

        2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{23D265E7-CDFA-4331-9442-93CDE6170CDF}.job
        - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
        .
        .
        Supplementary Scan
        .
        uInternet Connection Wizard,ShellNext = https://login.live.com/resetpw.srf?lc=1033
        uInternet Settings,ProxyOverride = *.local
        IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        Trusted Zone: saramin.co.kr\bestiz
        TCP: {2ADB7F55-8A5D-40C5-8F76-4D3294BA90C4} = 208.67.220.220,208.67.222.222
        TCP: {36FE65F5-4428-411B-BD74-91AA7CBA48AB} = 208.67.220.220,208.67.222.222
        DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
        DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
        DPF: {CD995117-98E5-4169-9920-6C12D4C0B548}
        FF - ProfilePath - c:\documents and settings\Julius\Application Data\Mozilla\Firefox\Profiles\eyaig5oh.default\
        FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
        FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
        FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
        FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
        FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
        FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
        FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

        ---- FIREFOX POLICIES ----
        FF - user.js: yahoo.homepage.dontask - true.
        - - - - ORPHANS REMOVED - - - -

        BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
        BHO-{21608B66-026F-4DCB-9244-0DACA328DCED} - (no file)
        BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
        Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
        WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
        HKLM-Run-CM108Sound - CM108.cpl
        Notify-termsrv - (no file)
        AddRemove-AJB 6000 update - f:\archos\DeIsL1.isu
        AddRemove-Final Fantasy VII - c:\program files\Square Soft
        AddRemove-FINAL FANTASY VIII - c:\program files\Square Soft



        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2010-01-17 11:28
        Windows 5.1.2600 Service Pack 3 NTFS

        scanning hidden processes ...

        scanning hidden autostart entries ...

        scanning hidden files ...

        scan completed successfully
        hidden files: 0

        **************************************************************************

        [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
        "ImagePath"="c:\windows\system32\GameMon.des -service"
        .
        DLLs Loaded Under Running Processes

        - - - - - - - > 'explorer.exe'(3008)
        c:\windows\system32\WININET.dll
        c:\windows\IME\SPGRMR.DLL
        c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
        c:\windows\system32\ieframe.dll
        c:\windows\system32\webcheck.dll
        c:\windows\system32\WPDShServiceObj.dll
        c:\program files\Microsoft Virtual PC\VPCShExH.DLL
        c:\windows\system32\PortableDeviceTypes.dll
        c:\windows\system32\PortableDeviceApi.dll
        .
        Other Running Processes
        .
        c:\program files\Intel\Wireless\Bin\EvtEng.exe
        c:\program files\Intel\Wireless\Bin\S24EvMon.exe
        c:\program files\Bonjour\mDNSResponder.exe
        c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
        c:\windows\system32\CTsvcCDA.exe
        c:\program files\Cisco Systems\VPN Client\cvpnd.exe
        c:\windows\system32\inetsrv\inetinfo.exe
        c:\program files\Java\jre6\bin\jqs.exe
        c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        c:\program files\AVG\AVG9\avgnsx.exe
        c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
        c:\windows\system32\nvsvc32.exe
        c:\program files\Intel\Wireless\Bin\RegSrvc.exe
        c:\windows\stsystra.exe
        c:\windows\System32\snmp.exe
        c:\program files\AVG\AVG9\avgrsx.exe
        c:\program files\AVG\AVG9\avgchsvx.exe
        c:\program files\AVG\AVG9\avgcsrvx.exe
        c:\windows\system32\RunDll32.exe
        c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
        c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
        c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
        c:\program files\Razer\Copperhead\razertra.exe
        c:\program files\Razer\Copperhead\razerofa.exe
        c:\windows\system32\wbem\wmiapsrv.exe
        c:\windows\system32\wscntfy.exe
        .
        **************************************************************************
        .
        Completion time: 2010-01-17 11:31:40 - machine was rebooted
        ComboFix-quarantined-files.txt 2010-01-17 16:31
        ComboFix2.txt 2008-11-08 16:28

        Pre-Run: 867,688,448 bytes free
        Post-Run: 781,512,704 bytes free

        Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
        - - End Of File - - 73A50D35C8499E16542568A4D5D002C9
      • gringo_prgringo_pr Puerto Rico
        edited January 2010
        Hello

        It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

        Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

        :Run CFScript:

        Open Notepad and copy/paste the text in the box into the window:
        File::
        c:\documents and settings\Julius\jye.exe
        c:\windows\system32\nkqebv.exe
        c:\windows\system32\bdbbcdcbaaaebcf_s.dll
        

        Save it to your desktop as CFScript.txt

        Refering to the picture above, drag CFScript.txt into ComboFix.exe
        CFScriptB-4.gif
        This will let ComboFix run again.
        Restart if you have to.
        Save the produced logfile to your desktop.

        Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall


        TFC(Temp File Cleaner):
        • Please download TFC to your desktop,
        • Save any unsaved work. TFC will close all open application windows.
        • Double-click TFC.exe to run the program.
        • If prompted, click "Yes" to reboot.
        Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

        : Malwarebytes' Anti-Malware :
          Please download
        Malwarebytes' Anti-Malware to your desktop.

        [*]Double-click mbam-setup.exe and follow the prompts to install the program.
        [*]At the end, be sure a checkmark is placed next to
        • Update Malwarebytes' Anti-Malware
        • and Launch Malwarebytes' Anti-Malware
        [*] then click Finish.
        [*]If an update is found, it will download and install the latest version.
        [*]Once the program has loaded, select Perform quick scan, then click Scan.
        [*]When the scan is complete, click OK, then Show Results to view the results.
        [*]Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
        [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply
        • If you accidently close it, the log file is saved here and will be named like this:
        • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


        Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
        Click OK to either and let MBAM proceed with the disinfection process.
        If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


        :Kaspersky scan:
          Please go to
        Kaspersky website and perform an online antivirus scan.
        • Read through the requirements and privacy statement and click on Accept button.
        • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
        • When the downloads have finished, click on Settings.
        • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
            Spyware, Adware, Dialers, and other potentially dangerous programs
            Archives
            Mail databases
          [*]Click on My Computer under Scan.
          [*]Once the scan is complete, it will display the results. Click on View Scan Report.
          [*]You will see a list of infected items there. Click on Save Report As....
          [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
          [*]Please post this log in your next reply.


          "information and logs"

            In your next post I need the following
          1. ;og from combo
          2. Log From MBAM
          3. Log From Kaspersky
          4. let me know of any problems you may have had
          5. How is the computer doing now?


          Gringo
        • jkwak01jkwak01 Pennsylvania
          edited January 2010
          Here are the Logs!

          ComboFix Log:

          ComboFix 10-01-16.04 - Julius 01/17/2010 16:58:25.3.2 - x86
          Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1292 [GMT -5:00]
          Running from: c:\documents and settings\Julius\Desktop\ComboFix.exe
          Command switches used :: c:\documents and settings\Julius\Desktop\CFScript.txt
          AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
          FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

          FILE ::
          "c:\documents and settings\Julius\jye.exe"
          "c:\windows\system32\bdbbcdcbaaaebcf_s.dll"
          "c:\windows\system32\nkqebv.exe"
          .

          ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          c:\docume~1\Julius\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
          c:\documents and settings\Julius\jye.exe
          c:\documents and settings\Julius\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
          c:\windows\system32\bdbbcdcbaaaebcf_s.dll
          c:\windows\system32\nkqebv.exe

          .
          ((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
          .

          2010-01-17 21:56 . 2010-01-17 21:56
          d
          w- c:\documents and settings\Julius\Application Data\Malwarebytes
          2010-01-17 21:55 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
          2010-01-17 21:55 . 2010-01-17 21:55
          d
          w- c:\documents and settings\All Users\Application Data\Malwarebytes
          2010-01-17 21:55 . 2010-01-17 21:55
          d
          w- c:\program files\Malwarebytes' Anti-Malware
          2010-01-17 21:55 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
          2010-01-16 19:41 . 2010-01-16 19:41
          d
          w- c:\documents and settings\All Users\Application Data\Logitech
          2010-01-16 19:41 . 2010-01-16 19:41
          d
          w- c:\program files\Logitech
          2010-01-16 19:04 . 2010-01-16 19:06
          d
          w- C:\AV_LOGS
          2010-01-16 18:54 . 2010-01-16 18:54
          d
          w- c:\documents and settings\Julius\Application Data\Avnex
          2010-01-16 18:53 . 2008-12-26 17:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys
          2010-01-16 18:53 . 2010-01-16 19:32
          d
          w- c:\program files\AV Vcs 7.0 DIAMOND
          2010-01-14 02:40 . 2010-01-14 02:40
          d
          w- c:\program files\Common Files\Deterministic Networks
          2010-01-14 02:40 . 2010-01-14 02:40
          d
          w- c:\program files\Cisco Systems
          2010-01-13 23:57 . 2006-10-13 02:02 249856 ----a-r- c:\windows\system32\CM108rm.exe
          2010-01-13 23:57 . 2004-04-14 03:28 315392 ----a-r- c:\windows\system\fltr108.dll
          2010-01-13 23:57 . 2001-11-23 04:08 712704 ----a-r- c:\windows\system32\a3d108pu.dll
          2010-01-13 23:57 . 2006-12-21 09:05 1294336 ----a-r- c:\windows\system32\drivers\CM108.sys
          2010-01-13 23:57 . 2006-03-09 09:45 32768 ----a-r- c:\windows\system32\c108prop.dll
          2010-01-13 23:57 . 2005-03-07 06:29 45056 ----a-r- c:\windows\system32\CM108rm.dll
          2010-01-13 23:57 . 2006-10-02 11:02 262144
          r- c:\windows\Cmi108Uninstall.exe
          2010-01-13 23:57 . 2010-01-13 23:57
          d
          w- c:\program files\C-Media USB 108 Sound
          2010-01-12 23:26 . 2010-01-17 18:04 0 ----a-w- c:\documents and settings\Julius\Local Settings\Application Data\prvlcl.dat
          2010-01-11 12:56 . 2010-01-11 12:56
          d
          w- c:\documents and settings\Julius\Local Settings\Application Data\Stardock
          2010-01-11 12:55 . 2010-01-11 12:55
          d
          w- c:\documents and settings\All Users\Application Data\Stardock
          2010-01-11 12:55 . 2010-01-11 12:55
          dc-h--w- c:\documents and settings\All Users\Application Data\{198DF385-4721-45F3-BF73-6D54286CF458}
          2010-01-11 12:55 . 2009-04-30 21:34 2655784 -c--a-w- c:\documents and settings\All Users\Application Data\{198DF385-4721-45F3-BF73-6D54286CF458}\accuweather_setup.exe
          2010-01-11 12:55 . 2010-01-11 12:55
          d
          w- c:\program files\Common Files\Stardock
          2010-01-11 12:55 . 2010-01-11 12:55
          d
          w- c:\program files\AccuWeather
          2009-12-27 19:33 . 2009-12-27 19:33 152576 ----a-w- c:\documents and settings\Julius\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
          2009-12-23 23:14 . 2009-12-29 20:00
          d
          w- c:\program files\Audacity
          2009-12-23 23:09 . 2009-12-23 23:09
          d
          w- c:\program files\Lame for Audacity
          2009-12-23 23:03 . 2009-12-23 23:03
          d
          w- c:\program files\BitPim
          2009-12-23 23:03 . 2009-12-23 23:14
          d
          w- c:\documents and settings\Julius\Application Data\Audacity
          2009-12-23 18:22 . 2009-12-23 18:29
          d
          w- c:\program files\V CAST Music with Rhapsody
          2009-12-23 18:21 . 2009-12-23 18:21
          d
          w- c:\program files\LG Electronics
          2009-12-21 01:26 . 2009-12-21 01:26
          d
          w- c:\program files\MSECache
          2009-12-21 01:00 . 2009-12-28 01:55
          d
          w- c:\program files\WMR14
          2009-12-19 19:24 . 2009-12-19 19:24
          d
          w- c:\documents and settings\Julius\Application Data\Sibelius Software

          .
          (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2010-01-17 19:29 . 2006-08-01 19:04
          d
          w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
          2010-01-17 19:12 . 2006-05-10 04:05 85622 -c--a-w- c:\windows\system32\nvModes.dat
          2010-01-17 05:00 . 2010-01-17 05:03 31232 ----a-w- c:\windows\Internet Logs\xDB27.tmp
          2010-01-17 04:11 . 2010-01-17 04:14 2610688 ----a-w- c:\windows\Internet Logs\xDB26.tmp
          2010-01-17 01:26 . 2009-01-24 06:43
          d
          w- c:\program files\Warcraft III
          2010-01-16 23:59 . 2009-09-15 18:21 1459824 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
          2010-01-16 20:44 . 2009-03-19 03:12
          d
          w- c:\program files\AV Vcs 6.0 DIAMOND
          2010-01-16 20:44 . 2008-08-07 01:28
          d
          w- c:\program files\PeerGuardian2
          2010-01-16 20:44 . 2009-09-17 01:48
          d
          w- c:\documents and settings\Julius\Application Data\uTorrent
          2010-01-16 18:26 . 2006-06-02 20:33
          d
          w- c:\program files\Common Files\Adobe
          2010-01-16 15:24 . 2009-12-11 19:59
          d
          w- c:\documents and settings\Julius\Application Data\vlc
          2010-01-16 14:36 . 2006-08-01 19:04
          d
          w- c:\program files\Spybot - Search & Destroy
          2010-01-16 14:04 . 2006-08-03 12:18 4068953 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
          2010-01-14 00:29 . 2008-11-23 03:35
          d
          w- c:\documents and settings\Julius\Application Data\dvdcss
          2010-01-12 23:25 . 2006-05-17 12:58
          d
          w- c:\program files\Paint Shop Pro 6
          2009-12-27 20:04 . 2009-05-26 08:34
          d
          w- c:\documents and settings\Julius\Application Data\mIRC
          2009-12-27 19:35 . 2006-05-10 04:11
          d
          w- c:\program files\Java
          2009-12-27 19:33 . 2009-11-27 19:41 79488 ----a-w- c:\documents and settings\Julius\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
          2009-12-27 19:02 . 2009-05-26 08:34
          d
          w- c:\program files\mIRC
          2009-12-26 16:26 . 2008-11-23 03:22 85656 -c--a-w- c:\documents and settings\Julius\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
          2009-12-21 01:46 . 2009-04-25 06:10
          d
          w- c:\program files\WinPcap
          2009-12-19 19:36 . 2009-07-26 18:37
          d
          w- c:\documents and settings\All Users\Application Data\Musicnotes
          2009-12-18 07:34 . 2009-01-20 08:22
          d
          w- c:\documents and settings\Julius\Application Data\SecondLife
          2009-12-17 14:51 . 2009-07-19 00:12
          d
          w- c:\program files\Winamp
          2009-12-17 14:51 . 2009-07-19 00:12
          d
          w- c:\documents and settings\Julius\Application Data\Winamp
          2009-12-17 14:51 . 2009-12-17 14:51
          d
          w- c:\program files\Winamp Detect
          2009-12-14 02:48 . 2007-04-06 05:30
          d
          w- c:\program files\Apple Software Update
          2009-12-14 02:45 . 2006-05-10 04:28
          d
          w- c:\program files\QuickTime
          2009-12-14 02:44 . 2008-11-18 20:17
          d
          w- c:\program files\Common Files\Apple
          2009-12-12 00:06 . 2009-12-12 00:06
          d
          w- c:\program files\DefilerPak
          2009-12-09 01:46 . 2009-08-26 14:44
          d
          w- c:\program files\Pando Networks
          2009-12-09 01:44 . 2007-05-21 21:54
          d
          w- c:\program files\Combined Community Codec Pack
          2009-12-05 16:28 . 2009-12-05 16:06
          d
          w- c:\program files\CCleaner
          2009-12-04 03:51 . 2006-05-17 02:52 146320 -c--a-w- c:\windows\War3Unin.dat
          2009-11-21 15:51 . 2004-08-11 22:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
          2009-11-16 18:10 . 2009-11-16 18:10 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
          2009-11-16 15:39 . 2009-11-16 15:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
          2009-11-16 15:39 . 2009-11-16 15:39 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
          2009-11-16 15:39 . 2009-11-16 15:39 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
          2009-11-16 15:39 . 2009-11-16 15:39 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
          2009-11-15 04:24 . 2009-11-15 04:24 15872 ----a-r- c:\documents and settings\Julius\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
          2009-11-10 03:02 . 2008-06-09 15:43 64128 -c-ha-w- c:\windows\system32\mlfcache.dat
          2009-11-07 22:25 . 2009-11-07 22:25 86016 -c--a-w- c:\windows\system32\frapsvid.dll
          2009-11-06 09:06 . 2009-11-06 14:04 6368256 ----a-w- c:\windows\Internet Logs\xDB25.tmp
          2009-11-03 23:28 . 2009-11-03 23:28 1527352 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4220\AIMinst.exe
          2009-10-29 07:45 . 2004-08-11 22:00 916480
          w- c:\windows\system32\wininet.dll
          2009-10-21 05:38 . 2004-08-11 22:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
          2009-10-21 05:38 . 2004-08-11 22:00 25088 ----a-w- c:\windows\system32\httpapi.dll
          2009-10-20 18:19 . 2009-10-20 18:19 281104 ----a-w- c:\windows\system32\wpcap.dll
          2009-10-20 18:19 . 2009-10-20 18:19 100880 ----a-w- c:\windows\system32\Packet.dll
          2009-10-20 18:19 . 2009-10-20 18:19 50704 ----a-w- c:\windows\system32\drivers\npf.sys
          2009-10-20 18:19 . 2009-10-20 18:19 53299 ----a-w- c:\windows\system32\pthreadVC.dll
          2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
          2001-10-05 16:53 . 2006-05-16 22:03 21866 -c--a-w- c:\program files\Common Files\tppupd2k.dll
          .

          ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SetDefaultMIDI"="MIDIDef.exe" [2004-12-23 24576]
          "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
          "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
          "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]
          "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
          "UniblueSpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe" [2009-04-28 614696]
          "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-12-21 1803064]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
          "MBMon"="CTMBHA.DLL" [2006-03-03 1355938]
          "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
          "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
          "TPP Auto Loader"="c:\windows\tppaldr.exe" [2001-10-05 118784]
          "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
          "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
          "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
          "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
          "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
          "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
          "NVHotkey"="nvHotkey.dll" [2006-05-01 73728]
          "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7118848]
          "nwiz"="nwiz.exe" [2005-12-15 1519616]
          "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
          "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
          "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
          "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
          "ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
          "razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
          "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
          "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-16 39424]
          "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
          "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
          "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
          "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 357384]
          "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 1573384]
          "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 3161608]
          "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
          "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
          "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

          c:\documents and settings\All Users\Start Menu\Programs\Startup\
          AccuWeather Desktop.lnk - c:\program files\AccuWeather\Desktop\AccuWeatherDesktop.exe [2009-4-30 967472]
          Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-9 24576]
          VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-1-13 6144]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
          2009-11-16 15:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
          [BU]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
          @=&quot;"

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
          2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
          "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
          "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
          "HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
          "DisableMonitoring"=dword:00000001

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "c:\\Program Files\\Messenger\\msmsgs.exe"=
          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
          "c:\\Program Files\\uTorrent\\uTorrent.exe"=
          "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
          "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
          "c:\\Program Files\\iTunes\\iTunes.exe"=

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
          "67:UDP"= 67:UDP:DHCP Discovery Service

          R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/16/2009 10:39 AM 333192]
          R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/16/2009 10:39 AM 360584]
          R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/16/2009 10:38 AM 285392]
          R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
          R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [7/14/2009 3:35 PM 19720]
          R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [11/22/2007 12:49 PM 19020]
          R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [1/16/2010 1:53 PM 17792]
          S2 VLC media player;VLC media player;c:\program files\VideoLAN\VLC\vlc.exe [10/30/2009 6:28 AM 135592]
          S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [1/13/2010 6:57 PM 1294336]
          S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
          S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\drivers\TPP200.SYS [5/16/2006 5:03 PM 35541]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
          .
          Contents of the 'Scheduled Tasks' folder

          2010-01-11 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
          - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-02-13 20:31]

          2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{23D265E7-CDFA-4331-9442-93CDE6170CDF}.job
          - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
          .
          .
          Supplementary Scan
          .
          uInternet Connection Wizard,ShellNext = https://login.live.com/resetpw.srf?lc=1033
          uInternet Settings,ProxyOverride = *.local
          IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          Trusted Zone: saramin.co.kr\bestiz
          TCP: {2ADB7F55-8A5D-40C5-8F76-4D3294BA90C4} = 208.67.220.220,208.67.222.222
          TCP: {36FE65F5-4428-411B-BD74-91AA7CBA48AB} = 208.67.220.220,208.67.222.222
          DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
          DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
          DPF: {CD995117-98E5-4169-9920-6C12D4C0B548}
          FF - ProfilePath - c:\documents and settings\Julius\Application Data\Mozilla\Firefox\Profiles\eyaig5oh.default\
          FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
          FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
          FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
          FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
          FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
          FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
          FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
          FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
          FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
          FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
          FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

          ---- FIREFOX POLICIES ----
          FF - user.js: yahoo.homepage.dontask - true.
          - - - - ORPHANS REMOVED - - - -

          BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
          BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)



          **************************************************************************

          catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2010-01-17 17:03
          Windows 5.1.2600 Service Pack 3 NTFS

          scanning hidden processes ...

          scanning hidden autostart entries ...

          scanning hidden files ...

          scan completed successfully
          hidden files: 0

          **************************************************************************

          [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
          "ImagePath"="c:\windows\system32\GameMon.des -service"
          .
          Completion time: 2010-01-17 17:05:49
          ComboFix-quarantined-files.txt 2010-01-17 22:05
          ComboFix2.txt 2010-01-17 16:31
          ComboFix3.txt 2008-11-08 16:28

          Pre-Run: 973,074,432 bytes free
          Post-Run: 904,183,808 bytes free

          Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
          - - End Of File - - 5AFE08B592CD760F1F26DE460EAAAD66



          MBAM Log:

          Malwarebytes' Anti-Malware 1.44
          Database version: 3584
          Windows 5.1.2600 Service Pack 3
          Internet Explorer 8.0.6001.18702

          1/17/2010 5:16:36 PM
          mbam-log-2010-01-17 (17-16-36).txt

          Scan type: Quick Scan
          Objects scanned: 133594
          Time elapsed: 4 minute(s), 35 second(s)

          Memory Processes Infected: 0
          Memory Modules Infected: 0
          Registry Keys Infected: 2
          Registry Values Infected: 0
          Registry Data Items Infected: 0
          Folders Infected: 0
          Files Infected: 0

          Memory Processes Infected:
          (No malicious items detected)

          Memory Modules Infected:
          (No malicious items detected)

          Registry Keys Infected:
          HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

          Registry Values Infected:
          (No malicious items detected)

          Registry Data Items Infected:
          (No malicious items detected)

          Folders Infected:
          (No malicious items detected)

          Files Infected:
          (No malicious items detected)



          Kaspersky Log:

          KASPERSKY ONLINE SCANNER 7.0: scan report
          Sunday, January 17, 2010
          Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
          Kaspersky Online Scanner version: 7.0.26.13
          Last database update: Sunday, January 17, 2010 22:45:11
          Records in database: 3325951

          Scan settings:
          scan using the following database: extended
          Scan archives: yes
          Scan e-mail databases: yes

          Scan area - My Computer:
          C:\
          D:\

          Scan statistics:
          Objects scanned: 89690
          Threats found: 3
          Infected objects found: 6
          Suspicious objects found: 0
          Scan duration: 02:07:54


          File name / Threat / Threats count
          C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
          C:\Qoobox\Quarantine\C\WINDOWS\system32\csrcs.exe.vir Infected: Packed.Win32.Klone.bj 1
          C:\Qoobox\Quarantine\C\WINDOWS\system32\sshnas21.dll.vir Infected: Packed.Win32.Krap.ag 1
          C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2020\A0286452.exe Infected: Packed.Win32.Krap.ag 1
          C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2020\A0289676.exe Infected: Packed.Win32.Klone.bj 1
          C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2020\A0289680.dll Infected: Packed.Win32.Krap.ag 1

          Selected area has been scanned.


          Overall performance:

          So far the computer certainly seems to have been cured and rid of those pesky .exe files, as earlier mentioned in my first post. I'm sure glad I spotted these quick and sought help before accessing my financial online accounts.

          For the time being, things are looking good and no more redirects when running web searches.

          If it would help, I can restart and provide a HJT log as well.

          Thanks to you Gringo, for aiding me through this disaster!
        • gringo_prgringo_pr Puerto Rico
          edited January 2010
          Hello

          Very well done!!

          Kaspersky is only reporting backups created during the course of this fix, and items located in C:\System Volume Information\, which is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache shortly.

          The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

          :Uninstall ComboFix:
          • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
          • please copy and past the following into the box ComboFix /Uninstall and click OK.
          • Note the space between the X and the /Uninstall, it needs to be there.
          • CF-Uninstall.png

          :DeFogger:
            To re-enable your Emulation drivers, double click
          DeFogger to run the tool.
          • The application window will appear
          • Click the Re-enable button to re-enable your CD Emulation drivers
          • Click Yes to continue
          • A 'Finished!' message will appear
          • Click OK
          • DeFogger will now ask to reboot the machine - click OK
          IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

          Your Emulation drivers are now re-enabled.


          :Make your Internet Explorer more secure:
            please visit this page that gives instructions to do this
          http://surfthenetsafely.com/ieseczone8.htm


          :Turn On Automatic Updates:
            Turn On Automatic Updates 1. Click
          Start, click Run, type sysdm.cpl, and then press ENTER.
          2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

          If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

          or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


          :antispyware programs:
            you have a couple of good antispyware programs on this computer but you still can try some of these others to see if you like them also I would reccomend the download and installation of some or all of the following programs (all free),
          and the updating of them regularly:
          • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
          • Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
            totally free but for real-time protection you will have to pay a small one-time fee.
          • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.


          please read this great article by miekiemoes How to prevent Malware:
          and
          this great article by Tony Klein So How Did I Get Infected In First Place

          Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........

          Malware Complaints
          If you were infected .... Stand Up and be Counted.

          I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

          Gringo
        • jkwak01jkwak01 Pennsylvania
          edited January 2010
          I don't know about lodging a complaint. Generally I am pretty picky and cautious about what I download, install, run, or visit on the web in order to avoid situations like this. But then again, the fault will always be mine whether it was by accident or if I had let someone else use my machine. And I have a sinking feeling I know the cause very well, this time.

          Other than that, this experience has been reinvigorating and another reminder of what it is I am up against with malware and spyware. I've probably had three to four other past significant occurrences that ended up rendering my machine's system functionality inoperable at a common user level. Since then, I've learned each time as to what my options can be and have been in combating and resisting these threats.

          But in conclusion of it all, it's not a matter of "hey, mind helping me out again?" versus arming a victim with the knowledge and tools necessary to not only prevent further occurrences, but to also be able to identify and perhaps even diagnose the problem towards a viable solution.

          Back then, we heavily used the HJT logs to pinpoint and target specific entries for removal. I guess things have gotten more automated nowadays, with constant database updates.

          Thanks Gringo, things are good now.
        This discussion has been closed.