 Virtumonde Found And Other Problems, system pausing and dont know why |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Aug 26 2008, 06:47 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 12 Joined: 24-August 08 Member No.: 232,897  |
Just recently my desktop and taskbar have started disappearing and reappearing after start up. Ive ran the suggested scans and I did find a few tracker programs as well as Virtumonde.dll. According to spybot and ad aware they are removed but comp is still doing the same thing, not as bad i have to admit but not like it should be. I should add that I did install 2g of memory and a new video card but this was after the other crap started. Ive tried to do a system recovery but it doesnt work, i get the," not a cdrom drive error". Thank you for any help you can provide. Here is my Hyjackthis Log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:26:23 AM, on 8/26/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\sstray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\Logi_MwX.Exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {92DD2647-FEDB-487C-B3CC-8A9B15083420} - C:\WINDOWS\system32\hgGwVLDu.dll (file missing) O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 6586 bytes |
 |
 
|
|
Sep 4 2008, 05:43 AM
Post
#2
|
|
 Senior Member Group: HJT Senior Classmen Posts: 535 Joined: 12-November 07 From: Australia Member No.: 169,143 |
Hello rufmarine,
I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. White Warrior --------------------  |
|
|
|
|
Sep 5 2008, 07:31 PM
Post
#3
|
|
|
Senior Member Group: HJT Senior Classmen Posts: 535 Joined: 12-November 07 From: Australia Member No.: 169,143 |
Hello rufmarine. Welcome to Bleeping Computer.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs.
White Warrior -------------------- |
|
|
|
|
Sep 6 2008, 06:59 AM
Post
#4
|
|
|
New Member Group: Members Posts: 12 Joined: 24-August 08 Member No.: 232,897 |
Thank you very much White Warrior, here is my RSIT Log and info txt.
RSIT Log: Logfile of random's system information tool (written by random/random) Run by carlos at 2008-09-06 06:55:41 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 67 GB (42%) free of 157 GB Total RAM: 2047 MB (64% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:56:07 AM, on 9/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\sstray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\TuneUp Utilities 2008\OneClick.exe C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe C:\WINDOWS\System32\TuneUpDefragService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\carlos\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\carlos.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {92DD2647-FEDB-487C-B3CC-8A9B15083420} - (no file) O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7198 bytes Scheduled tasks folder C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92DD2647-FEDB-487C-B3CC-8A9B15083420}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "nForce Tray Options"=C:\WINDOWS\system32\sstray.exe [2003-09-02 73728] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480] "nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-04-19 1626112] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016] "Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968] "2Wire Wireless Manager"=C:\Program Files\2Wire Wireless Manager\2Wire.exe [2007-10-01 61440] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-06-10 1447168] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] "QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-05-27 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{35CFE9B1-81C2-4D01-A350-A759292AD7FC}"= [] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\geBtUopO [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App" "C:\Program Files\THQ\Dawn of War\W40k.exe"="C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40K" "C:\Program Files\THQ\Dawn of War\W40kWA.exe"="C:\Program Files\THQ\Dawn of War\W40kWA.exe:*:Enabled:W40kWA" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE"="C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC" "C:\Documents and Settings\carlos\My Documents\Downloads\avast.4.Professional.Edition.v4.8.1229.Incl.Keygen-SND\setupengpro.exe"="C:\Documents and Settings\carlos\My Documents\Downloads\avast.4.Professional.Edition.v4.8.1229.Incl.Keygen-SND\setupengpro.exe:*:Enabled:Windows Application Service" "C:\Documents and Settings\carlos\My Documents\Downloads\avast.4.Professional.Edition.v4.8.1229.Incl.Keygen-SND\Keygen-SND\AvastKeygen.exe"="C:\Documents and Settings\carlos\My Documents\Downloads\avast.4.Professional.Edition.v4.8.1229.Incl.Keygen-SND\Keygen-SND\AvastKeygen.exe:*:Enabled:Windows Application Service" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6198b932-2df1-11dd-af8f-e2241c5ecae2}] shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caf8edcf-74a6-11dd-bbc6-001e37c843a7}] shell\AutoRun\command - LinksysConnectPC.exe List of files/folders created in the last three months 2008-09-06 06:55:41 ----D---- C:\rsit 2008-09-04 12:32:48 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2008-09-02 08:11:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-31 13:41:27 ----A---- C:\WINDOWS\system32\d3dx9.dll 2008-08-31 13:41:27 ----A---- C:\WINDOWS\system32\D3DX81ab.dll 2008-08-31 13:41:17 ----D---- C:\Program Files\Cheat Engine 2008-08-28 23:44:09 ----D---- C:\Program Files\Daniusoft 2008-08-28 23:13:23 ----D---- C:\Converted 2008-08-26 13:50:51 ----D---- C:\Program Files\iPod 2008-08-26 13:50:23 ----D---- C:\Program Files\iTunes 2008-08-26 13:47:54 ----D---- C:\Program Files\Bonjour 2008-08-26 06:25:18 ----D---- C:\Program Files\Trend Micro 2008-08-25 15:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$ 2008-08-25 15:25:07 ----D---- C:\Program Files\ESET 2008-08-25 15:05:32 ----D---- C:\WINDOWS\BDOSCAN8 2008-08-25 15:03:51 ----A---- C:\WINDOWS\wininit.ini 2008-08-25 13:56:40 ----D---- C:\Documents and Settings\carlos\Application Data\Windows Search 2008-08-25 07:55:35 ----ASH---- C:\WINDOWS\system32\OpoUtBeg.ini 2008-08-25 07:25:50 ----A---- C:\WINDOWS\OEWABLog.txt 2008-08-25 06:38:35 ----D---- C:\VundoFix Backups 2008-08-25 06:38:35 ----A---- C:\VundoFix.txt 2008-08-25 06:34:03 ----A---- C:\WINDOWS\system32\javaws.exe 2008-08-25 06:34:03 ----A---- C:\WINDOWS\system32\javaw.exe 2008-08-25 06:34:03 ----A---- C:\WINDOWS\system32\java.exe 2008-08-25 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$ 2008-08-24 16:08:22 ----D---- C:\Documents and Settings\carlos\Application Data\Windows Desktop Search 2008-08-24 15:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$ 2008-08-24 15:34:24 ----D---- C:\Program Files\Windows Desktop Search 2008-08-24 15:34:21 ----D---- C:\WINDOWS\system32\GroupPolicy 2008-08-24 15:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$ 2008-08-24 15:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$ 2008-08-24 15:31:53 ----N---- C:\WINDOWS\system32\spmsg.dll 2008-08-24 15:29:06 ----D---- C:\Program Files\Windows Media Connect 2 2008-08-24 15:27:10 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2008-08-24 15:14:18 ----D---- C:\WINDOWS\NV29203176.TMP 2008-08-24 15:13:23 ----D---- C:\WINDOWS\NV29203960.TMP 2008-08-24 14:57:04 ----D---- C:\Program Files\Lavasoft 2008-08-24 14:56:43 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-23 06:55:17 ----D---- C:\Program Files\QuickTime Alternative 2008-08-23 05:19:30 ----A---- C:\WINDOWS\system32\93c1bac1-.txt 2008-08-23 05:11:48 ----D---- C:\Program Files\Alwil Software 2008-08-22 21:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-08-22 21:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-08-22 21:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2008-08-22 21:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-08-22 21:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-08-22 21:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-08-22 21:25:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-08-22 13:46:03 ----A---- C:\WINDOWS\smartkeydiagnostics.txt 2008-08-22 13:45:33 ----D---- C:\Documents and Settings\carlos\Application Data\2Wire 2008-08-22 13:28:00 ----D---- C:\Documents and Settings\All Users\Application Data\2Wire 2008-08-22 13:27:59 ----D---- C:\Program Files\2Wire Wireless Manager 2008-08-22 13:26:19 ----A---- C:\WINDOWS\system32\ZDPN50.DLL 2008-08-22 13:26:12 ----D---- C:\Program Files\2WIRE, Inc 2008-08-22 13:26:12 ----A---- C:\WINDOWS\system32\ZyDelReg.exe 2008-08-22 13:26:12 ----A---- C:\WINDOWS\system32\InsDrvZD64.DLL 2008-08-22 13:26:12 ----A---- C:\WINDOWS\system32\InsDrvZD.dll 2008-08-21 08:12:40 ----D---- C:\Program Files\AVG 2008-08-21 07:51:09 ----A---- C:\WINDOWS\system32\TUKernel.exe 2008-08-17 05:41:56 ----D---- C:\Program Files\Xilisoft 2008-08-15 12:58:56 ----D---- C:\Documents and Settings\All Users\Application Data\HipSoft 2008-08-15 12:56:47 ----D---- C:\Program Files\Buildalot 2 Town Of The Year 2008-07-30 09:29:07 ----D---- C:\Program Files\LimeWire 2008-07-28 08:51:37 ----A---- C:\WINDOWS\system32\rmoc3260.dll 2008-07-28 08:51:37 ----A---- C:\WINDOWS\system32\pndx5032.dll 2008-07-28 08:51:37 ----A---- C:\WINDOWS\system32\pndx5016.dll 2008-07-28 08:51:35 ----D---- C:\Program Files\Real Alternative 2008-07-28 08:51:35 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2008-07-25 22:49:17 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe 2008-07-25 22:49:11 ----A---- C:\WINDOWS\system32\uxtuneup.dll 2008-07-25 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-07-19 15:41:43 ----D---- C:\Program Files\Microsoft Office 2008-07-19 15:41:38 ----D---- C:\~MSSETUP.T 2008-07-19 15:41:27 ----D---- C:\Program Files\Maxis 2008-07-18 20:48:33 ----D---- C:\Documents and Settings\carlos\Application Data\WinAVI 2008-07-18 19:24:05 ----D---- C:\Documents and Settings\carlos\Application Data\TuneUp Software 2008-07-18 19:23:30 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-07-18 19:23:10 ----D---- C:\Program Files\TuneUp Utilities 2008 2008-07-17 03:01:12 ----A---- C:\WINDOWS\imsins.BAK 2008-07-17 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-07-16 08:30:08 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-07-16 08:24:04 ----A---- C:\WINDOWS\system32\nvwrszht.dll 2008-07-16 08:24:04 ----A---- C:\WINDOWS\system32\nvrszht.dll 2008-07-16 08:24:03 ----A---- C:\WINDOWS\system32\nvwrszhc.dll 2008-07-16 08:24:03 ----A---- C:\WINDOWS\system32\nvrszhc.dll 2008-07-16 08:24:02 ----A---- C:\WINDOWS\system32\nvwrstr.dll 2008-07-16 08:24:02 ----A---- C:\WINDOWS\system32\nvrstr.dll 2008-07-16 08:24:01 ----A---- C:\WINDOWS\system32\nvwrssv.dll 2008-07-16 08:24:01 ----A---- C:\WINDOWS\system32\nvwrssl.dll 2008-07-16 08:24:01 ----A---- C:\WINDOWS\system32\nvrssv.dll 2008-07-16 08:24:01 ----A---- C:\WINDOWS\system32\nvrssl.dll 2008-07-16 08:24:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll 2008-07-16 08:24:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll 2008-07-16 08:24:00 ----A---- C:\WINDOWS\system32\nvrssk.dll 2008-07-16 08:24:00 ----A---- C:\WINDOWS\system32\nvrsru.dll 2008-07-16 08:23:59 ----A---- C:\WINDOWS\system32\nvwrsptb.dll 2008-07-16 08:23:59 ----A---- C:\WINDOWS\system32\nvwrspt.dll 2008-07-16 08:23:59 ----A---- C:\WINDOWS\system32\nvrsptb.dll 2008-07-16 08:23:59 ----A---- C:\WINDOWS\system32\nvrspt.dll 2008-07-16 08:23:58 ----A---- C:\WINDOWS\system32\nvwrspl.dll 2008-07-16 08:23:58 ----A---- C:\WINDOWS\system32\nvwrsno.dll 2008-07-16 08:23:58 ----A---- C:\WINDOWS\system32\nvrspl.dll 2008-07-16 08:23:58 ----A---- C:\WINDOWS\system32\nvrsno.dll 2008-07-16 08:23:57 ----A---- C:\WINDOWS\system32\nvwrsnl.dll 2008-07-16 08:23:57 ----A---- C:\WINDOWS\system32\nvrsnl.dll 2008-07-16 08:23:56 ----A---- C:\WINDOWS\system32\nvwrsko.dll 2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvwrsja.dll 2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvwrsit.dll 2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvwrshu.dll 2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvwrshe.dll 2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvrsko.dll 2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvrsja.dll 2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvrsit.dll 2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvrshu.dll 2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvrshe.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsfr.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsfi.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsesm.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrses.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrseng.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsel.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsde.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsda.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrscs.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsar.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsfr.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsfi.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsesm.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrses.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrseng.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsel.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsde.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsda.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrscs.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsar.dll 2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvmccsrs.dll 2008-07-16 08:23:49 ----D---- C:\WINDOWS\nview 2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nwiz.exe 2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvwimg.dll 2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll 2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvshell.dll 2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nview.dll 2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvdspsch.exe 2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvcolor.exe 2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvappbar.exe 2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\keystone.exe 2008-07-16 08:22:32 ----A---- C:\WINDOWS\system32\nvwddi.dll 2008-07-16 08:22:26 ----A---- C:\WINDOWS\system32\nvsvc32.exe 2008-07-16 08:22:13 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2008-07-16 08:22:12 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll 2008-07-16 08:22:11 ----A---- C:\WINDOWS\system32\nvmctray.dll 2008-07-16 08:22:10 ----A---- C:\WINDOWS\system32\nvmccs.dll 2008-07-16 08:22:10 ----A---- C:\WINDOWS\system32\nvhwvid.dll 2008-07-16 08:21:46 ----A---- C:\WINDOWS\system32\nvcpl.dll 2008-07-16 08:21:42 ----A---- C:\WINDOWS\system32\nvcodins.dll 2008-07-16 08:21:42 ----A---- C:\WINDOWS\system32\nvcod.dll 2008-07-16 08:21:41 ----A---- C:\WINDOWS\system32\nvapi.dll 2008-07-16 08:21:37 ----D---- C:\WINDOWS\system32\EVGA 2008-07-15 14:35:36 ----D---- C:\Documents and Settings\carlos\Application Data\IObit 2008-07-02 23:20:31 ----D---- C:\Documents and Settings\carlos\Application Data\Apple Computer 2008-07-02 23:16:23 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-02 23:15:50 ----D---- C:\Program Files\Apple Software Update 2008-07-02 23:14:59 ----D---- C:\Program Files\Common Files\Apple 2008-07-02 23:14:58 ----D---- C:\Documents and Settings\All Users\Application Data\Apple 2008-07-02 18:30:28 ----D---- C:\Documents and Settings\carlos\Application Data\Uniblue 2008-06-26 08:11:08 ----D---- C:\WINDOWS\NV22003400.TMP 2008-06-25 06:56:04 ----D---- C:\Program Files\MSXML 4.0 2008-06-23 10:09:18 ----D---- C:\Program Files\ACW 2008-06-23 09:20:45 ----A---- C:\WINDOWS\system32\chsbrkr.dll 2008-06-23 09:20:44 ----A---- C:\WINDOWS\system32\chtbrkr.dll 2008-06-23 09:20:43 ----A---- C:\WINDOWS\system32\korwbrkr.dll 2008-06-23 09:20:42 ----A---- C:\WINDOWS\system32\msir3jp.dll 2008-06-23 09:20:04 ----A---- C:\WINDOWS\system32\kbd101a.dll 2008-06-23 09:19:28 ----A---- C:\WINDOWS\system32\kbdnecNT.dll 2008-06-23 09:19:28 ----A---- C:\WINDOWS\system32\kbdnecAT.dll 2008-06-23 09:19:28 ----A---- C:\WINDOWS\system32\kbdnec95.dll 2008-06-23 09:18:32 ----A---- C:\WINDOWS\system32\c_is2022.dll 2008-06-23 09:17:28 ----A---- C:\WINDOWS\system32\kbdkor.dll 2008-06-23 09:17:28 ----A---- C:\WINDOWS\system32\kbdjpn.dll 2008-06-23 09:17:28 ----A---- C:\WINDOWS\system32\kbd103.dll 2008-06-23 09:17:28 ----A---- C:\WINDOWS\system32\kbd101c.dll 2008-06-23 09:17:27 ----A---- C:\WINDOWS\system32\kbd101b.dll 2008-06-23 09:17:22 ----A---- C:\WINDOWS\system32\kbd106.dll 2008-06-23 09:13:05 ----A---- C:\Documents and Settings\carlos\Application Data\SamsungLiveUpdateConfig.ini 2008-06-23 09:05:14 ----D---- C:\Program Files\SAMSUNG 2008-06-23 08:18:19 ----D---- C:\WINDOWS\system32\NtmsData 2008-06-20 10:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-06-19 21:42:09 ----D---- C:\Program Files\Real 2008-06-18 21:32:39 ----D---- C:\Documents and Settings\carlos\Application Data\SystemRequirementsLab 2008-06-18 12:04:33 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8 2008-06-17 18:20:49 ----D---- C:\Program Files\IObit 2008-06-15 12:26:00 ----D---- C:\Documents and Settings\carlos\Application Data\ESET 2008-06-15 08:48:19 ----D---- C:\Documents and Settings\All Users\Application Data\ESET 2008-06-14 08:40:45 ----D---- C:\Documents and Settings\carlos\Application Data\Command & Conquer 3 Tiberium Wars 2008-06-14 08:36:50 ----RHD---- C:\Documents and Settings\carlos\Application Data\SecuROM 2008-06-14 08:36:48 ----A---- C:\WINDOWS\system32CmdLineExt.dll 2008-06-14 08:25:21 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2008-06-14 08:25:12 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2008-06-13 13:17:44 ----D---- C:\My Documents 2008-06-12 13:00:16 ----D---- C:\Program Files\Java 2008-06-12 12:59:43 ----D---- C:\Program Files\Common Files\Java 2008-06-11 11:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-06-11 11:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-06-11 11:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2008-06-11 11:13:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ List of drivers R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760] R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-06-10 53256] R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592] R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944] R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-05-26 8413] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2005-10-05 12544] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2005-07-22 231168] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384] R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640] R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-22 47360] R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952] R3 wsvad_driver;Daniusoft Audio Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [2008-07-16 20608] R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696] S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352] S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] S3 ddxgb;ddxgb; \??\C:\DOCUME~1\carlos\LOCALS~1\Temp\ddxgb.sys [] S3 DrmRDriverV32;DrmRDriverV32; C:\WINDOWS\system32\drivers\DrmRDriverV32.sys [2008-08-19 23096] S3 DrmRVideo32;DrmRVideo32; C:\WINDOWS\system32\DRIVERS\DrmRVideo32.sys [2008-08-19 3768] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2006-04-12 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-10-21 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-10-21 21568] S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816] S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-03-04 53870] S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214] S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804] S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-03-04 73134] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2003-08-15 72771] S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\drivers\wanatw.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] List of services R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-24 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632] R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] R3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-25 354560] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952] S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-06-10 19200] -----------------EOF----------------- RSIT Info: info.txt logfile of random's system information tool 2008-09-06 06:56:13 Uninstall list -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2WIRE Wireless LAN - USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9 2Wire Wireless Manager-->MsiExec.exe /X{3CE11B98-C61C-4692-9E0E-59934761C3BE} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Buildalot 2 Town Of The Year-->"C:\Program Files\Buildalot 2 Town Of The Year\ReflexiveArcade\unins000.exe" Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins000.exe" ConvertXtoDVD 3.1.3.40-->"C:\Program Files\VSO\ConvertX\3\unins000.exe" Daniusoft Media Converter(Build 2.0.26.0)-->"C:\Program Files\Daniusoft\Media Converter\unins000.exe" Dawn Of War - Winter Assault-->MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828} DawnOfWar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC ESET NOD32 Antivirus-->MsiExec.exe /I{2204AF25-80E5-468E-B46D-795685B35DEB} EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F} HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe" Logitech MouseWare 9.76 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA} Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9 NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up -->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe" NVIDIA Drivers-->C:\WINDOWS\system32\nvuaudio.exe UninstallGUI PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime Alternative 1.95-->"C:\Program Files\QuickTime Alternative\unins000.exe" QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Real Alternative 1.8.0-->"C:\Program Files\Real Alternative\unins000.exe" Revo Uninstaller 1.71-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52} Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" SimCity 3000 Unlimited-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000 Unlimited\DeIsL1.isu" -c"C:\Program Files\Maxis\SimCity 3000 Unlimited\_UnInstall.dll" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Video Editor-->C:\Program Files\Xilisoft\Video Editor\Uninstall.exe Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe" Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll Hosts File 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com Security center information AV: ESET NOD32 Antivirus 3.0 Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime Alternative\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF----------------- Kaspersky log : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, September 6, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, September 06, 2008 11:54:44 Records in database: 1197296 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ K:\ L:\ M:\ N:\ O:\ Scan statistics: Files scanned: 62752 Threat name: 2 Infected objects: 5 Suspicious objects: 0 Duration of the scan: 01:55:11 File name / Threat name / Threats count C:\Documents and Settings\carlos\My Documents\LimeWire\Incomplete\Preview-T-3545425-coffee break procussions.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\carlos\My Documents\LimeWire\Incomplete\Preview-T-5745425-shabach procussions.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\carlos\My Documents\LimeWire\Incomplete\T-3545425-coffee break procussions.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\carlos\My Documents\LimeWire\Incomplete\T-5745425-shabach procussions.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\VundoFix Backups\hgGwVLDu.dll.bad Infected: Trojan.Win32.Monder.gen 1 The selected area was scanned. Hmm, i see limewire is part of the problem, i shall be getting rid of that program immediatly This post has been edited by rufmarine: Sep 6 2008, 10:16 AM |
|
|
|
|
Sep 10 2008, 09:31 PM
Post
#5
|
|
|
Senior Member Group: HJT Senior Classmen Posts: 535 Joined: 12-November 07 From: Australia Member No.: 169,143 |
Hello rufmarine
Sorry for the delay. Before we begin, please save these instructions in Notepad to your Desktop, or print them, for easy reference. QUOTE Hmm, i see limewire is part of the problem, i shall be getting rid of that program immediately This is a good idea. This program is very likely the reason your system is infested with malware. Even when a program like this is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove this programs from your system. If you use P2P software, make sure you are careful about what you open and what P2P program you install. Malware is all over the P2P networks and the programs often come bundled with Adware and Spyware. Further readings of interest in regards to the p2p "issue" are: http://pcpitstop.com/spycheck/p2p.asp and this: http://pcpitstop.com/spycheck/badtorrent.asp I noticed keygen/cracks in your log. This entry: C:\Documents and Settings\carlos\My Documents\Downloads\avast.4.Professional.Edition.v4.8.1229.Incl.Keygen-SND Crack, keygen and pirate sites are places some folks go to look for keys and workarounds to illegally use products rather than buy them. In many cases, these sites are infested with a smörgåsbord of malware and an increasing source of system infection. They can lead to other sites containing more malware which you can inadvertently download without knowledge or consent. In some instances an infection may cause so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS. Now, please re-open HijackThis and choose Do a system scan only. Check the boxes next to ONLY the entries listed below: O2 - BHO: (no name) - {92DD2647-FEDB-487C-B3CC-8A9B15083420} - C:\WINDOWS\system32\hgGwVLDu.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) Now close all windows other than HijackThis, including browsers, so that nothing other than HijackThis is open, then click Fix checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. Reboot the computer. Please click on Start > Control Panel > Add or Remove Programs and uninstall the following programs (if present): LimeWire 4.18.3 Please note any other programs that you don't recognize in that list in your next response Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present): C:\VundoFix Backups C:\RSIT C:\Program Files\LimeWire C:\Documents and Settings\carlos\My Documents\Downloads\avast.4 Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present): C:\VundoFix.txt When you are finished, please reboot the computer normally. Please Post a new HJT log, and tell me how the computer is performing now. White Warrior -------------------- |
|
|
|
|
Sep 12 2008, 04:13 PM
Post
#6
|
|
|
New Member Group: Members Posts: 12 Joined: 24-August 08 Member No.: 232,897 |
Thank you for your help White warrior, Here is my recent HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:17:39 PM, on 9/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\sstray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvM |