Google searches redirect to google custom searches engine

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Google searches redirect to google custom searches engine, Also close down sometimes!

Options

BabyMilo View Member Profile	Jan 24 2009, 06:20 PM Post #1
Member Group: Members Posts: 36 Joined: 8-August 06 Member No.: 80,018	I am getting some system files responding as Win32.Banker. Like many others, google is a problem for me! When i ever perform a google search, it redirects me to google custom search with both ie and firefox. When i look up the web script, it comes up with unrealable letters when is not right. And it often shut itself down when i lookup google redirecting to ... Please ask if you need extra details! Thanks for helping me in advance! Well, here is the Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:18:11, on 24/1/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\drivers\csrss.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\OEM02Mon.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\Mozilla Firefox\firefox.exe K:\Downloads\HijackThis.exe F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\drivers\csrss.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Microsoft - {37566535-A634-5164-5467-5A56453BD4FA} - C:\Windows\freesoft_adw.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /S O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ParadialRealTun] "C:\Program Files\Paradial\RealTunnel\rtunnel.exe" /hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: QuickSet.lnk = ?SystemRoot%\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O13 - Gopher Prefix: O15 - ESC Trusted Zone: http://.update.microsoft.com O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\system32\urlmon.dll O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SYSTEM32\astsrv.exe O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9213 bytes Thanks again! This post has been edited by BabyMilo*: Jan 24 2009, 06:43 PM

BabyMilo View Member Profile	Jan 24 2009, 06:29 PM Post #2
Member Group: Members Posts: 36 Joined: 8-August 06 Member No.: 80,018	info.txt logfile of random's system information tool 1.05 2009-01-24 23:26:02 ======Uninstall list====== -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->MsiExec /X{AFD5ED58-271A-4907-96C2-2745C83BB035} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0404-0000-0000000FF1CE} /uninstall {6197A9A1-87C4-4899-80A7-C555C31F95E4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0028-0404-0000-0000000FF1CE} /uninstall {5CE74E24-2E09-4547-A1E0-354688209BBA} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0404-0000-0000000FF1CE} /uninstall {327A849D-1627-4C07-8B62-C5364804968F} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} Adobe InDesign CS3-->C:\Program Files\Common Files\Adobe\Installers\05ba3a63f36684fe0c5dde2ebe6f8f5\Setup.exe Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F} Adobe Photoshop Lightroom 2.2-->MsiExec.exe /I{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF} Adobe Reader 8.1.3 - Chinese Traditional-->MsiExec.exe /I{AC76BA86-7AD7-1028-7B44-A81300000003} Adobe Setup-->MsiExec.exe /I{56B8B892-317E-4FDE-9E4D-44B189848A27} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C} Adobe SING CS3-->MsiExec.exe /I{3F9B2FD2-1C83-4401-9967-C3636638E958} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove Alien Skin Bokeh-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\Bokeh\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\Bokeh\INSTALL.LOG America's Army-->MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16} Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe" Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} BR01-94 Orange rubber strap Screen Saver-->C:\Windows\system32\BR01-94 Orange rubber strap.scr /u Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins000.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021} Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall DELL Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove DELL Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" DVD Region+CSS Free 5.9.8.5-->"C:\Program Files\DVD Region+CSS Free\unins000.exe" ESET NOD32 Antivirus-->MsiExec.exe /I{C082ECE3-DF55-426B-BBE9-E299CA184F82} FlashGet 1.9.4.1063-->C:\Program Files\FlashGet\uninst.exe FlickrDown-->C:\Windows\FlickrDown Uninstaller.exe FocalPoint 1.0-->"C:\Program Files\InstallShield Installation Information\{9EB46587-4354-411C-BBAC-A9BBB2131F3D}\setup.exe" -runfromtemp -l0x0009 -uninst -removeonly Genuine Fractals 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9 -uninst -removeonly Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly HijackThis 2.0.2-->"E:\Downloads\Downloads\HijackThis.exe" /uninstall Intel® PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe Intellihance Pro 4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C7FDDF-8D18-4B29-B81A-CDA512093274}\setup.exe" -l0x9 -uninst -removeonly iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} K-Lite Codec Pack 4.1.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Laptop Integrated Webcam Driver (1.00.10.0320) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove Mask Pro 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DFAC810-6DD8-4E23-96A4-BEB118408203}\setup.exe" -l0x9 -uninst -removeonly mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102} mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Office Access MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0015-0404-0000-0000000FF1CE} Microsoft Office Excel MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0016-0404-0000-0000000FF1CE} Microsoft Office IME (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0028-0404-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0044-0404-0000-0000000FF1CE} Microsoft Office Outlook MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-001A-0404-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0018-0404-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-001F-0404-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proofing (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-002C-0404-0000-0000000FF1CE} Microsoft Office Publisher MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0019-0404-0000-0000000FF1CE} Microsoft Office Shared MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-006E-0404-0000-0000000FF1CE} Microsoft Office Word MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-001B-0404-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F} Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} Need for Speed? Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88} Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041033} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NFSNation Undercover Save Editor-->C:\Program Files\NFSNation\Undercover Save Editor\Uninstall.exe NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI NVIDIA PhysX v8.08.18-->MsiExec.exe /X{AFD5ED58-271A-4907-96C2-2745C83BB035} O&O Defrag Professional-->MsiExec.exe /I{F530581E-12FE-43B4-A28D-E5257AAD63E6} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PhotoFrame Pro 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F073685-ADDB-4D5A-98E9-0F795989A57F}\setup.exe" -l0x9 -uninst -removeonly PhotoPresets with One-Click WOW! for Adobe Camera Raw-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB083118-49ED-4CD7-8CE8-241C1F958E2C}\setup.exe" -l0x9 -uninst -removeonly PhotoPresets with One-Click WOW!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{235674B0-A35F-4811-8A8F-E8F42A919EA3}\setup.exe" -l0x9 -uninst -removeonly PhotoTools 1.0 Professional Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B01DD5B7-9862-43D7-BCA3-7882A17E4328}\setup.exe" -l0x9 -uninst -removeonly PhotoTune 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C723788-585C-4537-92AC-CF616209197C}\setup.exe" -l0x9 -uninst -removeonly Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3} Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31} PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u QuickSet-->MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E} QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Real Alternative 1.8.2-->"C:\Program Files\Real Alternative\unins000.exe" RealTunnel-->C:\Program Files\Paradial\RealTunnel\uninst.exe RivaTuner v2.09-->"C:\Program Files\RivaTuner v2.09\uninstall.exe" Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe" SWAT 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0009 -removeonly Torrent Harvester-->C:\Program Files\Torrent Harvester\uninstall.exe Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796} VistaGlazz 1.1-->"C:\Program Files\CodeGazer\VistaGlazz\unins000.exe" VP6 Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}\Setup.exe" -l0x9 Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Call-->MsiExec.exe /I{4FDDC592-3089-4510-A891-FB492B9CF37C} Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B} Windows Live Messenger-->MsiExec.exe /X{5C91A37F-64AC-4C9A-A6DB-06D7E56E101D} Windows Live 上載工具-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Live 登入小幫手-->MsiExec.exe /I{750C7476-9A2D-4996-BA43-11946B28B3BE} Windows Live 程式集-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live 程式集-->MsiExec.exe /I{4B0F63DE-E54F-46C4-B32B-F2211373D3D1} Windows 音效配置-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall WinRAR 壓縮工具-->C:\Program Files\WinRAR\uninstall.exe Your Freedom-->"C:\Program Files\Your Freedom\uninstall.exe" ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: ESET NOD32 Antivirus 3.0 AS: ESET NOD32 Antivirus 3.0 AS: Windows Defender System event log Computer Name: Adam-PC Event Code: 7036 Message: WinHTTP Web Proxy Auto-Discovery Service 服務已進入執行中狀態。 Record Number: 89892 Source Name: Service Control Manager Time Written: 20090124230047.000000-000 Event Type: 資訊 User: Computer Name: Adam-PC Event Code: 10029 Message: DCOM 啟動了含有引數 "" 的服務 TrustedInstaller，以執行伺服器: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Record Number: 89893 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20090124230525.000000-000 Event Type: 資訊 User: Computer Name: Adam-PC Event Code: 7036 Message: Windows Modules Installer 服務已進入執行中狀態。 Record Number: 89894 Source Name: Service Control Manager Time Written: 20090124230526.000000-000 Event Type: 資訊 User: Computer Name: Adam-PC Event Code: 7036 Message: Windows Modules Installer 服務已進入停止狀態。 Record Number: 89895 Source Name: Service Control Manager Time Written: 20090124231526.000000-000 Event Type: 資訊 User: Computer Name: Adam-PC Event Code: 7036 Message: WinHTTP Web Proxy Auto-Discovery Service 服務已進入停止狀態。 Record Number: 89896 Source Name: Service Control Manager Time Written: 20090124231717.000000-000 Event Type: 資訊 User: Application event log Computer Name: Adam-PC Event Code: 1000 Message: WmiApRpl (WmiApRpl) 服務的效能計數器已順利載入。Data 區段中的 Record Data 包含指派給此服務的新索引值。 Record Number: 23094 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090124224750.000000-000 Event Type: 資訊 User: Computer Name: Adam-PC Event Code: 1000 Message: 失敗的應用程式 iexplore.exe，版本 7.0.6001.18000，時間戳記 0x47918f11，失敗的模組 unknown，版本 0.0.0.0，時間戳記 0x00000000，例外狀況碼 0xc00000fd，錯誤位移 0x104641dc，處理程序識別碼 0x172c，應用程式開始時間 0x01c97e7629b200a2。 Record Number: 23095 Source Name: Application Error Time Written: 20090124225137.000000-000 Event Type: 錯誤 User: Computer Name: Adam-PC Event Code: 1000 Message: 失敗的應用程式 iexplore.exe，版本 7.0.6001.18000，時間戳記 0x47918f11，失敗的模組 kernel32.dll，版本 6.0.6001.18000，時間戳記 0x4791a76d，例外狀況碼 0xc00000fd，錯誤位移 0x00028d99，處理程序識別碼 0xe3c，應用程式開始時間 0x01c97e76a9fe1692。 Record Number: 23096 Source Name: Application Error Time Written: 20090124225557.000000-000 Event Type: 錯誤 User: Computer Name: Adam-PC Event Code: 1001 Message: WmiApRpl (WmiApRpl) 服務的效能計數器已順利移除。Record Data 包含新的系統 Last Counter 及 Last Help 登錄項目值。 Record Number: 23097 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090124230825.000000-000 Event Type: 資訊 User: Computer Name: Adam-PC Event Code: 1000 Message: WmiApRpl (WmiApRpl) 服務的效能計數器已順利載入。Data 區段中的 Record Data 包含指派給此服務的新索引值。 Record Number: 23098 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090124230825.000000-000 Event Type: 資訊 User: Security event log Computer Name: Adam-PC Event Code: 5038 Message: 程式碼完整性已經判斷檔案的映像雜湊不正確。檔案可能因為未授權的修改而損毀，或不正確的雜湊表示潛在的磁碟裝置錯誤。檔案名稱: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 46440 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090124232558.848792-000 Event Type: 稽核失敗 User: Computer Name: Adam-PC Event Code: 5038 Message: 程式碼完整性已經判斷檔案的映像雜湊不正確。檔案可能因為未授權的修改而損毀，或不正確的雜湊表示潛在的磁碟裝置錯誤。檔案名稱: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 46441 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090124232558.879992-000 Event Type: 稽核失敗 User: Computer Name: Adam-PC Event Code: 5038 Message: 程式碼完整性已經判斷檔案的映像雜湊不正確。檔案可能因為未授權的修改而損毀，或不正確的雜湊表示潛在的磁碟裝置錯誤。檔案名稱: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 46442 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090124232558.926792-000 Event Type: 稽核失敗 User: Computer Name: Adam-PC Event Code: 5038 Message: 程式碼完整性已經判斷檔案的映像雜湊不正確。檔案可能因為未授權的修改而損毀，或不正確的雜湊表示潛在的磁碟裝置錯誤。檔案名稱: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 46443 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090124232558.957992-000 Event Type: 稽核失敗 User: Computer Name: Adam-PC Event Code: 5038 Message: 程式碼完整性已經判斷檔案的映像雜湊不正確。檔案可能因為未授權的修改而損毀，或不正確的雜湊表示潛在的磁碟裝置錯誤。檔案名稱: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 46444 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090124232558.989192-000 Event Type: 稽核失敗 User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Users\Adam\Documents\VistaMaster;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=0f0a "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip -----------------EOF----------------- Logfile of random's system information tool 1.05 (written by random/random) Run by Adam at 2009-01-24 23:25:55 MicrosoftR Windows Vista? Ultimate Service Pack 1 System drive C: has 12 GB (32%) free of 38 GB Total RAM: 2045 MB (51% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:59, on 24/1/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\drivers\csrss.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\OEM02Mon.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\Mozilla Firefox\firefox.exe K:\Downloads\HijackThis.exe C:\Windows\system32\cmd.exe C:\Downloads\RSIT.exe K:\Downloads\Adam.exe C:\Windows\system32\DllHost.exe F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\drivers\csrss.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Microsoft - {37566535-A634-5164-5467-5A56453BD4FA} - C:\Windows\freesoft_adw.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /S O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ParadialRealTun] "C:\Program Files\Paradial\RealTunnel\rtunnel.exe" /hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: QuickSet.lnk = ?SystemRoot%\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O13 - Gopher Prefix: O15 - ESC Trusted Zone: http://*.update.microsoft.com O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SYSTEM32\astsrv.exe O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7328 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37566535-A634-5164-5467-5A56453BD4FA}] Microsoft - C:\Windows\freesoft_adw.dll [2008-12-31 70656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-08-08 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live 登入小幫手 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 857648] "Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-03-21 1548288] "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-15 1402112] "OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-02-01 36864] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-05-06 405504] "RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe [2008-04-28 24576] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-02 13683232] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-02 92704] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "ParadialRealTun"=C:\Program Files\Paradial\RealTunnel\rtunnel.exe [2006-02-21 385024] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Program Files\FlashGet\flashget.exe [2007-09-11 1998896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey] C:\Windows\system32\nvHotkey.dll [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe] C:\Windows\OEM02Mon.exe [2007-02-01 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] C:\Windows\system32\oodtray.exe [2008-11-03 2540800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParadialRealTun] C:\Program Files\Paradial\RealTunnel\rtunnel.exe [2006-02-21 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2008-08-08 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk] [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-08-09 233888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 49152] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=2 "DontDisplayLogonHoursWarnings"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "EnableLUA"=0 "SynchronousMachineGroupPolicy"=0 "SynchronousUserGroupPolicy"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e92003c-6fd5-11dd-83d3-0021706faa25}] shell\Auto\command - avp.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL avp.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e18d1b4-8437-11dd-9871-0021706faa25}] shell\AutoRun\command - H:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ad963da-cb46-11dd-b077-0021706faa25}] shell\AutoRun\command - WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84f77d0-8b99-11dd-95ed-0021706faa25}] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84f77e3-8b99-11dd-95ed-0021706faa25}] shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9108043-7ffd-11dd-964d-0021706faa25}] shell\AutoRun\command - H:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2009-01-24 23:25:55 ----D---- C:\rsit 2009-01-24 22:53:23 ----A---- C:\up23494.exe 2009-01-24 22:52:22 ----A---- C:\up65702.exe 2009-01-24 21:42:00 ----A---- C:\Users\Adam\AppData\Roaming\SetValue.bat 2009-01-24 21:42:00 ----A---- C:\Users\Adam\AppData\Roaming\GetValue.vbs 2009-01-24 21:40:35 ----A---- C:\Windows\system32\tmp.txt 2009-01-24 21:38:47 ----A---- C:\Windows\system32\WS2Fix.exe 2009-01-24 21:38:47 ----A---- C:\Windows\system32\VCCLSID.exe 2009-01-24 21:38:47 ----A---- C:\Windows\system32\VACFix.exe 2009-01-24 21:38:47 ----A---- C:\Windows\system32\o4Patch.exe 2009-01-24 21:38:47 ----A---- C:\Windows\system32\IEDFix.exe 2009-01-24 21:38:47 ----A---- C:\Windows\system32\IEDFix.C.exe 2009-01-24 21:38:47 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe 2009-01-24 21:38:47 ----A---- C:\Windows\system32\404Fix.exe 2009-01-24 21:38:46 ----A---- C:\Windows\system32\swxcacls.exe 2009-01-24 21:38:46 ----A---- C:\Windows\system32\swsc.exe 2009-01-24 21:38:46 ----A---- C:\Windows\system32\swreg.exe 2009-01-24 21:38:46 ----A---- C:\Windows\system32\SrchSTS.exe 2009-01-24 21:38:46 ----A---- C:\Windows\system32\Process.exe 2009-01-24 21:38:46 ----A---- C:\Windows\system32\dumphive.exe 2009-01-15 21:45:18 ----A---- C:\Windows\system32\CmdLineExt03.dll 2009-01-13 19:54:18 ----D---- C:\Program Files\ATITool 2009-01-10 14:31:19 ----D---- C:\Program Files\Microsoft 2009-01-10 14:31:03 ----D---- C:\Program Files\Windows Live SkyDrive 2009-01-10 14:22:47 ----D---- C:\Program Files\Common Files\Windows Live 2009-01-03 14:35:21 ----A---- C:\Windows\system32\GEARAspi.dll 2009-01-03 14:35:20 ----DC---- C:\Windows\system32\DRVSTORE 2009-01-03 14:34:52 ----D---- C:\Program Files\iPod 2009-01-03 14:34:51 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-03 14:34:51 ----D---- C:\Program Files\iTunes 2009-01-03 14:32:32 ----D---- C:\Program Files\QuickTime 2009-01-03 14:31:10 ----D---- C:\Program Files\Apple Software Update 2009-01-02 18:52:34 ----A---- C:\Windows\system32\nvwssr.dll 2009-01-02 18:52:33 ----A---- C:\Windows\system32\nvvitvsr.dll 2009-01-02 18:52:33 ----A---- C:\Windows\system32\nvmoblsr.dll 2009-01-02 18:52:33 ----A---- C:\Windows\system32\nvmccssr.dll 2009-01-02 18:52:33 ----A---- C:\Windows\system32\nvgamesr.dll 2009-01-02 18:52:33 ----A---- C:\Windows\system32\nvdispsr.dll 2008-12-31 17:50:54 ----D---- C:\Users\Adam\AppData\Roaming\Alien Skin 2008-12-31 17:47:09 ----D---- C:\Program Files\Alien Skin 2008-12-31 17:28:21 ----A---- C:\Windows\freesoft_adw.dll ======List of files/folders modified in the last 1 months====== 2009-01-24 23:25:59 ----D---- C:\Windows\Temp 2009-01-24 23:25:47 ----RD---- C:\Downloads 2009-01-24 23:08:25 ----D---- C:\Windows\System32 2009-01-24 23:08:25 ----D---- C:\Windows\inf 2009-01-24 23:08:25 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-01-24 23:07:06 ----D---- C:\Program Files\Mozilla Firefox 2009-01-24 23:06:52 ----D---- C:\Users\Adam\AppData\Roaming\Mozilla 2009-01-24 22:46:53 ----AD---- C:\ProgramData\TEMP 2009-01-24 22:45:21 ----D---- C:\Program Files\SpywareBlaster 2009-01-24 21:07:52 ----A---- C:\Windows\system32\PnkBstrB.exe 2009-01-24 20:21:53 ----D---- C:\Program Files\FlashGet 2009-01-24 20:16:49 ----SHD---- C:\System Volume Information 2009-01-24 20:12:48 ----D---- C:\Windows\Debug 2009-01-24 14:29:34 ----D---- C:\Windows\system32\drivers 2009-01-24 11:20:00 ----A---- C:\Windows\NeroDigital.ini 2009-01-21 18:53:08 ----AD---- C:\Windows 2009-01-18 00:00:22 ----D---- C:\Windows\system32\catroot2 2009-01-15 21:43:53 ----HD---- C:\Program Files\InstallShield Installation Information 2009-01-15 21:42:16 ----SHD---- C:\Windows\Installer 2009-01-14 22:01:30 ----D---- C:\Program Files\Common Files\Adobe 2009-01-14 22:01:26 ----D---- C:\ProgramData\Adobe 2009-01-14 22:01:04 ----D---- C:\Program Files\Adobe 2009-01-14 20:03:52 ----D---- C:\Windows\winsxs 2009-01-14 19:54:19 ----D---- C:\Windows\system32\catroot 2009-01-14 19:54:16 ----D---- C:\Program Files\Windows Mail 2009-01-14 19:54:12 ----D---- C:\ProgramData\Microsoft Help 2009-01-13 19:54:18 ----RD---- C:\Program Files 2009-01-13 19:42:49 ----A---- C:\Windows\avisplitter.INI 2009-01-10 14:37:26 ----SD---- C:\Users\Adam\AppData\Roaming\Microsoft 2009-01-10 14:31:14 ----D---- C:\Program Files\Windows Live 2009-01-10 14:31:08 ----D---- C:\Program Files\Common Files\microsoft shared 2009-01-10 14:22:47 ----D---- C:\Program Files\Common Files 2009-01-10 01:35:28 ----A---- C:\Windows\system32\mrt.exe 2009-01-04 10:56:58 ----D---- C:\Windows\Minidump 2009-01-03 14:34:52 ----D---- C:\Program Files\Common Files\Apple 2009-01-03 14:34:51 ----D---- C:\ProgramData 2009-01-03 14:33:29 ----D---- C:\Program Files\Bonjour 2009-01-03 14:31:08 ----D---- C:\Windows\system32\Tasks 2009-01-02 19:04:20 ----D---- C:\ProgramData\NVIDIA 2009-01-02 19:02:24 ----A---- C:\Windows\ntbtlog.txt 2008-12-27 02:54:59 ----RSD---- C:\Windows\assembly ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2007-08-08 28968] R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720] R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-02-06 29704] R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-02-06 34312] R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-02-06 39944] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-14 32256] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-20 45568] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848] R3 NETw4v32;用於 Windows Vista 32 Bit 的 Intel® Wireless WiFi Link 介面卡驅動程式; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-02 7643904] R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-03-19 234496] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424] R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.09\RivaTuner32.sys [2008-04-28 9088] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-06 326656] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-27 182456] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264] S3 a1cd2hd6;a1cd2hd6; C:\Windows\system32\drivers\a1cd2hd6.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio 服務; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [] S3 MSKSSRV;Microsoft 串流服務 Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192] S3 MSPCLOCK;Microsoft 串流時鐘 Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888] S3 MSPQM;Microsoft 串流品質管理程式 Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504] S3 MSTEE;Microsoft 串流目錄/接收器對接收器轉換器; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016] S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 RTL8169;Realtek 8169 NT 驅動程式; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000] S3 usbvideo;USB 視訊裝置 (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 astcc;AST Service; C:\Windows\SYSTEM32\astsrv.exe [2008-05-07 57344] R2 Bonjour Service;Bonjour 服務; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504] R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-15 464128] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-02 207392] R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2008-11-03 1332480] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-12-20 66872] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680] R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-05-06 94208] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-03-21 24064] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560] R3 iPod Service;iPod 服務; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-10 72704] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504] S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-06 19200] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-09 654848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504] -----------------EOF-----------------

BabyMilo View Member Profile	Jan 24 2009, 06:32 PM Post #3
Member Group: Members Posts: 36 Joined: 8-August 06 Member No.: 80,018	DDS (Ver_09-01-19.01) - NTFSx86 Run by Adam at 23:31:25.98 on 24/01/2009 星期六 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0 AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Windows\SYSTEM32\astsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\oodag.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\System32\alg.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\OEM02Mon.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\FlashGet\flashget.exe C:\Downloads\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.hk/ uWindow Title = uInternet Settings,ProxyOverride = .local uInternet Settings,ProxyServer = 127.0.0.1:8080 mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\csrss.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: Microsoft: {37566535-a634-5164-5467-5a56453bd4fa} - c:\windows\freesoft_adw.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.09\RivaTunerWrapper.exe" /S mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ParadialRealTun] "c:\program files\paradial\realtunnel\rtunnel.exe" /hide mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0) mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0) IE: &￥t3!‥I￥I FlashGet ?U﹐u - c:\program files\flashget\jc_all.htm IE: &‥I￥I FlashGet ?U﹐u - c:\program files\flashget\jc_link.htm IE: &使用 FlashGet 下載 - c:\program files\flashget\jc_link.htm IE: &全部使用 FlashGet 下載 - c:\program files\flashget\jc_all.htm IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\kbk5of0q.default\ FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll ============= SERVICES / DRIVERS =============== R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-6 34312] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 234496] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-8-8 7424] R4 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-15 464128] =============== Created Last 30 ================ 2009-01-24 22:53 20,741 a------- C:\up23494.exe 2009-01-24 22:52 25,993 a------- C:\up65702.exe 2009-01-24 21:42 691 a------- c:\users\adam\appdata\roaming\GetValue.vbs 2009-01-24 21:42 35 a------- c:\users\adam\appdata\roaming\SetValue.bat 2009-01-24 21:40 3,206 a------- c:\windows\system32\tmp.reg 2009-01-24 20:13 <DIR> --d----- c:\users\adam\Tracing 2009-01-24 14:29 26,933 a------- c:\windows\system32\drivers\csrss.exe 2009-01-15 21:45 43,520 a------- c:\windows\system32\CmdLineExt03.dll 2009-01-14 19:47 288,768 a------- c:\windows\system32\drivers\srv.sys 2009-01-13 19:54 <DIR> --d----- c:\program files\ATITool 2009-01-10 14:31 <DIR> --d----- c:\program files\Microsoft 2009-01-10 14:31 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-01-10 14:22 <DIR> --d----- c:\program files\common files\Windows Live 2009-01-06 21:00 327,680 a------- c:\windows\system32\vp6dec.ax 2009-01-06 21:00 53,248 a------- c:\windows\system32\vp6dec_settings.cpl 2009-01-03 14:35 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-01-03 14:35 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-01-03 14:34 <DIR> --d----- c:\program files\iPod 2009-01-03 14:34 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-03 14:34 <DIR> --d----- c:\program files\iTunes 2009-01-03 14:34 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-02 18:52 3,033,632 a------- c:\windows\system32\nvwssr.dll 2009-01-02 18:52 6,580,768 a------- c:\windows\system32\nvdispsr.dll 2009-01-02 18:52 4,287,008 a------- c:\windows\system32\nvvitvsr.dll 2009-01-02 18:52 4,287,008 a------- c:\windows\system32\nvgamesr.dll 2009-01-02 18:52 2,861,600 a------- c:\windows\system32\nvmoblsr.dll 2009-01-02 18:52 465,440 a------- c:\windows\system32\nvmccssr.dll 2009-01-02 18:52 205,116 a------- c:\windows\system32\nvapps.xml 2008-12-31 17:47 <DIR> --d----- c:\program files\Alien Skin 2008-12-31 17:28 70,656 a------- c:\windows\freesoft_adw.dll ==================== Find3M ==================== 2009-01-24 23:08 334,324 a------- c:\windows\system32\prfh0404.dat 2009-01-24 23:08 105,622 a------- c:\windows\system32\prfc0404.dat 2009-01-24 22:41 117,896 a------- c:\programdata\nvModes.dat 2009-01-24 22:41 117,896 a------- c:\progra~2\nvModes.dat 2009-01-24 21:08 138,624 a------- c:\windows\system32\drivers\PnkBstrK.sys 2009-01-24 21:07 202,352 a------- c:\windows\system32\PnkBstrB.exe 2009-01-13 19:54 51,200 a------- c:\windows\inf\infpub.dat 2009-01-13 19:54 143,360 a------- c:\windows\inf\infstrng.dat 2009-01-13 19:54 86,016 a------- c:\windows\inf\infstor.dat 2008-12-20 16:00 66,872 a------- c:\windows\system32\PnkBstrA.exe 2008-12-20 07:51 107,888 a------- c:\windows\system32\CmdLineExt.dll 2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe 2008-12-11 23:22 159,989 a------- c:\windows\FlickrDown Uninstaller.exe 2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll 2008-12-02 14:07 203,264 a------- c:\windows\system32\BR01-94 Orange rubber strap.scr 2008-12-02 02:13 453,152 a------- c:\windows\system32\NVUNINST.EXE 2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe 2008-11-18 20:10 615,424 a------- c:\windows\system32\themeui.dll 2008-11-18 20:10 240,128 a------- c:\windows\system32\uxtheme.dll 2008-11-16 10:30 119,120 a------- c:\windows\dxsdkuninst.exe 2008-11-03 11:46 1,307,904 a------- c:\windows\system32\ooscrsav.scr 2008-11-03 11:45 730,368 a------- c:\windows\system32\oodsvct.exe 2008-11-03 11:45 1,332,480 a------- c:\windows\system32\oodag.exe 2008-11-03 11:45 2,540,800 a------- c:\windows\system32\oodtray.exe 2008-11-03 11:44 194,816 a------- c:\windows\system32\oodbs.exe 2008-11-03 11:42 951,552 a------- c:\windows\system32\oodtrrs.dll 2008-11-03 11:41 541,952 a------- c:\windows\system32\oodssrs.dll 2008-11-03 11:41 9,984 a------- c:\windows\system32\oodbsrs.dll 2008-11-03 11:41 15,616 a------- c:\windows\system32\oodagmg.dll 2008-11-03 11:41 8,448 a------- c:\windows\system32\oodagrs.dll 2008-11-01 03:44 52,736 a------- c:\windows\apppatch\iebrshim.dll 2008-11-01 03:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll 2008-11-01 03:44 541,696 a------- c:\windows\apppatch\AcLayers.dll 2008-11-01 03:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll 2008-11-01 03:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2008-11-01 03:44 28,672 a------- c:\windows\system32\Apphlpdm.dll 2008-11-01 01:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 a------- c:\windows\explorer.exe 2008-10-28 09:41 14,303,392 a------- c:\windows\system32\xlive.dll 2008-10-28 09:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll 2008-10-27 15:21 15,104 a------- c:\windows\system32\ootmapi.dll 2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll 2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll 2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll 2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll 2008-10-23 11:04 20 ----h--- c:\programdata\PKP_DLea.DAT 2008-10-23 11:04 20 ----h--- c:\progra~2\PKP_DLea.DAT 2008-10-22 22:13 20 ----h--- c:\programdata\PKP_DLbz.DAT 2008-10-22 22:13 20 ----h--- c:\progra~2\PKP_DLbz.DAT 2008-10-22 22:05 20 ----h--- c:\programdata\PKP_DLbx.DAT 2008-10-22 22:05 20 ----h--- c:\progra~2\PKP_DLbx.DAT 2008-10-22 21:32 20 ----h--- c:\programdata\PKP_DLck.DAT 2008-10-22 21:32 20 ----h--- c:\progra~2\PKP_DLck.DAT 2008-08-26 13:03 22,328 a------- c:\users\adam\appdata\roaming\PnkBstrK.sys 2008-08-22 13:41 27,240 a------- c:\users\adam\appdata\roaming\nvModes.dat 2008-08-19 08:41 174 a--sh--- c:\program files\desktop.ini 2008-08-19 08:31 665,600 a------- c:\windows\inf\drvindex.dat 2006-11-08 09:47 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-08 09:47 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-08 09:47 116,540 a------- c:\windows\inf\perflib\0404\perfi.dat 2006-11-08 09:47 116,540 a------- c:\windows\inf\perflib\0404\perfh.dat 2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0404\perfd.dat 2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0404\perfc.dat 2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2008-08-19 11:49 61 ---sh--- c:\windows\cnerolf.bin 2008-08-18 18:35 76 ---shr-- c:\windows\CT4CET.bin 2008-09-26 18:47 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2008-09-26 18:47 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-09-26 18:47 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat ============= FINISH: 23:31:49.67 =============== This post has been edited by BabyMilo: Jan 24 2009, 06:35 PM Attached File(s)* Attach.txt ( 5.37k ) Number of downloads: 1

BabyMilo View Member Profile	Jan 25 2009, 03:57 PM Post #4
Member Group: Members Posts: 36 Joined: 8-August 06 Member No.: 80,018	*Title was: Internet browsers problems!, Firefox and IE* ~ OB** I have a problem which when i ever do i search on google, it will redirect me to google custom search with safesearch mode on and cant turn back off. And if i click on any pages ie. bbc via google, the top link it will still stay at google! Second problem, which i ever try to download something or open too many tabs, it will force itself to shutdown. Please ask for more info. Here is my DDS: DDS (Ver_09-01-19.01) - NTFSx86 Run by Adam at 20:56:29.78 on 25/01/2009 æ˜ŸæœŸæ—¥ Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0 AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Windows\SYSTEM32\astsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\oodag.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\System32\alg.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\OEM02Mon.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskeng.exe C:\Users\Adam\Documents\My Documents\WLM Lite 8.5.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\conime.exe C:\Program Files\Paradial\RealTunnel\rtunnel.exe C:\Users\Adam\Documents\My Documents\WLM Lite\4000001900003i\usnsvc.exe C:\Program Files\Opera\opera.exe C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Downloads\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.hk/ uWindow Title = uInternet Settings,ProxyOverride = .local uInternet Settings,ProxyServer = 127.0.0.1:8080 mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\csrss.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: Microsoft: {37566535-a634-5164-5467-5a56453bd4fa} - c:\windows\freesoft_adw.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll BHO: Windows Live ç™»å…¥å°å¹«æ‰‹: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.09\RivaTunerWrapper.exe" /S mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ParadialRealTun] "c:\program files\paradial\realtunnel\rtunnel.exe" /hide mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0) mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0) IE: &ï¿¥t3!â€¥Iï¿¥I FlashGet ?Uï¹u - c:\program files\flashget\jc_all.htm IE: &â€¥Iï¿¥I FlashGet ?Uï¹u - c:\program files\flashget\jc_link.htm IE: &ä½¿ç”¨ FlashGet ä¸‹è¼‰ - c:\program files\flashget\jc_link.htm IE: &å…¨éƒ¨ä½¿ç”¨ FlashGet ä¸‹è¼‰ - c:\program files\flashget\jc_all.htm IE: åŒ¯å‡ºè‡³ Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\kbk5of0q.default\ FF - prefs.js: browser.startup.homepage - hk.yahoo.com FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll ============= SERVICES / DRIVERS =============== R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-6 34312] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 234496] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-8-8 7424] R4 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-15 464128] R4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-1-25 809296] =============== Created Last 30 ================ 2009-01-25 15:58 <DIR> --d----- c:\programdata\Spybot - Search & Destroy 2009-01-25 15:58 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-01-25 15:58 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy 2009-01-24 22:53 20,741 a------- C:\up23494.exe 2009-01-24 22:52 25,993 a------- C:\up65702.exe 2009-01-24 21:42 691 a------- c:\users\adam\appdata\roaming\GetValue.vbs 2009-01-24 21:42 35 a------- c:\users\adam\appdata\roaming\SetValue.bat 2009-01-24 21:40 3,206 a------- c:\windows\system32\tmp.reg 2009-01-24 20:13 <DIR> --d----- c:\users\adam\Tracing 2009-01-24 14:29 26,933 a------- c:\windows\system32\drivers\csrss.exe 2009-01-15 21:45 43,520 a------- c:\windows\system32\CmdLineExt03.dll 2009-01-14 19:47 288,768 a------- c:\windows\system32\drivers\srv.sys 2009-01-13 19:54 <DIR> --d----- c:\program files\ATITool 2009-01-10 14:31 <DIR> --d----- c:\program files\Microsoft 2009-01-10 14:31 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-01-10 14:22 <DIR> --d----- c:\program files\common files\Windows Live 2009-01-06 21:00 327,680 a------- c:\windows\system32\vp6dec.ax 2009-01-06 21:00 53,248 a------- c:\windows\system32\vp6dec_settings.cpl 2009-01-03 14:35 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-01-03 14:35 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-01-03 14:34 <DIR> --d----- c:\program files\iPod 2009-01-03 14:34 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-03 14:34 <DIR> --d----- c:\program files\iTunes 2009-01-03 14:34 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-02 18:52 3,033,632 a------- c:\windows\system32\nvwssr.dll 2009-01-02 18:52 6,580,768 a------- c:\windows\system32\nvdispsr.dll 2009-01-02 18:52 4,287,008 a------- c:\windows\system32\nvvitvsr.dll 2009-01-02 18:52 4,287,008 a------- c:\windows\system32\nvgamesr.dll 2009-01-02 18:52 2,861,600 a------- c:\windows\system32\nvmoblsr.dll 2009-01-02 18:52 465,440 a------- c:\windows\system32\nvmccssr.dll 2009-01-02 18:52 205,116 a------- c:\windows\system32\nvapps.xml 2008-12-31 17:47 <DIR> --d----- c:\program files\Alien Skin 2008-12-31 17:28 70,656 a------- c:\windows\freesoft_adw.dll ==================== Find3M ==================== 2009-01-25 20:18 334,324 a------- c:\windows\system32\prfh0404.dat 2009-01-25 20:18 105,622 a------- c:\windows\system32\prfc0404.dat 2009-01-25 14:27 117,896 a------- c:\programdata\nvModes.dat 2009-01-25 14:27 117,896 a------- c:\progra~2\nvModes.dat 2009-01-25 11:27 138,624 a------- c:\windows\system32\drivers\PnkBstrK.sys 2009-01-25 11:27 202,352 a------- c:\windows\system32\PnkBstrB.exe 2009-01-13 19:54 51,200 a------- c:\windows\inf\infpub.dat 2009-01-13 19:54 143,360 a------- c:\windows\inf\infstrng.dat 2009-01-13 19:54 86,016 a------- c:\windows\inf\infstor.dat 2008-12-20 16:00 66,872 a------- c:\windows\system32\PnkBstrA.exe 2008-12-20 07:51 107,888 a------- c:\windows\system32\CmdLineExt.dll 2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe 2008-12-11 23:22 159,989 a------- c:\windows\FlickrDown Uninstaller.exe 2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll 2008-12-02 14:07 203,264 a------- c:\windows\system32\BR01-94 Orange rubber strap.scr 2008-12-02 02:13 453,152 a------- c:\windows\system32\NVUNINST.EXE 2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe 2008-11-18 20:10 615,424 a------- c:\windows\system32\themeui.dll 2008-11-18 20:10 240,128 a------- c:\windows\system32\uxtheme.dll 2008-11-16 10:30 119,120 a------- c:\windows\dxsdkuninst.exe 2008-11-03 11:46 1,307,904 a------- c:\windows\system32\ooscrsav.scr 2008-11-03 11:45 730,368 a------- c:\windows\system32\oodsvct.exe 2008-11-03 11:45 1,332,480 a------- c:\windows\system32\oodag.exe 2008-11-03 11:45 2,540,800 a------- c:\windows\system32\oodtray.exe 2008-11-03 11:44 194,816 a------- c:\windows\system32\oodbs.exe 2008-11-03 11:42 951,552 a------- c:\windows\system32\oodtrrs.dll 2008-11-03 11:41 541,952 a------- c:\windows\system32\oodssrs.dll 2008-11-03 11:41 9,984 a------- c:\windows\system32\oodbsrs.dll 2008-11-03 11:41 15,616 a------- c:\windows\system32\oodagmg.dll 2008-11-03 11:41 8,448 a------- c:\windows\system32\oodagrs.dll 2008-11-01 03:44 52,736 a------- c:\windows\apppatch\iebrshim.dll 2008-11-01 03:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll 2008-11-01 03:44 541,696 a------- c:\windows\apppatch\AcLayers.dll 2008-11-01 03:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll 2008-11-01 03:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2008-11-01 03:44 28,672 a------- c:\windows\system32\Apphlpdm.dll 2008-11-01 01:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 a------- c:\windows\explorer.exe 2008-10-28 09:41 14,303,392 a------- c:\windows\system32\xlive.dll 2008-10-28 09:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll 2008-10-23 11:04 20 ----h--- c:\programdata\PKP_DLea.DAT 2008-10-23 11:04 20 ----h--- c:\progra~2\PKP_DLea.DAT 2008-10-22 22:13 20 ----h--- c:\programdata\PKP_DLbz.DAT 2008-10-22 22:13 20 ----h--- c:\progra~2\PKP_DLbz.DAT 2008-10-22 22:05 20 ----h--- c:\programdata\PKP_DLbx.DAT 2008-10-22 22:05 20 ----h--- c:\progra~2\PKP_DLbx.DAT 2008-10-22 21:32 20 ----h--- c:\programdata\PKP_DLck.DAT 2008-10-22 21:32 20 ----h--- c:\progra~2\PKP_DLck.DAT 2008-08-26 13:03 22,328 a------- c:\users\adam\appdata\roaming\PnkBstrK.sys 2008-08-22 13:41 27,240 a------- c:\users\adam\appdata\roaming\nvModes.dat 2008-08-19 08:41 174 a--sh--- c:\program files\desktop.ini 2008-08-19 08:31 665,600 a------- c:\windows\inf\drvindex.dat 2006-11-08 09:47 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-08 09:47 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-08 09:47 116,540 a------- c:\windows\inf\perflib\0404\perfi.dat 2006-11-08 09:47 116,540 a------- c:\windows\inf\perflib\0404\perfh.dat 2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0404\perfd.dat 2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0404\perfc.dat 2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2008-08-19 11:49 61 ---sh--- c:\windows\cnerolf.bin 2008-08-18 18:35 76 ---shr-- c:\windows\CT4CET.bin 2008-09-26 18:47 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2008-09-26 18:47 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-09-26 18:47 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat ============= FINISH: 20:57:06.59 =============== This post has been edited by Orange Blossom*: Jan 25 2009, 09:24 PM Reason for edit: Merged topics. ~ OB

Hoov View Member Profile	Feb 6 2009, 03:34 PM Post #5
Forum Addict Group: Malware Response Team Posts: 3,482 Joined: 5-January 09 From: Mikado Michigan Member No.: 278,689	Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scans: Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine. On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. If you have a router, then when the computer is restarting, unhook the router from the internet, then do a reset of the router, and then when the computer and router are back up, make sure you change the default password with a strong password. If you have just an external modem, just unplug the power from it, wait 2 minutes, then plug it back in. * Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.com DDS.scr DDS.pif * Double click on the DDS icon, allow it to run. * A small box will open, with an explaination about the tool. No input is needed, the scan is running. * Notepad will open with the results, click no to the Optional_Scan * Follow the instructions that pop up for posting the results. * Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE After your response, someone will be with you soon. -------------------- Visiting From SpywareHammer.com and DonHoover.net Tilting at windmills hurts you more than the windmills. -From the Notebooks of Lazarus Long Senior of the Howard Families

Hoov View Member Profile	Feb 18 2009, 05:26 PM Post #6
Forum Addict Group: Malware Response Team Posts: 3,482 Joined: 5-January 09 From: Mikado Michigan Member No.: 278,689	This thread is closed due to inactivity. If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread. -------------------- Visiting From SpywareHammer.com and DonHoover.net Tilting at windmills hurts you more than the windmills. -From the Notebooks of Lazarus Long Senior of the Howard Families

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 2nd September 2010 - 05:54 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides