Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Found And Other Problems


  • This topic is locked This topic is locked
9 replies to this topic

#1 rufmarine

rufmarine

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 26 August 2008 - 06:47 AM

This has been a problem for a few months now. Back in May my computer starting to lag real bad just doing simple things like opening applications, my mouse started to pause every three seconds and video would pause every three seconds with it. It was like there was a process running in the background because the pausing would only last for a minute or so then it would stop until i tried to play a video on youtube, opened an application, or even played a dvd.

Just recently my desktop and taskbar have started disappearing and reappearing after start up. Ive ran the suggested scans and I did find a few tracker programs as well as Virtumonde.dll. According to spybot and ad aware they are removed but comp is still doing the same thing, not as bad i have to admit but not like it should be. I should add that I did install 2g of memory and a new video card but this was after the other crap started.

Ive tried to do a system recovery but it doesnt work, i get the," not a cdrom drive error". Thank you for any help you can provide.
Here is my Hyjackthis Log.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:23 AM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {92DD2647-FEDB-487C-B3CC-8A9B15083420} - C:\WINDOWS\system32\hgGwVLDu.dll (file missing)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6586 bytes

BC AdBot (Login to Remove)

 


#2 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 04 September 2008 - 05:43 AM

Hello rufmarine,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.


White Warrior

#3 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 05 September 2008 - 07:31 PM

Hello rufmarine. Welcome to Bleeping Computer.
  • Download random's system information tool (RSIT) by random/random from
    here and save it to your Desktop.
  • Double click on RSIT.exe
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your Desktop.
  • Copy and Paste that information in your next post.

White Warrior

#4 rufmarine

rufmarine
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 06 September 2008 - 06:59 AM

Thank you very much White Warrior, here is my RSIT Log and info txt.


RSIT Log:


Logfile of random's system information tool (written by random/random)
Run by carlos at 2008-09-06 06:55:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 67 GB (42%) free of 157 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:07 AM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\carlos\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\carlos.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {92DD2647-FEDB-487C-B3CC-8A9B15083420} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7198 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92DD2647-FEDB-487C-B3CC-8A9B15083420}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 工具列 - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"=C:\WINDOWS\system32\sstray.exe [2003-09-02 73728]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-04-19 1626112]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968]
"2Wire Wireless Manager"=C:\Program Files\2Wire Wireless Manager\2Wire.exe [2007-10-01 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-06-10 1447168]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35CFE9B1-81C2-4D01-A350-A759292AD7FC}"= []
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\geBtUopO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:猥orrent"
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\THQ\Dawn of War\W40k.exe"="C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40K"
"C:\Program Files\THQ\Dawn of War\W40kWA.exe"="C:\Program Files\THQ\Dawn of War\W40kWA.exe:*:Enabled:W40kWA"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE"="C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC"
"C:\Documents and Settings\carlos\My Documents\Downloads\avast.4.Professional.Edition.v4.8.1229.Incl.Keygen-SND\setupengpro.exe"="C:\Documents and Settings\carlos\My Documents\Downloads\avast.4.Professional.Edition.v4.8.1229.Incl.Keygen-SND\setupengpro.exe:*:Enabled:Windows Application Service"
"C:\Documents and Settings\carlos\My Documents\Downloads\avast.4.Professional.Edition.v4.8.1229.Incl.Keygen-SND\Keygen-SND\AvastKeygen.exe"="C:\Documents and Settings\carlos\My Documents\Downloads\avast.4.Professional.Edition.v4.8.1229.Incl.Keygen-SND\Keygen-SND\AvastKeygen.exe:*:Enabled:Windows Application Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6198b932-2df1-11dd-af8f-e2241c5ecae2}]
shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caf8edcf-74a6-11dd-bbc6-001e37c843a7}]
shell\AutoRun\command - LinksysConnectPC.exe


List of files/folders created in the last three months

2008-09-06 06:55:41 ----D---- C:\rsit
2008-09-04 12:32:48 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-09-02 08:11:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-31 13:41:27 ----A---- C:\WINDOWS\system32\d3dx9.dll
2008-08-31 13:41:27 ----A---- C:\WINDOWS\system32\D3DX81ab.dll
2008-08-31 13:41:17 ----D---- C:\Program Files\Cheat Engine
2008-08-28 23:44:09 ----D---- C:\Program Files\Daniusoft
2008-08-28 23:13:23 ----D---- C:\Converted
2008-08-26 13:50:51 ----D---- C:\Program Files\iPod
2008-08-26 13:50:23 ----D---- C:\Program Files\iTunes
2008-08-26 13:47:54 ----D---- C:\Program Files\Bonjour
2008-08-26 06:25:18 ----D---- C:\Program Files\Trend Micro
2008-08-25 15:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-08-25 15:25:07 ----D---- C:\Program Files\ESET
2008-08-25 15:05:32 ----D---- C:\WINDOWS\BDOSCAN8
2008-08-25 15:03:51 ----A---- C:\WINDOWS\wininit.ini
2008-08-25 13:56:40 ----D---- C:\Documents and Settings\carlos\Application Data\Windows Search
2008-08-25 07:55:35 ----ASH---- C:\WINDOWS\system32\OpoUtBeg.ini
2008-08-25 07:25:50 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-25 06:38:35 ----D---- C:\VundoFix Backups
2008-08-25 06:38:35 ----A---- C:\VundoFix.txt
2008-08-25 06:34:03 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-25 06:34:03 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-25 06:34:03 ----A---- C:\WINDOWS\system32\java.exe
2008-08-25 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-08-24 16:08:22 ----D---- C:\Documents and Settings\carlos\Application Data\Windows Desktop Search
2008-08-24 15:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$
2008-08-24 15:34:24 ----D---- C:\Program Files\Windows Desktop Search
2008-08-24 15:34:21 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-08-24 15:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-08-24 15:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-08-24 15:31:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-08-24 15:29:06 ----D---- C:\Program Files\Windows Media Connect 2
2008-08-24 15:27:10 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-08-24 15:14:18 ----D---- C:\WINDOWS\NV29203176.TMP
2008-08-24 15:13:23 ----D---- C:\WINDOWS\NV29203960.TMP
2008-08-24 14:57:04 ----D---- C:\Program Files\Lavasoft
2008-08-24 14:56:43 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-23 06:55:17 ----D---- C:\Program Files\QuickTime Alternative
2008-08-23 05:19:30 ----A---- C:\WINDOWS\system32\93c1bac1-.txt
2008-08-23 05:11:48 ----D---- C:\Program Files\Alwil Software
2008-08-22 21:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-22 21:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-22 21:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-22 21:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-22 21:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-22 21:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-22 21:25:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-22 13:46:03 ----A---- C:\WINDOWS\smartkeydiagnostics.txt
2008-08-22 13:45:33 ----D---- C:\Documents and Settings\carlos\Application Data\2Wire
2008-08-22 13:28:00 ----D---- C:\Documents and Settings\All Users\Application Data\2Wire
2008-08-22 13:27:59 ----D---- C:\Program Files\2Wire Wireless Manager
2008-08-22 13:26:19 ----A---- C:\WINDOWS\system32\ZDPN50.DLL
2008-08-22 13:26:12 ----D---- C:\Program Files\2WIRE, Inc
2008-08-22 13:26:12 ----A---- C:\WINDOWS\system32\ZyDelReg.exe
2008-08-22 13:26:12 ----A---- C:\WINDOWS\system32\InsDrvZD64.DLL
2008-08-22 13:26:12 ----A---- C:\WINDOWS\system32\InsDrvZD.dll
2008-08-21 08:12:40 ----D---- C:\Program Files\AVG
2008-08-21 07:51:09 ----A---- C:\WINDOWS\system32\TUKernel.exe
2008-08-17 05:41:56 ----D---- C:\Program Files\Xilisoft
2008-08-15 12:58:56 ----D---- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-08-15 12:56:47 ----D---- C:\Program Files\Buildalot 2 Town Of The Year
2008-07-30 09:29:07 ----D---- C:\Program Files\LimeWire
2008-07-28 08:51:37 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-07-28 08:51:37 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-07-28 08:51:37 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-07-28 08:51:35 ----D---- C:\Program Files\Real Alternative
2008-07-28 08:51:35 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2008-07-25 22:49:17 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-25 22:49:11 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2008-07-25 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-19 15:41:43 ----D---- C:\Program Files\Microsoft Office
2008-07-19 15:41:38 ----D---- C:\~MSSETUP.T
2008-07-19 15:41:27 ----D---- C:\Program Files\Maxis
2008-07-18 20:48:33 ----D---- C:\Documents and Settings\carlos\Application Data\WinAVI
2008-07-18 19:24:05 ----D---- C:\Documents and Settings\carlos\Application Data\TuneUp Software
2008-07-18 19:23:30 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-18 19:23:10 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-07-17 03:01:12 ----A---- C:\WINDOWS\imsins.BAK
2008-07-17 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-07-16 08:30:08 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-16 08:24:04 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2008-07-16 08:24:04 ----A---- C:\WINDOWS\system32\nvrszht.dll
2008-07-16 08:24:03 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2008-07-16 08:24:03 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2008-07-16 08:24:02 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2008-07-16 08:24:02 ----A---- C:\WINDOWS\system32\nvrstr.dll
2008-07-16 08:24:01 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2008-07-16 08:24:01 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2008-07-16 08:24:01 ----A---- C:\WINDOWS\system32\nvrssv.dll
2008-07-16 08:24:01 ----A---- C:\WINDOWS\system32\nvrssl.dll
2008-07-16 08:24:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2008-07-16 08:24:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2008-07-16 08:24:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
2008-07-16 08:24:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
2008-07-16 08:23:59 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2008-07-16 08:23:59 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2008-07-16 08:23:59 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2008-07-16 08:23:59 ----A---- C:\WINDOWS\system32\nvrspt.dll
2008-07-16 08:23:58 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2008-07-16 08:23:58 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2008-07-16 08:23:58 ----A---- C:\WINDOWS\system32\nvrspl.dll
2008-07-16 08:23:58 ----A---- C:\WINDOWS\system32\nvrsno.dll
2008-07-16 08:23:57 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2008-07-16 08:23:57 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2008-07-16 08:23:56 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvrsko.dll
2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvrsja.dll
2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvrsit.dll
2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvrshu.dll
2008-07-16 08:23:55 ----A---- C:\WINDOWS\system32\nvrshe.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrses.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrses.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrseng.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsel.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsde.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsda.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrscs.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvrsar.dll
2008-07-16 08:23:53 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-07-16 08:23:49 ----D---- C:\WINDOWS\nview
2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nview.dll
2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-07-16 08:23:49 ----A---- C:\WINDOWS\system32\keystone.exe
2008-07-16 08:22:32 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-07-16 08:22:26 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-07-16 08:22:13 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-07-16 08:22:12 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-07-16 08:22:11 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-07-16 08:22:10 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-07-16 08:22:10 ----A---- C:\WINDOWS\system32\nvhwvid.dll
2008-07-16 08:21:46 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-07-16 08:21:42 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-07-16 08:21:42 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-07-16 08:21:41 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-07-16 08:21:37 ----D---- C:\WINDOWS\system32\EVGA
2008-07-15 14:35:36 ----D---- C:\Documents and Settings\carlos\Application Data\IObit
2008-07-02 23:20:31 ----D---- C:\Documents and Settings\carlos\Application Data\Apple Computer
2008-07-02 23:16:23 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-02 23:15:50 ----D---- C:\Program Files\Apple Software Update
2008-07-02 23:14:59 ----D---- C:\Program Files\Common Files\Apple
2008-07-02 23:14:58 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-02 18:30:28 ----D---- C:\Documents and Settings\carlos\Application Data\Uniblue
2008-06-26 08:11:08 ----D---- C:\WINDOWS\NV22003400.TMP
2008-06-25 06:56:04 ----D---- C:\Program Files\MSXML 4.0
2008-06-23 10:09:18 ----D---- C:\Program Files\ACW
2008-06-23 09:20:45 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-06-23 09:20:44 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-06-23 09:20:43 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-06-23 09:20:42 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-06-23 09:20:04 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-06-23 09:19:28 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-06-23 09:19:28 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-06-23 09:19:28 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-06-23 09:18:32 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-06-23 09:17:28 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-06-23 09:17:28 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-06-23 09:17:28 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-06-23 09:17:28 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-06-23 09:17:27 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-06-23 09:17:22 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-06-23 09:13:05 ----A---- C:\Documents and Settings\carlos\Application Data\SamsungLiveUpdateConfig.ini
2008-06-23 09:05:14 ----D---- C:\Program Files\SAMSUNG
2008-06-23 08:18:19 ----D---- C:\WINDOWS\system32\NtmsData
2008-06-20 10:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-19 21:42:09 ----D---- C:\Program Files\Real
2008-06-18 21:32:39 ----D---- C:\Documents and Settings\carlos\Application Data\SystemRequirementsLab
2008-06-18 12:04:33 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-17 18:20:49 ----D---- C:\Program Files\IObit
2008-06-15 12:26:00 ----D---- C:\Documents and Settings\carlos\Application Data\ESET
2008-06-15 08:48:19 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-14 08:40:45 ----D---- C:\Documents and Settings\carlos\Application Data\Command & Conquer 3 Tiberium Wars
2008-06-14 08:36:50 ----RHD---- C:\Documents and Settings\carlos\Application Data\SecuROM
2008-06-14 08:36:48 ----A---- C:\WINDOWS\system32CmdLineExt.dll
2008-06-14 08:25:21 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-06-14 08:25:12 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-06-13 13:17:44 ----D---- C:\My Documents
2008-06-12 13:00:16 ----D---- C:\Program Files\Java
2008-06-12 12:59:43 ----D---- C:\Program Files\Common Files\Java
2008-06-11 11:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-11 11:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-11 11:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-11 11:13:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$

List of drivers

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-06-10 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-05-26 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2005-07-22 231168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
R3 nvax;Service for NVIDIA nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 nvnforce;Service for NVIDIA nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-22 47360]
R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
R3 wsvad_driver;Daniusoft Audio Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [2008-07-16 20608]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 ddxgb;ddxgb; \??\C:\DOCUME~1\carlos\LOCALS~1\Temp\ddxgb.sys []
S3 DrmRDriverV32;DrmRDriverV32; C:\WINDOWS\system32\drivers\DrmRDriverV32.sys [2008-08-19 23096]
S3 DrmRVideo32;DrmRVideo32; C:\WINDOWS\system32\DRIVERS\DrmRVideo32.sys [2008-08-19 3768]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-03-04 53870]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-03-04 73134]
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2003-08-15 72771]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\drivers\wanatw.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-24 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-25 354560]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-06-10 19200]

-----------------EOF-----------------





RSIT Info:


info.txt logfile of random's system information tool 2008-09-06 06:56:13

Uninstall list

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2WIRE Wireless LAN - USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9
2Wire Wireless Manager-->MsiExec.exe /X{3CE11B98-C61C-4692-9E0E-59934761C3BE}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Buildalot 2 Town Of The Year-->"C:\Program Files\Buildalot 2 Town Of The Year\ReflexiveArcade\unins000.exe"
Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins000.exe"
ConvertXtoDVD 3.1.3.40-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Daniusoft Media Converter(Build 2.0.26.0)-->"C:\Program Files\Daniusoft\Media Converter\unins000.exe"
Dawn Of War - Winter Assault-->MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
DawnOfWar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
ESET NOD32 Antivirus-->MsiExec.exe /I{2204AF25-80E5-468E-B46D-795685B35DEB}
EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech MouseWare 9.76 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up -->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime Alternative 1.95-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Real Alternative 1.8.0-->"C:\Program Files\Real Alternative\unins000.exe"
Revo Uninstaller 1.71-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SimCity 3000 Unlimited-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000 Unlimited\DeIsL1.isu" -c"C:\Program Files\Maxis\SimCity 3000 Unlimited\_UnInstall.dll"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Video Editor-->C:\Program Files\Xilisoft\Video Editor\Uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! 工具列-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AV: ESET NOD32 Antivirus 3.0

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime Alternative\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Kaspersky log :


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 6, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 06, 2008 11:54:44
Records in database: 1197296
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
K:\
L:\
M:\
N:\
O:\

Scan statistics:
Files scanned: 62752
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:55:11


File name / Threat name / Threats count
C:\Documents and Settings\carlos\My Documents\LimeWire\Incomplete\Preview-T-3545425-coffee break procussions.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\carlos\My Documents\LimeWire\Incomplete\Preview-T-5745425-shabach procussions.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\carlos\My Documents\LimeWire\Incomplete\T-3545425-coffee break procussions.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\carlos\My Documents\LimeWire\Incomplete\T-5745425-shabach procussions.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\VundoFix Backups\hgGwVLDu.dll.bad Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.



Hmm, i see limewire is part of the problem, i shall be getting rid of that program immediatly

Edited by rufmarine, 06 September 2008 - 10:16 AM.


#5 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 10 September 2008 - 09:31 PM

Hello rufmarine

Sorry for the delay.

Before we begin, please save these instructions in Notepad to your Desktop, or print them, for easy reference.

Hmm, i see limewire is part of the problem, i shall be getting rid of that program immediately


This is a good idea.

This program is very likely the reason your system is infested with malware. Even when a program like this is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove this programs from your system.

If you use P2P software, make sure you are careful about what you open and what P2P program you install. Malware is all over the P2P networks and the programs often come bundled with Adware and Spyware.

Further readings of interest in regards to the p2p "issue" are: http://pcpitstop.com/spycheck/p2p.asp and this:
http://pcpitstop.com/spycheck/badtorrent.asp

I noticed keygen/cracks in your log.
This entry: C:\Documents and Settings\carlos\My Documents\Downloads\avast.4.Professional.Edition.v4.8.1229.Incl.Keygen-SND

Crack, keygen and pirate sites are places some folks go to look for keys and workarounds to illegally use products rather than buy them. In many cases, these sites are infested with a sm顤g廛bord of malware and an increasing source of system infection. They can lead to other sites containing more malware which you can inadvertently download without knowledge or consent. In some instances an infection may cause so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

Now, please re-open HijackThis and choose Do a system scan only. Check the boxes next to ONLY the entries listed below:

O2 - BHO: (no name) - {92DD2647-FEDB-487C-B3CC-8A9B15083420} - C:\WINDOWS\system32\hgGwVLDu.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)


Now close all windows other than HijackThis, including browsers, so that nothing other than HijackThis is open, then click Fix checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Reboot the computer.

Please click on Start > Control Panel > Add or Remove Programs and uninstall the following programs (if present):

LimeWire 4.18.3

Please note any other programs that you don't recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\VundoFix Backups
C:\RSIT
C:\Program Files\LimeWire
C:\Documents and Settings\carlos\My Documents\Downloads\avast.4

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\VundoFix.txt

When you are finished, please reboot the computer normally.

Please Post a new HJT log, and tell me how the computer is performing now.



White Warrior

#6 rufmarine

rufmarine
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 12 September 2008 - 04:13 PM

Thank you for your help White warrior, Here is my recent HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:39 PM, on 9/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6783 bytes


I'm still getting the weird pauses on my computer, especially when I watch videos or open the internet and programs. My thought is that this is caused partly by the old processor in my computer not being able to handle my new video card, memory, and the new programs that are currently available on the market. Thank you again for your help.

#7 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 16 September 2008 - 01:15 AM

Hello rufmarine

Good job. Your log looks clean.

Now, I suggest you reset System Restore to make sure there are no infected files found in a restore point that was created earlier.

[*]Click Start->Programs->Accessories->System Tools, click Disk Cleanup
[/list]Disk Cleanup will open and begin to calculate the amount of space that can be freed.
Once that is finished it will open the Disk Cleanup options screen.
Click the More Options tab, then click Clean up on the System Restore area and choose Yes at the confirmation window which will remove all previous restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files.
Click OK then choose Yes on the confirmation window.

I'm still getting the weird pauses on my computer


PCPitStop: This site: here will run a diagonistic scan of your computer, and generate a report.
You can then use this information whenever and wherever you wish.

Please read the following suggestions to make your computer more secure, and to help prevent possible future infections.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windows Update regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.



Glad I was able to help.

White Warrior.

#8 rufmarine

rufmarine
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 16 September 2008 - 06:22 PM

Ty very much for all your help White Warrior, I appreciate it :thumbsup:

#9 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 16 September 2008 - 06:36 PM

Hello rufmarine

You are welcome


White Warrior

#10 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia

Posted 21 September 2008 - 04:05 AM

As the problem here seems to be resolved this topic is now closed.
To get it reopened PM a staff member with the address of this thread.
This applies to the topic starter only, everyone else with similar problems start a new topic.

Glad we could help :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users