Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches redirect to google custom searches engine


  • This topic is locked This topic is locked
5 replies to this topic

#1 BabyMilo

BabyMilo

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 24 January 2009 - 06:20 PM

I am getting some system files responding as Win32.Banker. Like many others, google is a problem for me! When i ever perform a google search, it redirects me to google custom search with both ie and firefox. When i look up the web script, it comes up with unrealable letters when is not right. And it often shut itself down when i lookup google redirecting to ... Please ask if you need extra details!

Thanks for helping me in advance!

Well, here is the Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:11, on 24/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\drivers\csrss.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
K:\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\drivers\csrss.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Microsoft - {37566535-A634-5164-5467-5A56453BD4FA} - C:\Windows\freesoft_adw.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ParadialRealTun] "C:\Program Files\Paradial\RealTunnel\rtunnel.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = ?SystemRoot%\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SYSTEM32\astsrv.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9213 bytes

Thanks again!

Edited by BabyMilo, 24 January 2009 - 06:43 PM.


BC AdBot (Login to Remove)

 


#2 BabyMilo

BabyMilo
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 24 January 2009 - 06:29 PM

info.txt logfile of random's system information tool 1.05 2009-01-24 23:26:02

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{AFD5ED58-271A-4907-96C2-2745C83BB035}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0404-0000-0000000FF1CE} /uninstall {6197A9A1-87C4-4899-80A7-C555C31F95E4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0028-0404-0000-0000000FF1CE} /uninstall {5CE74E24-2E09-4547-A1E0-354688209BBA}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0404-0000-0000000FF1CE} /uninstall {85AA1E0E-550A-4C3B-80CE-27CD8E172608}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0404-0000-0000000FF1CE} /uninstall {327A849D-1627-4C07-8B62-C5364804968F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->C:\Program Files\Common Files\Adobe\Installers\05ba3a63f36684fe0c5dde2ebe6f8f5\Setup.exe
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Photoshop Lightroom 2.2-->MsiExec.exe /I{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}
Adobe Reader 8.1.3 - Chinese Traditional-->MsiExec.exe /I{AC76BA86-7AD7-1028-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{56B8B892-317E-4FDE-9E4D-44B189848A27}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe SING CS3-->MsiExec.exe /I{3F9B2FD2-1C83-4401-9967-C3636638E958}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Alien Skin Bokeh-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\Bokeh\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\Bokeh\INSTALL.LOG
America's Army-->MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BR01-94 Orange rubber strap Screen Saver-->C:\Windows\system32\BR01-94 Orange rubber strap.scr /u
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
DELL Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
DELL Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DVD Region+CSS Free 5.9.8.5-->"C:\Program Files\DVD Region+CSS Free\unins000.exe"
ESET NOD32 Antivirus-->MsiExec.exe /I{C082ECE3-DF55-426B-BBE9-E299CA184F82}
FlashGet 1.9.4.1063-->C:\Program Files\FlashGet\uninst.exe
FlickrDown-->C:\Windows\FlickrDown Uninstaller.exe
FocalPoint 1.0-->"C:\Program Files\InstallShield Installation Information\{9EB46587-4354-411C-BBAC-A9BBB2131F3D}\setup.exe" -runfromtemp -l0x0009 -uninst -removeonly
Genuine Fractals 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9 -uninst -removeonly
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"E:\Downloads\Downloads\HijackThis.exe" /uninstall
Intel® PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
Intellihance Pro 4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C7FDDF-8D18-4B29-B81A-CDA512093274}\setup.exe" -l0x9 -uninst -removeonly
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 4.1.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Laptop Integrated Webcam Driver (1.00.10.0320) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Mask Pro 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DFAC810-6DD8-4E23-96A4-BEB118408203}\setup.exe" -l0x9 -uninst -removeonly
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Access MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0015-0404-0000-0000000FF1CE}
Microsoft Office Excel MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0016-0404-0000-0000000FF1CE}
Microsoft Office IME (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0028-0404-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0044-0404-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-001A-0404-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0018-0404-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-001F-0404-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-002C-0404-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0019-0404-0000-0000000FF1CE}
Microsoft Office Shared MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-006E-0404-0000-0000000FF1CE}
Microsoft Office Word MUI (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-001B-0404-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
Need for Speed? Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NFSNation Undercover Save Editor-->C:\Program Files\NFSNation\Undercover Save Editor\Uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX v8.08.18-->MsiExec.exe /X{AFD5ED58-271A-4907-96C2-2745C83BB035}
O&O Defrag Professional-->MsiExec.exe /I{F530581E-12FE-43B4-A28D-E5257AAD63E6}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoFrame Pro 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F073685-ADDB-4D5A-98E9-0F795989A57F}\setup.exe" -l0x9 -uninst -removeonly
PhotoPresets with One-Click WOW! for Adobe Camera Raw-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB083118-49ED-4CD7-8CE8-241C1F958E2C}\setup.exe" -l0x9 -uninst -removeonly
PhotoPresets with One-Click WOW!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{235674B0-A35F-4811-8A8F-E8F42A919EA3}\setup.exe" -l0x9 -uninst -removeonly
PhotoTools 1.0 Professional Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B01DD5B7-9862-43D7-BCA3-7882A17E4328}\setup.exe" -l0x9 -uninst -removeonly
PhotoTune 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C723788-585C-4537-92AC-CF616209197C}\setup.exe" -l0x9 -uninst -removeonly
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickSet-->MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Real Alternative 1.8.2-->"C:\Program Files\Real Alternative\unins000.exe"
RealTunnel-->C:\Program Files\Paradial\RealTunnel\uninst.exe
RivaTuner v2.09-->"C:\Program Files\RivaTuner v2.09\uninstall.exe"
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SWAT 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Torrent Harvester-->C:\Program Files\Torrent Harvester\uninstall.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
VistaGlazz 1.1-->"C:\Program Files\CodeGazer\VistaGlazz\unins000.exe"
VP6 Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}\Setup.exe" -l0x9
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{4FDDC592-3089-4510-A891-FB492B9CF37C}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Messenger-->MsiExec.exe /X{5C91A37F-64AC-4C9A-A6DB-06D7E56E101D}
Windows Live 上載工具-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live 登入小幫手-->MsiExec.exe /I{750C7476-9A2D-4996-BA43-11946B28B3BE}
Windows Live 程式集-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live 程式集-->MsiExec.exe /I{4B0F63DE-E54F-46C4-B32B-F2211373D3D1}
Windows 音效配置-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR 壓縮工具-->C:\Program Files\WinRAR\uninstall.exe
Your Freedom-->"C:\Program Files\Your Freedom\uninstall.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: ESET NOD32 Antivirus 3.0
AS: ESET NOD32 Antivirus 3.0
AS: Windows Defender

System event log

Computer Name: Adam-PC
Event Code: 7036
Message: WinHTTP Web Proxy Auto-Discovery Service 服務已進入 執行中 狀態。
Record Number: 89892
Source Name: Service Control Manager
Time Written: 20090124230047.000000-000
Event Type: 資訊
User:

Computer Name: Adam-PC
Event Code: 10029
Message: DCOM 啟動了含有引數 "" 的服務 TrustedInstaller,以執行伺服器:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 89893
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090124230525.000000-000
Event Type: 資訊
User:

Computer Name: Adam-PC
Event Code: 7036
Message: Windows Modules Installer 服務已進入 執行中 狀態。
Record Number: 89894
Source Name: Service Control Manager
Time Written: 20090124230526.000000-000
Event Type: 資訊
User:

Computer Name: Adam-PC
Event Code: 7036
Message: Windows Modules Installer 服務已進入 停止 狀態。
Record Number: 89895
Source Name: Service Control Manager
Time Written: 20090124231526.000000-000
Event Type: 資訊
User:

Computer Name: Adam-PC
Event Code: 7036
Message: WinHTTP Web Proxy Auto-Discovery Service 服務已進入 停止 狀態。
Record Number: 89896
Source Name: Service Control Manager
Time Written: 20090124231717.000000-000
Event Type: 資訊
User:

Application event log

Computer Name: Adam-PC
Event Code: 1000
Message: WmiApRpl (WmiApRpl) 服務的效能計數器已順利載入。Data 區段中的 Record Data 包含指派給此服務的新索引值。
Record Number: 23094
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090124224750.000000-000
Event Type: 資訊
User:

Computer Name: Adam-PC
Event Code: 1000
Message: 失敗的應用程式 iexplore.exe,版本 7.0.6001.18000,時間戳記 0x47918f11,失敗的模組 unknown,版本 0.0.0.0,時間戳記 0x00000000,例外狀況碼 0xc00000fd,錯誤位移 0x104641dc, 處理程序識別碼 0x172c,應用程式開始時間 0x01c97e7629b200a2。
Record Number: 23095
Source Name: Application Error
Time Written: 20090124225137.000000-000
Event Type: 錯誤
User:

Computer Name: Adam-PC
Event Code: 1000
Message: 失敗的應用程式 iexplore.exe,版本 7.0.6001.18000,時間戳記 0x47918f11,失敗的模組 kernel32.dll,版本 6.0.6001.18000,時間戳記 0x4791a76d,例外狀況碼 0xc00000fd,錯誤位移 0x00028d99, 處理程序識別碼 0xe3c,應用程式開始時間 0x01c97e76a9fe1692。
Record Number: 23096
Source Name: Application Error
Time Written: 20090124225557.000000-000
Event Type: 錯誤
User:

Computer Name: Adam-PC
Event Code: 1001
Message: WmiApRpl (WmiApRpl) 服務的效能計數器已順利移除。Record Data 包含新的系統 Last Counter 及 Last Help 登錄項目值。
Record Number: 23097
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090124230825.000000-000
Event Type: 資訊
User:

Computer Name: Adam-PC
Event Code: 1000
Message: WmiApRpl (WmiApRpl) 服務的效能計數器已順利載入。Data 區段中的 Record Data 包含指派給此服務的新索引值。
Record Number: 23098
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090124230825.000000-000
Event Type: 資訊
User:

Security event log

Computer Name: Adam-PC
Event Code: 5038
Message: 程式碼完整性已經判斷檔案的映像雜湊不正確。檔案可能因為未授權的修改而損毀,或不正確的雜湊表示潛在的磁碟裝置錯誤。

檔案名稱: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 46440
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090124232558.848792-000
Event Type: 稽核失敗
User:

Computer Name: Adam-PC
Event Code: 5038
Message: 程式碼完整性已經判斷檔案的映像雜湊不正確。檔案可能因為未授權的修改而損毀,或不正確的雜湊表示潛在的磁碟裝置錯誤。

檔案名稱: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 46441
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090124232558.879992-000
Event Type: 稽核失敗
User:

Computer Name: Adam-PC
Event Code: 5038
Message: 程式碼完整性已經判斷檔案的映像雜湊不正確。檔案可能因為未授權的修改而損毀,或不正確的雜湊表示潛在的磁碟裝置錯誤。

檔案名稱: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 46442
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090124232558.926792-000
Event Type: 稽核失敗
User:

Computer Name: Adam-PC
Event Code: 5038
Message: 程式碼完整性已經判斷檔案的映像雜湊不正確。檔案可能因為未授權的修改而損毀,或不正確的雜湊表示潛在的磁碟裝置錯誤。

檔案名稱: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 46443
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090124232558.957992-000
Event Type: 稽核失敗
User:

Computer Name: Adam-PC
Event Code: 5038
Message: 程式碼完整性已經判斷檔案的映像雜湊不正確。檔案可能因為未授權的修改而損毀,或不正確的雜湊表示潛在的磁碟裝置錯誤。

檔案名稱: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 46444
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090124232558.989192-000
Event Type: 稽核失敗
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Users\Adam\Documents\VistaMaster;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by Adam at 2009-01-24 23:25:55
MicrosoftR Windows Vista? Ultimate Service Pack 1
System drive C: has 12 GB (32%) free of 38 GB
Total RAM: 2045 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:59, on 24/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\drivers\csrss.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
K:\Downloads\HijackThis.exe
C:\Windows\system32\cmd.exe
C:\Downloads\RSIT.exe
K:\Downloads\Adam.exe
C:\Windows\system32\DllHost.exe

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\drivers\csrss.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Microsoft - {37566535-A634-5164-5467-5A56453BD4FA} - C:\Windows\freesoft_adw.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ParadialRealTun] "C:\Program Files\Paradial\RealTunnel\rtunnel.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = ?SystemRoot%\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SYSTEM32\astsrv.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7328 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37566535-A634-5164-5467-5A56453BD4FA}]
Microsoft - C:\Windows\freesoft_adw.dll [2008-12-31 70656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-08-08 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live 登入小幫手 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 857648]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-03-21 1548288]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-15 1402112]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-02-01 36864]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-05-06 405504]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe [2008-04-28 24576]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-02 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-02 92704]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"ParadialRealTun"=C:\Program Files\Paradial\RealTunnel\rtunnel.exe [2006-02-21 385024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe [2007-09-11 1998896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
C:\Windows\system32\nvHotkey.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
C:\Windows\OEM02Mon.exe [2007-02-01 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe [2008-11-03 2540800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParadialRealTun]
C:\Program Files\Paradial\RealTunnel\rtunnel.exe [2006-02-21 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2008-08-08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk]
[]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-08-09 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"EnableLUA"=0
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e92003c-6fd5-11dd-83d3-0021706faa25}]
shell\Auto\command - avp.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL avp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e18d1b4-8437-11dd-9871-0021706faa25}]
shell\AutoRun\command - H:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ad963da-cb46-11dd-b077-0021706faa25}]
shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84f77d0-8b99-11dd-95ed-0021706faa25}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84f77e3-8b99-11dd-95ed-0021706faa25}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9108043-7ffd-11dd-964d-0021706faa25}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-01-24 23:25:55 ----D---- C:\rsit
2009-01-24 22:53:23 ----A---- C:\up23494.exe
2009-01-24 22:52:22 ----A---- C:\up65702.exe
2009-01-24 21:42:00 ----A---- C:\Users\Adam\AppData\Roaming\SetValue.bat
2009-01-24 21:42:00 ----A---- C:\Users\Adam\AppData\Roaming\GetValue.vbs
2009-01-24 21:40:35 ----A---- C:\Windows\system32\tmp.txt
2009-01-24 21:38:47 ----A---- C:\Windows\system32\WS2Fix.exe
2009-01-24 21:38:47 ----A---- C:\Windows\system32\VCCLSID.exe
2009-01-24 21:38:47 ----A---- C:\Windows\system32\VACFix.exe
2009-01-24 21:38:47 ----A---- C:\Windows\system32\o4Patch.exe
2009-01-24 21:38:47 ----A---- C:\Windows\system32\IEDFix.exe
2009-01-24 21:38:47 ----A---- C:\Windows\system32\IEDFix.C.exe
2009-01-24 21:38:47 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe
2009-01-24 21:38:47 ----A---- C:\Windows\system32\404Fix.exe
2009-01-24 21:38:46 ----A---- C:\Windows\system32\swxcacls.exe
2009-01-24 21:38:46 ----A---- C:\Windows\system32\swsc.exe
2009-01-24 21:38:46 ----A---- C:\Windows\system32\swreg.exe
2009-01-24 21:38:46 ----A---- C:\Windows\system32\SrchSTS.exe
2009-01-24 21:38:46 ----A---- C:\Windows\system32\Process.exe
2009-01-24 21:38:46 ----A---- C:\Windows\system32\dumphive.exe
2009-01-15 21:45:18 ----A---- C:\Windows\system32\CmdLineExt03.dll
2009-01-13 19:54:18 ----D---- C:\Program Files\ATITool
2009-01-10 14:31:19 ----D---- C:\Program Files\Microsoft
2009-01-10 14:31:03 ----D---- C:\Program Files\Windows Live SkyDrive
2009-01-10 14:22:47 ----D---- C:\Program Files\Common Files\Windows Live
2009-01-03 14:35:21 ----A---- C:\Windows\system32\GEARAspi.dll
2009-01-03 14:35:20 ----DC---- C:\Windows\system32\DRVSTORE
2009-01-03 14:34:52 ----D---- C:\Program Files\iPod
2009-01-03 14:34:51 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-03 14:34:51 ----D---- C:\Program Files\iTunes
2009-01-03 14:32:32 ----D---- C:\Program Files\QuickTime
2009-01-03 14:31:10 ----D---- C:\Program Files\Apple Software Update
2009-01-02 18:52:34 ----A---- C:\Windows\system32\nvwssr.dll
2009-01-02 18:52:33 ----A---- C:\Windows\system32\nvvitvsr.dll
2009-01-02 18:52:33 ----A---- C:\Windows\system32\nvmoblsr.dll
2009-01-02 18:52:33 ----A---- C:\Windows\system32\nvmccssr.dll
2009-01-02 18:52:33 ----A---- C:\Windows\system32\nvgamesr.dll
2009-01-02 18:52:33 ----A---- C:\Windows\system32\nvdispsr.dll
2008-12-31 17:50:54 ----D---- C:\Users\Adam\AppData\Roaming\Alien Skin
2008-12-31 17:47:09 ----D---- C:\Program Files\Alien Skin
2008-12-31 17:28:21 ----A---- C:\Windows\freesoft_adw.dll

======List of files/folders modified in the last 1 months======

2009-01-24 23:25:59 ----D---- C:\Windows\Temp
2009-01-24 23:25:47 ----RD---- C:\Downloads
2009-01-24 23:08:25 ----D---- C:\Windows\System32
2009-01-24 23:08:25 ----D---- C:\Windows\inf
2009-01-24 23:08:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-24 23:07:06 ----D---- C:\Program Files\Mozilla Firefox
2009-01-24 23:06:52 ----D---- C:\Users\Adam\AppData\Roaming\Mozilla
2009-01-24 22:46:53 ----AD---- C:\ProgramData\TEMP
2009-01-24 22:45:21 ----D---- C:\Program Files\SpywareBlaster
2009-01-24 21:07:52 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-01-24 20:21:53 ----D---- C:\Program Files\FlashGet
2009-01-24 20:16:49 ----SHD---- C:\System Volume Information
2009-01-24 20:12:48 ----D---- C:\Windows\Debug
2009-01-24 14:29:34 ----D---- C:\Windows\system32\drivers
2009-01-24 11:20:00 ----A---- C:\Windows\NeroDigital.ini
2009-01-21 18:53:08 ----AD---- C:\Windows
2009-01-18 00:00:22 ----D---- C:\Windows\system32\catroot2
2009-01-15 21:43:53 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-15 21:42:16 ----SHD---- C:\Windows\Installer
2009-01-14 22:01:30 ----D---- C:\Program Files\Common Files\Adobe
2009-01-14 22:01:26 ----D---- C:\ProgramData\Adobe
2009-01-14 22:01:04 ----D---- C:\Program Files\Adobe
2009-01-14 20:03:52 ----D---- C:\Windows\winsxs
2009-01-14 19:54:19 ----D---- C:\Windows\system32\catroot
2009-01-14 19:54:16 ----D---- C:\Program Files\Windows Mail
2009-01-14 19:54:12 ----D---- C:\ProgramData\Microsoft Help
2009-01-13 19:54:18 ----RD---- C:\Program Files
2009-01-13 19:42:49 ----A---- C:\Windows\avisplitter.INI
2009-01-10 14:37:26 ----SD---- C:\Users\Adam\AppData\Roaming\Microsoft
2009-01-10 14:31:14 ----D---- C:\Program Files\Windows Live
2009-01-10 14:31:08 ----D---- C:\Program Files\Common Files\microsoft shared
2009-01-10 14:22:47 ----D---- C:\Program Files\Common Files
2009-01-10 01:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-04 10:56:58 ----D---- C:\Windows\Minidump
2009-01-03 14:34:52 ----D---- C:\Program Files\Common Files\Apple
2009-01-03 14:34:51 ----D---- C:\ProgramData
2009-01-03 14:33:29 ----D---- C:\Program Files\Bonjour
2009-01-03 14:31:08 ----D---- C:\Windows\system32\Tasks
2009-01-02 19:04:20 ----D---- C:\ProgramData\NVIDIA
2009-01-02 19:02:24 ----A---- C:\Windows\ntbtlog.txt
2008-12-27 02:54:59 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2007-08-08 28968]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-02-06 29704]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-02-06 34312]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-02-06 39944]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-14 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-20 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
R3 NETw4v32;用於 Windows Vista 32 Bit 的 Intel® Wireless WiFi Link 介面卡驅動程式; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-02 7643904]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-03-19 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.09\RivaTuner32.sys [2008-04-28 9088]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-06 326656]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-27 182456]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 a1cd2hd6;a1cd2hd6; C:\Windows\system32\drivers\a1cd2hd6.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio 服務; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 MSKSSRV;Microsoft 串流服務 Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft 串流時鐘 Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft 串流品質管理程式 Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft 串流目錄/接收器對接收器轉換器; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 RTL8169;Realtek 8169 NT 驅動程式; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbvideo;USB 視訊裝置 (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 astcc;AST Service; C:\Windows\SYSTEM32\astsrv.exe [2008-05-07 57344]
R2 Bonjour Service;Bonjour 服務; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-15 464128]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-02 207392]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2008-11-03 1332480]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-12-20 66872]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-05-06 94208]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-03-21 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 iPod Service;iPod 服務; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-10 72704]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-06 19200]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-09 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]

-----------------EOF-----------------

#3 BabyMilo

BabyMilo
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 24 January 2009 - 06:32 PM

DDS (Ver_09-01-19.01) - NTFSx86
Run by Adam at 23:31:25.98 on 24/01/2009 星期六
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\oodag.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.hk/
uWindow Title =
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 127.0.0.1:8080
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\csrss.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Microsoft: {37566535-a634-5164-5467-5a56453bd4fa} - c:\windows\freesoft_adw.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.09\RivaTunerWrapper.exe" /S
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ParadialRealTun] "c:\program files\paradial\realtunnel\rtunnel.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: &¥t3!‥I¥I FlashGet ?U﹐u - c:\program files\flashget\jc_all.htm
IE: &‥I¥I FlashGet ?U﹐u - c:\program files\flashget\jc_link.htm
IE: &使用 FlashGet 下載 - c:\program files\flashget\jc_link.htm
IE: &全部使用 FlashGet 下載 - c:\program files\flashget\jc_all.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\kbk5of0q.default\
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-6 34312]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-8-8 7424]
R4 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-15 464128]

=============== Created Last 30 ================

2009-01-24 22:53 20,741 a------- C:\up23494.exe
2009-01-24 22:52 25,993 a------- C:\up65702.exe
2009-01-24 21:42 691 a------- c:\users\adam\appdata\roaming\GetValue.vbs
2009-01-24 21:42 35 a------- c:\users\adam\appdata\roaming\SetValue.bat
2009-01-24 21:40 3,206 a------- c:\windows\system32\tmp.reg
2009-01-24 20:13 <DIR> --d----- c:\users\adam\Tracing
2009-01-24 14:29 26,933 a------- c:\windows\system32\drivers\csrss.exe
2009-01-15 21:45 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-01-14 19:47 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-13 19:54 <DIR> --d----- c:\program files\ATITool
2009-01-10 14:31 <DIR> --d----- c:\program files\Microsoft
2009-01-10 14:31 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-10 14:22 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-06 21:00 327,680 a------- c:\windows\system32\vp6dec.ax
2009-01-06 21:00 53,248 a------- c:\windows\system32\vp6dec_settings.cpl
2009-01-03 14:35 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-03 14:35 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-03 14:34 <DIR> --d----- c:\program files\iPod
2009-01-03 14:34 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-03 14:34 <DIR> --d----- c:\program files\iTunes
2009-01-03 14:34 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-02 18:52 3,033,632 a------- c:\windows\system32\nvwssr.dll
2009-01-02 18:52 6,580,768 a------- c:\windows\system32\nvdispsr.dll
2009-01-02 18:52 4,287,008 a------- c:\windows\system32\nvvitvsr.dll
2009-01-02 18:52 4,287,008 a------- c:\windows\system32\nvgamesr.dll
2009-01-02 18:52 2,861,600 a------- c:\windows\system32\nvmoblsr.dll
2009-01-02 18:52 465,440 a------- c:\windows\system32\nvmccssr.dll
2009-01-02 18:52 205,116 a------- c:\windows\system32\nvapps.xml
2008-12-31 17:47 <DIR> --d----- c:\program files\Alien Skin
2008-12-31 17:28 70,656 a------- c:\windows\freesoft_adw.dll

==================== Find3M ====================

2009-01-24 23:08 334,324 a------- c:\windows\system32\prfh0404.dat
2009-01-24 23:08 105,622 a------- c:\windows\system32\prfc0404.dat
2009-01-24 22:41 117,896 a------- c:\programdata\nvModes.dat
2009-01-24 22:41 117,896 a------- c:\progra~2\nvModes.dat
2009-01-24 21:08 138,624 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-24 21:07 202,352 a------- c:\windows\system32\PnkBstrB.exe
2009-01-13 19:54 51,200 a------- c:\windows\inf\infpub.dat
2009-01-13 19:54 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-13 19:54 86,016 a------- c:\windows\inf\infstor.dat
2008-12-20 16:00 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-20 07:51 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-11 23:22 159,989 a------- c:\windows\FlickrDown Uninstaller.exe
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-12-02 14:07 203,264 a------- c:\windows\system32\BR01-94 Orange rubber strap.scr
2008-12-02 02:13 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-11-18 20:10 615,424 a------- c:\windows\system32\themeui.dll
2008-11-18 20:10 240,128 a------- c:\windows\system32\uxtheme.dll
2008-11-16 10:30 119,120 a------- c:\windows\dxsdkuninst.exe
2008-11-03 11:46 1,307,904 a------- c:\windows\system32\ooscrsav.scr
2008-11-03 11:45 730,368 a------- c:\windows\system32\oodsvct.exe
2008-11-03 11:45 1,332,480 a------- c:\windows\system32\oodag.exe
2008-11-03 11:45 2,540,800 a------- c:\windows\system32\oodtray.exe
2008-11-03 11:44 194,816 a------- c:\windows\system32\oodbs.exe
2008-11-03 11:42 951,552 a------- c:\windows\system32\oodtrrs.dll
2008-11-03 11:41 541,952 a------- c:\windows\system32\oodssrs.dll
2008-11-03 11:41 9,984 a------- c:\windows\system32\oodbsrs.dll
2008-11-03 11:41 15,616 a------- c:\windows\system32\oodagmg.dll
2008-11-03 11:41 8,448 a------- c:\windows\system32\oodagrs.dll
2008-11-01 03:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 03:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 03:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 03:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 03:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-11-01 03:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-11-01 01:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 a------- c:\windows\explorer.exe
2008-10-28 09:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 09:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-27 15:21 15,104 a------- c:\windows\system32\ootmapi.dll
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-23 11:04 20 ----h--- c:\programdata\PKP_DLea.DAT
2008-10-23 11:04 20 ----h--- c:\progra~2\PKP_DLea.DAT
2008-10-22 22:13 20 ----h--- c:\programdata\PKP_DLbz.DAT
2008-10-22 22:13 20 ----h--- c:\progra~2\PKP_DLbz.DAT
2008-10-22 22:05 20 ----h--- c:\programdata\PKP_DLbx.DAT
2008-10-22 22:05 20 ----h--- c:\progra~2\PKP_DLbx.DAT
2008-10-22 21:32 20 ----h--- c:\programdata\PKP_DLck.DAT
2008-10-22 21:32 20 ----h--- c:\progra~2\PKP_DLck.DAT
2008-08-26 13:03 22,328 a------- c:\users\adam\appdata\roaming\PnkBstrK.sys
2008-08-22 13:41 27,240 a------- c:\users\adam\appdata\roaming\nvModes.dat
2008-08-19 08:41 174 a--sh--- c:\program files\desktop.ini
2008-08-19 08:31 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-08 09:47 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-08 09:47 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-08 09:47 116,540 a------- c:\windows\inf\perflib\0404\perfi.dat
2006-11-08 09:47 116,540 a------- c:\windows\inf\perflib\0404\perfh.dat
2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0404\perfd.dat
2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0404\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-19 11:49 61 ---sh--- c:\windows\cnerolf.bin
2008-08-18 18:35 76 ---shr-- c:\windows\CT4CET.bin
2008-09-26 18:47 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-26 18:47 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-26 18:47 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 23:31:49.67 ===============

Attached Files


Edited by BabyMilo, 24 January 2009 - 06:35 PM.


#4 BabyMilo

BabyMilo
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 25 January 2009 - 03:57 PM

Title was: Internet browsers problems!, Firefox and IE ~ OB

I have a problem which when i ever do i search on google, it will redirect me to google custom search with safesearch mode on and cant turn back off. And if i click on any pages ie. bbc via google, the top link it will still stay at google!

Second problem, which i ever try to download something or open too many tabs, it will force itself to shutdown.

Please ask for more info.

Here is my DDS:


DDS (Ver_09-01-19.01) - NTFSx86
Run by Adam at 20:56:29.78 on 25/01/2009 星期日
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\oodag.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Users\Adam\Documents\My Documents\WLM Lite 8.5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conime.exe
C:\Program Files\Paradial\RealTunnel\rtunnel.exe
C:\Users\Adam\Documents\My Documents\WLM Lite\4000001900003i\usnsvc.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.hk/
uWindow Title =
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 127.0.0.1:8080
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\csrss.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Microsoft: {37566535-a634-5164-5467-5a56453bd4fa} - c:\windows\freesoft_adw.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.09\RivaTunerWrapper.exe" /S
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ParadialRealTun] "c:\program files\paradial\realtunnel\rtunnel.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: &¥t3!‥I¥I FlashGet ?U﹐u - c:\program files\flashget\jc_all.htm
IE: &‥I¥I FlashGet ?U﹐u - c:\program files\flashget\jc_link.htm
IE: &使用 FlashGet 下載 - c:\program files\flashget\jc_link.htm
IE: &全部使用 FlashGet 下載 - c:\program files\flashget\jc_all.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\kbk5of0q.default\
FF - prefs.js: browser.startup.homepage - hk.yahoo.com
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-6 34312]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-8-8 7424]
R4 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-15 464128]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-1-25 809296]

=============== Created Last 30 ================

2009-01-25 15:58 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-01-25 15:58 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-25 15:58 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-01-24 22:53 20,741 a------- C:\up23494.exe
2009-01-24 22:52 25,993 a------- C:\up65702.exe
2009-01-24 21:42 691 a------- c:\users\adam\appdata\roaming\GetValue.vbs
2009-01-24 21:42 35 a------- c:\users\adam\appdata\roaming\SetValue.bat
2009-01-24 21:40 3,206 a------- c:\windows\system32\tmp.reg
2009-01-24 20:13 <DIR> --d----- c:\users\adam\Tracing
2009-01-24 14:29 26,933 a------- c:\windows\system32\drivers\csrss.exe
2009-01-15 21:45 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-01-14 19:47 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-13 19:54 <DIR> --d----- c:\program files\ATITool
2009-01-10 14:31 <DIR> --d----- c:\program files\Microsoft
2009-01-10 14:31 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-10 14:22 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-06 21:00 327,680 a------- c:\windows\system32\vp6dec.ax
2009-01-06 21:00 53,248 a------- c:\windows\system32\vp6dec_settings.cpl
2009-01-03 14:35 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-03 14:35 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-03 14:34 <DIR> --d----- c:\program files\iPod
2009-01-03 14:34 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-03 14:34 <DIR> --d----- c:\program files\iTunes
2009-01-03 14:34 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-02 18:52 3,033,632 a------- c:\windows\system32\nvwssr.dll
2009-01-02 18:52 6,580,768 a------- c:\windows\system32\nvdispsr.dll
2009-01-02 18:52 4,287,008 a------- c:\windows\system32\nvvitvsr.dll
2009-01-02 18:52 4,287,008 a------- c:\windows\system32\nvgamesr.dll
2009-01-02 18:52 2,861,600 a------- c:\windows\system32\nvmoblsr.dll
2009-01-02 18:52 465,440 a------- c:\windows\system32\nvmccssr.dll
2009-01-02 18:52 205,116 a------- c:\windows\system32\nvapps.xml
2008-12-31 17:47 <DIR> --d----- c:\program files\Alien Skin
2008-12-31 17:28 70,656 a------- c:\windows\freesoft_adw.dll

==================== Find3M ====================

2009-01-25 20:18 334,324 a------- c:\windows\system32\prfh0404.dat
2009-01-25 20:18 105,622 a------- c:\windows\system32\prfc0404.dat
2009-01-25 14:27 117,896 a------- c:\programdata\nvModes.dat
2009-01-25 14:27 117,896 a------- c:\progra~2\nvModes.dat
2009-01-25 11:27 138,624 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-25 11:27 202,352 a------- c:\windows\system32\PnkBstrB.exe
2009-01-13 19:54 51,200 a------- c:\windows\inf\infpub.dat
2009-01-13 19:54 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-13 19:54 86,016 a------- c:\windows\inf\infstor.dat
2008-12-20 16:00 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-20 07:51 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-11 23:22 159,989 a------- c:\windows\FlickrDown Uninstaller.exe
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-12-02 14:07 203,264 a------- c:\windows\system32\BR01-94 Orange rubber strap.scr
2008-12-02 02:13 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-11-18 20:10 615,424 a------- c:\windows\system32\themeui.dll
2008-11-18 20:10 240,128 a------- c:\windows\system32\uxtheme.dll
2008-11-16 10:30 119,120 a------- c:\windows\dxsdkuninst.exe
2008-11-03 11:46 1,307,904 a------- c:\windows\system32\ooscrsav.scr
2008-11-03 11:45 730,368 a------- c:\windows\system32\oodsvct.exe
2008-11-03 11:45 1,332,480 a------- c:\windows\system32\oodag.exe
2008-11-03 11:45 2,540,800 a------- c:\windows\system32\oodtray.exe
2008-11-03 11:44 194,816 a------- c:\windows\system32\oodbs.exe
2008-11-03 11:42 951,552 a------- c:\windows\system32\oodtrrs.dll
2008-11-03 11:41 541,952 a------- c:\windows\system32\oodssrs.dll
2008-11-03 11:41 9,984 a------- c:\windows\system32\oodbsrs.dll
2008-11-03 11:41 15,616 a------- c:\windows\system32\oodagmg.dll
2008-11-03 11:41 8,448 a------- c:\windows\system32\oodagrs.dll
2008-11-01 03:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 03:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 03:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 03:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 03:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-11-01 03:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-11-01 01:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 a------- c:\windows\explorer.exe
2008-10-28 09:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 09:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-23 11:04 20 ----h--- c:\programdata\PKP_DLea.DAT
2008-10-23 11:04 20 ----h--- c:\progra~2\PKP_DLea.DAT
2008-10-22 22:13 20 ----h--- c:\programdata\PKP_DLbz.DAT
2008-10-22 22:13 20 ----h--- c:\progra~2\PKP_DLbz.DAT
2008-10-22 22:05 20 ----h--- c:\programdata\PKP_DLbx.DAT
2008-10-22 22:05 20 ----h--- c:\progra~2\PKP_DLbx.DAT
2008-10-22 21:32 20 ----h--- c:\programdata\PKP_DLck.DAT
2008-10-22 21:32 20 ----h--- c:\progra~2\PKP_DLck.DAT
2008-08-26 13:03 22,328 a------- c:\users\adam\appdata\roaming\PnkBstrK.sys
2008-08-22 13:41 27,240 a------- c:\users\adam\appdata\roaming\nvModes.dat
2008-08-19 08:41 174 a--sh--- c:\program files\desktop.ini
2008-08-19 08:31 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-08 09:47 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-08 09:47 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-08 09:47 116,540 a------- c:\windows\inf\perflib\0404\perfi.dat
2006-11-08 09:47 116,540 a------- c:\windows\inf\perflib\0404\perfh.dat
2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0404\perfd.dat
2006-11-08 09:47 30,674 a------- c:\windows\inf\perflib\0404\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-19 11:49 61 ---sh--- c:\windows\cnerolf.bin
2008-08-18 18:35 76 ---shr-- c:\windows\CT4CET.bin
2008-09-26 18:47 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-26 18:47 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-26 18:47 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 20:57:06.59 ===============

Edited by Orange Blossom, 25 January 2009 - 09:24 PM.
Merged topics. ~ OB


#5 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:46 PM

Posted 06 February 2009 - 03:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.
Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scans:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


If you have a router, then when the computer is restarting, unhook the router from the internet, then do a reset of the router, and then when the computer and router are back up, make sure you change the default password with a strong password. If you have just an external modem, just unplug the power from it, wait 2 minutes, then plug it back in.


* Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.scr
DDS.pif

* Double click on the DDS icon, allow it to run.
* A small box will open, with an explaination about the tool. No input is needed, the scan is running.
* Notepad will open with the results, click no to the Optional_Scan
* Follow the instructions that pop up for posting the results.
* Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

After your response, someone will be with you soon.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:46 PM

Posted 18 February 2009 - 05:26 PM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users