Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Security Alert Popup and linked to Antispy Smartsoft

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Security Alert Popup and linked to Antispy Smartsoft

Unread postby mpempe » September 2nd, 2008, 5:46 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:28 AM, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\petwrynw\jcfwbyhy.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bobatuju.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.special-toolbar-first-run-tlbrc
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProcChkStr] C:\WINDOWS\system32\bobatuju.exe
O4 - HKCU\..\Run: [mntcmd] C:\WINDOWS\system32\yxmrudix.exe
O4 - HKLM\..\Policies\Explorer\Run: [xExz6KljQc] C:\Documents and Settings\All Users\Application Data\petwrynw\jcfwbyhy.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?353435c6af7540f28799d435ccb6d004
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?353435c6af7540f28799d435ccb6d004
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9241 bytes



I hv installed Malwarebytes, but the popup keep coming out, and when I click "enable protection" button, it will lead me to PC Antispy Smartsoft website. So what do I have to do to completely remove the popup? Thx
mpempe
Active Member
 
Posts: 5
Joined: September 2nd, 2008, 5:42 pm
Advertisement
Register to Remove

Re: Windows Security Alert Popup and linked to Antispy Smartsoft

Unread postby Bob4 » September 2nd, 2008, 7:44 pm

Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!


  • Save and quit any work your doing before beginning the fix.
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!




_____________________________
Task Manager
I would like you to open the task manager by pressing simeltaniously
Ctrl+Shift+Esc or cntrl /alt/delete
then go to the processes tab and end the following if present:
by: right clicking on and choosing end process.

jcfwbyhy.exe

bobatuju.exe






______________________________
RUN HJT

HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [ProcChkStr] C:\WINDOWS\system32\bobatuju.exe
O4 - HKCU\..\Run: [mntcmd] C:\WINDOWS\system32\yxmrudix.exe
O4 - HKLM\..\Policies\Explorer\Run: [xExz6KljQc] C:\Documents and Settings\All Users\Application Data\petwrynw\jcfwbyhy.exe

Close that.




___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.




___________________________________
Search for and remove
Now I want you to search for and delete the following folder and all it's contents if present. If you need help finding them.
Click start /search/ all files and folders/ look for More advanced options. once in there select the first 3 boxes.
Please just remove the files/folders I listed in BOLD


C:\WINDOWS\system32\bobatuju.exe
C:\WINDOWS\system32\yxmrudix.exe
C:\Documents and Settings\All Users\Application Data\petwrynw << Delete this folder and all it's contents.


_____________________________________





Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your registry is risky).


_________________________________

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


____________________________________


Open up Malware bytes anti spyware program .
Click on Logs on the top tab.
Open the log created when you first scanned with this program.
Copy the entire contents of that log for me in your next reply.


_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Malwarebytes anitspyware
  • The report from Kasperskys
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Windows Security Alert Popup and linked to Antispy Smartsoft

Unread postby mpempe » September 3rd, 2008, 5:04 am

I have scan my PC by using kaspersky online scanning. It took 3 hour to finish, but then when I click "view scan report", and click "save report as", nothing came out, just the "save report as" button became unable to click. But kaspersky detected 2 threats on my PC :

1. Trojan-Downloader.Win32.Zlob.xok @ C:\Document and Setting\ferari tioarbi\Local Setting\Temp\Setup_v.....
2. Trojan-Downloader.Win32.Zlob.uez @ D:\master\KIS 8.0.0.357\kis8.0.0.357en.exe


Here's my mbam #1 logfile

Malwarebytes' Anti-Malware 1.25
Database version: 1103
Windows 5.1.2600 Service Pack 3

1:22:51 AM 9/2/2008
mbam-log-09-02-2008 (01-22-51).txt

Scan type: Quick Scan
Objects scanned: 38613
Time elapsed: 7 minute(s), 46 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 5
Registry Keys Infected: 38
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 17
Files Infected: 88

Memory Processes Infected:
C:\Documents and Settings\ferari tioarbi\Local Settings\Temp\c.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Program Files\rhcp7lj0er0g\rhcp7lj0er0g.exe (Rogue.Multiple) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\blphct7lj0er0g.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\rhcp7lj0er0g\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcp7lj0er0g\MFC71ENU.DLL (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcp7lj0er0g\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcp7lj0er0g\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcp7lj0er0g (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcp7lj0er0g (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcp7lj0er0g (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhcp7lj0er0g (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\rhcp7lj0er0g\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\ferari tioarbi\Local Settings\Temp\c.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\blphct7lj0er0g.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphct7lj0er0g.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhcp7lj0er0g\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcp7lj0er0g\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcp7lj0er0g\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcp7lj0er0g\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcp7lj0er0g\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcp7lj0er0g\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcp7lj0er0g\rhcp7lj0er0g.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcp7lj0er0g\rhcp7lj0er0g.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcp7lj0er0g\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphct7lj0er0g.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ferari tioarbi\Local Settings\Temp\140.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Latest Hijack Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:22 PM, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.special-toolbar-first-run-tlbrc
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?353435c6af7540f28799d435ccb6d004
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?353435c6af7540f28799d435ccb6d004
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9066 bytes
mpempe
Active Member
 
Posts: 5
Joined: September 2nd, 2008, 5:42 pm

Re: Windows Security Alert Popup and linked to Antispy Smartsoft

Unread postby Bob4 » September 3rd, 2008, 7:56 am

___________________________________
You may want to print these out or save tham as a text document on your desktop as we will be going into safe mode and this page (internet ) will not be available.


___________________________________
Safe mode:
Please reboot to safe mode:
After the very first black screen start tapping the
F8 key untill prompted with a list.... choose safe
mode.

_____________________________
Navigate to

C:\Document and Setting\ferari tioarbi\Local Setting\Temp <<delete the contents of this folder.

Navigate to and delete

D:\master\KIS 8.0.0.357\kis8.0.0.357en.exe

Reboot Normally

_______________________________________
Download SmitfraudFix (by S!Ri) to your Desktop.
Smitfraud by S!ri

  • Double clcik the smitfraud.exe
  • When promted
    Press any key to continue.
  • Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with any others I have asked for in your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. When prompted by allow it to run

IMPORTANT: DO NOT run any other options until you are asked to do so!
If you do and smitfraud isn't present it will have undesirable effects



________________________________________________


  • Download Random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

_______________________________________________



Panda
Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your Valid Email
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
- Post Panda scan results in your next reply



_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from RSIT
  • The report from SMITFRAUD
  • The report from Panda
  • POP-UPS/redirection GONE ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Windows Security Alert Popup and linked to Antispy Smartsoft

Unread postby mpempe » September 3rd, 2008, 8:01 pm

Hijiack Logfile :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:05:29, on 9/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.special-toolbar-first-run-tlbrc
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?353435c6af7540f28799d435ccb6d004
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?353435c6af7540f28799d435ccb6d004
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9250 bytes



SmitFraudFix v2.345

Scan done at 6:11:17.57, Thu 09/04/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ferari tioarbi


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ferari tioarbi\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FERARI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 202.188.0.133
DNS Server Search Order: 192.168.123.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6101FF53-EC92-40F0-81DF-2F793143D32F}: DhcpNameServer=202.188.0.133 192.168.123.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6101FF53-EC92-40F0-81DF-2F793143D32F}: DhcpNameServer=202.188.0.133 192.168.123.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6101FF53-EC92-40F0-81DF-2F793143D32F}: DhcpNameServer=202.188.0.133 192.168.123.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 192.168.123.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 192.168.123.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 192.168.123.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Log.txt :

Logfile of random's system information tool (written by random/random)
Run by ferari tioarbi at 2008-09-04 06:13:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 85 GB (87%) free of 97 GB
Total RAM: 2046 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:13:28, on 9/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\ferari tioarbi\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\ferari tioarbi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.special-toolbar-first-run-tlbrc
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?353435c6af7540f28799d435ccb6d004
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?353435c6af7540f28799d435ccb6d004
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9247 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [2005-04-22 328275]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-02 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-02 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [2005-04-22 328275]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-02 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ipTray.exe"=C:\Program Files\Intel\IDU\iptray.exe [2005-04-29 1267200]
"awTray.exe"=C:\Program Files\Intel\IDU\awtray.exe [2005-03-11 1910784]
"DiskeeperSystray"=C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2005-04-25 196696]
"WINCINEMAMGR"=C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-04-29 278528]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-06-28 1626112]
"SigmatelSysTrayApp"=sttray.exe []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-02 1235736]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-06-18 4534272]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\SETUP.EXE
shell\configure\command - F:\SETUP.EXE
shell\install\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e299f45-792d-11dd-8c74-00167604800e}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c36f5aa9-788b-11dd-8c6f-00167604800e}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe


File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-04 06:13:15 ----D---- C:\rsit
2008-09-04 06:11:21 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-04 06:11:17 ----A---- C:\rapport.txt
2008-09-04 06:11:05 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-04 06:11:05 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-04 06:11:04 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-04 06:11:03 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-04 06:11:03 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-04 06:11:01 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-04 06:11:01 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-04 06:11:01 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-09-04 06:11:00 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-04 06:11:00 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-04 06:10:59 ----A---- C:\WINDOWS\system32\swsc.exe
2008-09-04 06:10:59 ----A---- C:\WINDOWS\system32\swreg.exe
2008-09-04 06:10:58 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-04 06:01:04 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-03 08:41:58 ----D---- C:\WINDOWS\Sun
2008-09-03 08:41:58 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Sun
2008-09-03 08:38:16 ----D---- C:\Program Files\Sun
2008-09-03 08:38:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-03 08:38:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-03 08:38:02 ----A---- C:\WINDOWS\system32\java.exe
2008-09-03 08:37:23 ----D---- C:\Program Files\Java
2008-09-03 08:34:36 ----D---- C:\Program Files\Common Files\Java
2008-09-03 08:25:11 ----D---- C:\Program Files\CCleaner
2008-09-03 05:37:47 ----D---- C:\Program Files\Trend Micro
2008-09-02 03:06:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-02 03:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-02 03:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-02 03:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-02 03:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-02 03:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-02 03:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-02 03:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-02 03:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-02 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-02 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-02 03:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-02 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-02 02:44:53 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-09-02 02:42:56 ----D---- C:\Program Files\Microsoft Works
2008-09-02 02:42:42 ----D---- C:\Program Files\MSBuild
2008-09-02 02:41:42 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-02 02:41:42 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-02 02:34:37 ----D---- C:\WINDOWS\SHELLNEW
2008-09-02 02:33:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-02 02:33:10 ----RHD---- C:\MSOCache
2008-09-02 02:25:04 ----D---- C:\Program Files\D-Tools
2008-09-02 02:19:26 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-02 02:01:30 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\vlc
2008-09-02 02:00:01 ----D---- C:\Program Files\VideoLAN
2008-09-02 01:55:54 ----D---- C:\WINDOWS\system32\PreInstall
2008-09-02 01:55:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-02 01:55:53 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-09-02 01:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-09-02 01:55:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-02 01:21:59 ----A---- C:\WINDOWS\system32\190.tmp
2008-09-02 01:12:56 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Malwarebytes
2008-09-02 01:12:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-02 01:12:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-02 00:44:25 ----D---- C:\Program Files\Windows Live Favorites
2008-09-02 00:43:17 ----HD---- C:\$AVG8.VAULT$
2008-09-02 00:37:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-09-02 00:37:43 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\AVGTOOLBAR
2008-09-02 00:36:33 ----D---- C:\Program Files\AVG
2008-09-02 00:36:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-01 19:20:43 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-01 18:01:24 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Apple Computer
2008-09-01 18:01:12 ----D---- C:\Program Files\iPod
2008-09-01 18:01:10 ----D---- C:\Program Files\iTunes
2008-09-01 18:00:22 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-01 18:00:09 ----D---- C:\Program Files\Apple Software Update
2008-09-01 17:59:46 ----D---- C:\Program Files\Common Files\Apple
2008-09-01 17:59:45 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-01 17:57:47 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-01 17:51:47 ----D---- C:\Program Files\BitComet
2008-09-01 17:45:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-09-01 17:42:16 ----D---- C:\Program Files\WinRAR
2008-09-01 17:34:49 ----D---- C:\Program Files\Microsoft Office
2008-09-01 17:34:38 ----D---- C:\Program Files\MSECache
2008-09-01 17:33:20 ----D---- C:\Program Files\Common Files\Macromedia Shared
2008-09-01 17:33:20 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-01 17:32:29 ----D---- C:\Program Files\Macromedia
2008-09-01 17:31:32 ----D---- C:\Program Files\MagicISO
2008-09-01 17:28:40 ----SHD---- C:\RECYCLER
2008-09-01 17:20:12 ----D---- C:\Program Files\Common Files\Control Panels
2008-09-01 17:18:26 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-09-01 17:14:03 ----D---- C:\Program Files\QuickTime
2008-09-01 17:13:23 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-09-01 17:13:23 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-09-01 17:10:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-01 17:08:24 ----D---- C:\Program Files\Bonjour
2008-09-01 17:04:57 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-09-01 16:55:44 ----D---- C:\WINDOWS\Prefetch
2008-09-01 16:48:24 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-01 16:36:31 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-09-01 16:36:31 ----A---- C:\WINDOWS\system32\irclass.dll
2008-09-01 16:36:08 ----RA---- C:\WINDOWS\SET4A.tmp
2008-09-01 16:36:04 ----RA---- C:\WINDOWS\SET3E.tmp
2008-09-01 16:36:01 ----RA---- C:\WINDOWS\SET3B.tmp
2008-09-01 16:03:02 ----D---- C:\Program Files\Real
2008-09-01 16:02:53 ----A---- C:\WINDOWS\system32\muweb.dll
2008-09-01 16:02:53 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-01 16:02:53 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-01 16:02:44 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-09-01 16:02:34 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-09-01 16:01:40 ----D---- C:\Program Files\Windows Live Toolbar
2008-09-01 16:01:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-01 16:01:13 ----D---- C:\Program Files\MSN Messenger
2008-09-01 15:54:22 ----D---- C:\Program Files\Easy Video Downloader
2008-09-01 15:53:46 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Mozilla
2008-09-01 15:53:43 ----D---- C:\Program Files\Mozilla Firefox
2008-09-01 15:51:33 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Macromedia
2008-09-01 15:50:59 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Yahoo!
2008-09-01 15:50:54 ----A---- C:\YServer.txt
2008-09-01 15:48:55 ----D---- C:\WINDOWS\Minidump
2008-09-01 15:44:57 ----A---- C:\WINDOWS\iun6002.exe
2008-09-01 15:44:50 ----D---- C:\Program Files\GameFace Messenger
2008-09-01 15:41:40 ----D---- C:\Program Files\My Company Name
2008-09-01 15:41:25 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-09-01 15:41:25 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-09-01 15:41:25 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-09-01 15:41:25 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-09-01 15:41:24 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-09-01 15:41:24 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-09-01 15:41:24 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-09-01 15:41:24 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-09-01 15:41:23 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-09-01 15:41:23 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-09-01 15:41:23 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-09-01 15:41:22 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-09-01 15:41:22 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-01 15:41:22 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-01 15:41:22 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-01 15:41:21 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-09-01 15:41:08 ----D---- C:\Program Files\ASUS
2008-09-01 15:39:59 ----D---- C:\WINDOWS\nview
2008-09-01 15:39:59 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-09-01 15:39:13 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-01 15:34:39 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2008-09-01 15:34:39 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2008-09-01 15:34:38 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2008-09-01 15:34:38 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2008-09-01 15:34:38 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2008-09-01 15:34:38 ----A---- C:\WINDOWS\system32\IVIresize.dll
2008-09-01 15:33:56 ----D---- C:\Program Files\InterVideo
2008-09-01 15:33:56 ----A---- C:\WINDOWS\HWS.exe
2008-09-01 15:33:56 ----A---- C:\WINDOWS\HMD.exe
2008-09-01 15:33:55 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\InterVideo
2008-09-01 15:33:20 ----D---- C:\Program Files\Common Files\NewTech Infosystems
2008-09-01 15:33:18 ----D---- C:\Program Files\NewTech Infosystems
2008-09-01 15:33:14 ----RH---- C:\WINDOWS\system32\NTIBUN4.dll
2008-09-01 15:32:52 ----D---- C:\Program Files\Executive Software
2008-09-01 15:32:47 ----D---- C:\WINDOWS\Downloaded Installations
2008-09-01 15:31:58 ----D---- C:\WINDOWS\Drivers
2008-09-01 15:31:27 ----D---- C:\Program Files\Common Files\Scanner
2008-09-01 15:31:23 ----D---- C:\Program Files\Yahoo!
2008-09-01 15:31:12 ----D---- C:\WINDOWS\Profiles
2008-09-01 15:30:50 ----D---- C:\WINDOWS\system32\Adobe
2008-09-01 15:30:50 ----D---- C:\Program Files\Common Files\Adobe
2008-09-01 15:30:50 ----D---- C:\Program Files\Adobe
2008-09-01 15:30:50 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\InterTrust
2008-09-01 15:30:50 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Adobe
2008-09-01 15:30:48 ----A---- C:\WINDOWS\IsUninst.exe
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\PRONtObj.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\ncscrtp71.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\ncscrt71.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\NcsCoLib.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\Ncs2InstUtility.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\Ncs2DMIX.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\Accesor.dll
2008-09-01 15:29:03 ----RA---- C:\WINDOWS\system32\Prounstl.exe
2008-09-01 15:29:03 ----RA---- C:\WINDOWS\system32\NicIn32.dll
2008-09-01 15:29:03 ----RA---- C:\WINDOWS\system32\NicCo32.dll
2008-09-01 15:29:03 ----RA---- C:\WINDOWS\system32\e100bmsg.dll
2008-09-01 15:26:54 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-09-01 15:26:52 ----A---- C:\WINDOWS\system32\staco.dll
2008-09-01 15:26:47 ----A---- C:\WINDOWS\system32\stacapi.dll
2008-09-01 15:26:34 ----D---- C:\Program Files\SigmaTel
2008-09-01 15:26:33 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-01 15:26:31 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-01 15:23:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-01 15:22:58 ----D---- C:\Program Files\Intel
2008-09-01 15:21:42 ----D---- C:\Program Files\MSXML 4.0
2008-09-01 15:21:32 ----D---- C:\TempEI4
2008-09-01 15:18:59 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Identities
2008-09-01 15:18:57 ----HD---- C:\Program Files\Uninstall Information
2008-09-01 15:18:50 ----SD---- C:\Documents and Settings\ferari tioarbi\Application Data\Microsoft
2008-09-01 15:18:50 ----ASH---- C:\Documents and Settings\ferari tioarbi\Application Data\desktop.ini
2008-09-01 15:17:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-01 15:17:23 ----SD---- C:\WINDOWS\system32\Microsoft
2008-09-01 15:17:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-01 15:13:56 ----D---- C:\WINDOWS\system32\xircom
2008-09-01 15:13:56 ----D---- C:\Program Files\xerox
2008-09-01 15:13:56 ----D---- C:\Program Files\microsoft frontpage
2008-09-01 15:13:39 ----A---- C:\WINDOWS\control.ini
2008-09-01 15:13:39 ----A---- C:\AUTOEXEC.BAT
2008-09-01 15:13:25 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-09-01 15:12:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-01 15:12:30 ----RD---- C:\WINDOWS\Offline Web Pages
2008-09-01 15:12:23 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-09-01 15:12:18 ----HD---- C:\Program Files\WindowsUpdate
2008-09-01 15:11:56 ----D---- C:\WINDOWS\system32\DirectX
2008-09-01 15:11:51 ----A---- C:\WINDOWS\system32\atrace.dll
2008-09-01 15:11:48 ----A---- C:\WINDOWS\system32\desktop.ini
2008-09-01 15:11:48 ----A---- C:\WINDOWS\desktop.ini
2008-09-01 15:11:42 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-09-01 15:11:40 ----D---- C:\Program Files\Common Files\Services
2008-09-01 15:11:40 ----A---- C:\WINDOWS\system32\acctres.dll
2008-09-01 15:11:37 ----SD---- C:\WINDOWS\Tasks
2008-09-01 15:11:37 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-09-01 15:11:36 ----D---- C:\Program Files\Common Files\MSSoap
2008-09-01 15:11:33 ----D---- C:\WINDOWS\srchasst
2008-09-01 15:11:32 ----D---- C:\WINDOWS\system32\Macromed
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wups.dll
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-09-01 15:11:24 ----D---- C:\Program Files\Movie Maker
2008-09-01 15:11:06 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-09-01 15:11:06 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-09-01 15:11:06 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-09-01 15:11:06 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-09-01 15:11:03 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-09-01 15:11:03 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-09-01 15:11:02 ----D---- C:\WINDOWS\system32\Restore
2008-09-01 15:11:02 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-09-01 15:11:02 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-09-01 15:11:02 ----A---- C:\WINDOWS\system32\srclient.dll
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\msconf.dll
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\ils.dll
2008-09-01 15:10:58 ----D---- C:\Program Files\NetMeeting
2008-09-01 15:10:58 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-09-01 15:10:58 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-09-01 15:10:57 ----A---- C:\WINDOWS\system32\inetres.dll
2008-09-01 15:10:57 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-09-01 15:10:55 ----D---- C:\Program Files\Outlook Express
2008-09-01 15:10:55 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-09-01 15:10:55 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-09-01 15:10:55 ----A---- C:\WINDOWS\system32\mstask.dll
2008-09-01 15:10:55 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-09-01 15:10:55 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-09-01 15:10:54 ----A---- C:\WINDOWS\system32\isign32.dll
2008-09-01 15:10:54 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-09-01 15:10:49 ----D---- C:\Program Files\Common Files\System
2008-09-01 15:10:47 ----D---- C:\Program Files\Internet Explorer
2008-09-01 15:10:11 ----D---- C:\Program Files\ComPlus Applications
2008-09-01 15:10:09 ----A---- C:\WINDOWS\vbaddin.ini
2008-09-01 15:10:09 ----A---- C:\WINDOWS\vb.ini
2008-09-01 15:10:04 ----D---- C:\WINDOWS\Registration
2008-09-01 15:09:56 ----D---- C:\Program Files\Windows Media Player
2008-09-01 15:09:56 ----D---- C:\Program Files\Online Services
2008-09-01 15:09:49 ----D---- C:\Program Files\Messenger
2008-09-01 15:09:46 ----D---- C:\Program Files\MSN Gaming Zone
2008-09-01 15:09:46 ----A---- C:\WINDOWS\system32\write.exe
2008-09-01 15:09:35 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-09-01 15:09:35 ----A---- C:\WINDOWS\system32\hticons.dll
2008-09-01 15:09:35 ----A---- C:\WINDOWS\system32\avwav.dll
2008-09-01 15:09:35 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-09-01 15:09:35 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-09-01 15:09:34 ----A---- C:\WINDOWS\system32\winchat.exe
2008-09-01 15:09:26 ----A---- C:\WINDOWS\system32\getuname.dll
2008-09-01 15:09:26 ----A---- C:\WINDOWS\system32\charmap.exe
2008-09-01 15:09:25 ----A---- C:\WINDOWS\system32\winmine.exe
2008-09-01 15:09:25 ----A---- C:\WINDOWS\system32\sol.exe
2008-09-01 15:09:25 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-09-01 15:09:25 ----A---- C:\WINDOWS\system32\calc.exe
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\tskill.exe
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\reset.exe
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\freecell.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\tscon.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\shadow.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\regini.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\msg.exe
2008-09-01 15:09:22 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-09-01 15:09:22 ----A---- C:\WINDOWS\system32\logoff.exe
2008-09-01 15:09:22 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-09-01 15:09:12 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-09-01 15:09:02 ----D---- C:\Program Files\MSN
2008-09-01 15:09:01 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-09-01 15:09:01 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-09-01 15:09:00 ----D---- C:\Program Files\Windows NT
2008-09-01 15:09:00 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-09-01 15:09:00 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-09-01 15:09:00 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-09-01 15:08:59 ----D---- C:\WINDOWS\system32\en-US
2008-09-01 15:08:59 ----A---- C:\WINDOWS\system32\spider.exe
2008-09-01 15:08:59 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-09-01 15:08:57 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-09-01 15:08:57 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-09-01 15:08:56 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-01 15:08:56 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-09-01 15:08:56 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-09-01 15:08:54 ----D---- C:\WINDOWS\system32\MsDtc
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-09-01 15:08:53 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-09-01 15:08:53 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-09-01 15:08:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-09-01 15:08:53 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-09-01 15:08:53 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-09-01 15:08:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-09-01 15:08:51 ----D---- C:\WINDOWS\system32\Com
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\stclient.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\colbact.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\comuid.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-09-01 15:08:49 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-09-01 15:08:43 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-09-01 15:08:42 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-09-01 15:08:42 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-09-01 15:08:42 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-09-01 08:07:15 ----A---- C:\WINDOWS\system32\h323log.txt
2008-09-01 08:02:43 ----SHD---- C:\WINDOWS\Installer
2008-09-01 08:02:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-01 08:02:42 ----D---- C:\Program Files\Common Files\ODBC
2008-09-01 08:02:42 ----A---- C:\WINDOWS\ODBCINST.INI
2008-09-01 08:02:39 ----RD---- C:\Program Files
2008-09-01 08:02:39 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-09-01 08:02:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-01 08:02:39 ----D---- C:\Program Files\Common Files
2008-09-01 08:02:22 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-09-01 08:02:22 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-09-01 08:02:19 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-09-01 08:02:17 ----A---- C:\WINDOWS\system32\storprop.dll
2008-09-01 08:02:08----ASH----C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-09-01 08:02:03 ----RA---- C:\WINDOWS\SET8.tmp
2008-09-01 08:02:00 ----RA---- C:\WINDOWS\SET4.tmp
2008-09-01 08:01:59 ----RA---- C:\WINDOWS\SET3.tmp
2008-09-01 08:01:54 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-01 08:01:54 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-01 08:01:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-01 08:01:22 ----SHD---- C:\System Volume Information
2008-09-01 08:01:22 ----D---- C:\Documents and Settings
2008-09-01 08:00:21 ----SH---- C:\boot.ini
2008-09-01 07:54:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-01 07:54:25 ----RSD---- C:\WINDOWS\Fonts
2008-09-01 07:54:25 ----RD---- C:\WINDOWS\Web
2008-09-01 07:54:25 ----HD---- C:\WINDOWS\inf
2008-09-01 07:54:25 ----D---- C:\WINDOWS\WinSxS
2008-09-01 07:54:25 ----D---- C:\WINDOWS\twain_32
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Temp
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\wins
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\wbem
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\usmt
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\spool
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\ShellExt
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\Setup
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\scripting
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\ras
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\oobe
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\npp
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\mui
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\IME
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\icsxml
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\ias
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\export
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\en
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\drivers
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\dhcp
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\config
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\3com_dmi
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\3076
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\2052
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1054
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1042
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1041
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1037
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1033
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1031
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1028
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1025
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system
2008-09-01 07:54:25 ----D---- C:\WINDOWS\security
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Resources
2008-09-01 07:54:25 ----D---- C:\WINDOWS\repair
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Provisioning
2008-09-01 07:54:25 ----D---- C:\WINDOWS\PeerNet
2008-09-01 07:54:25 ----D---- C:\WINDOWS\pchealth
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Network Diagnostic
2008-09-01 07:54:25 ----D---- C:\WINDOWS\mui
2008-09-01 07:54:25 ----D---- C:\WINDOWS\msapps
2008-09-01 07:54:25 ----D---- C:\WINDOWS\msagent
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Media
2008-09-01 07:54:25 ----D---- C:\WINDOWS\L2Schemas
2008-09-01 07:54:25 ----D---- C:\WINDOWS\java
2008-09-01 07:54:25 ----D---- C:\WINDOWS\ime
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Help
2008-09-01 07:54:25 ----D---- C:\WINDOWS\ehome
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Driver Cache
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Debug
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Cursors
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Connection Wizard
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Config
2008-09-01 07:54:25 ----D---- C:\WINDOWS\AppPatch
2008-09-01 07:54:25 ----D---- C:\WINDOWS\addins
2008-09-01 07:54:25 ----D---- C:\WINDOWS

List of drivers

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\system32\System32\Drivers\avgtdix.sys []
R2 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 SIODRV;SIODRV; \??\C:\WINDOWS\system32\drivers\SIODRV.SYS []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-12-26 10752]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-09-01 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-08-10 41216]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-11-03 36484]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-08-09 1021608]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
S3 ASUSVRC;ASUSTeK Virtual Capture Device; C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 iviudf;iviudf; C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 116224]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 smbusp;Intel(R) SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2005-03-15 21248]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-02 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2005-04-26 622700]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S1 udffsrec;udffsrec; C:\WINDOWS\system32\drivers\udffsrec.sys [2004-12-19 5248]
S2 iHCService;Intel(R) Desktop Utilities Service; C:\Program Files\Intel\IDU\IDUServ.exe [2005-04-29 1302016]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-01 72704]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-01 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-09-01 68096]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------



info.txt


info.txt logfile of random's system information tool 2008-09-04 06:13:30

Uninstall list

-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
-->"C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40602E2C-AB5C-4887-8093-3BFE5B8B95B3}\setup.exe" REMOVEALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitComet 0.70-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Diskeeper Lite-->MsiExec.exe /X{3872D54E-84A0-4C04-9BDB-684D01840CA6}
Easy Video Downloader v. 2.0-->"C:\Program Files\Easy Video Downloader\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Desktop Utilities-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE1FD294-CF2A-4936-92F4-B1B778371627}
Intel(R) PRO Network Connections Software v10.1.41.0-->C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qf /le C:\DOCUME~1\FERARI~1\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
InterVideo MediaOne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Director MX 2004-->C:\PROGRA~1\MACROM~1\DIRECT~1\UNWISE.EXE C:\PROGRA~1\MACROM~1\DIRECT~1\install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access database engine 2007 (English)-->MsiExec.exe /I{90120000-00D1-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x9 -remove -removeonly
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar-->MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\YPSR\unwise32.exe /U C:\PROGRA~1\Yahoo!\YPSR\ypsrinst.log
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar with Anti-Spy-->rundll32.exe C:\PROGRA~1\Yahoo!\YPSR\ycomp5_6_2_0.dll,DllCommand uis

Security center information

AV: AVG Internet Security

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Intel\DMIX;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


Panda :



;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-04 08:04:46
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Internet Security 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ferari tioarbi\Cookies\ferari tioarbi@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ferari tioarbi\Cookies\ferari tioarbi@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ferari tioarbi\Cookies\ferari tioarbi@bs.serving-sys[2].txt
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\NT.Config\NT.Config.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\$LDDATA$\TQ\TQ.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\yg dikirim\yg dikirim.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\$LDDATA$\$LDDATA$.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\MSRM\MSRM.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\MMM refernce\MMM refernce.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\MPW\MPW.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\TRAILER\TRAILER.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\S-1-5-21-1482476501-1644491937-682003330-1013.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\RECYCLER\RECYCLER.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\Banu Bebe kakak\Banu Bebe kakak.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\GDC\GDC\GDC.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\GDC\GDC.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\New Folder.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\buat cosmopolitan\buat cosmopolitan.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\New Folder\New Folder.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\CDJ sound effects\CDJ sound effects.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\WIN32.EXE
03446814 Generic Trojan Virus/Trojan No 0 Yes No D:\master\Adobe Captivate 3\Keygen.EXE
03469784 VBS/Autorun.ABT Virus/Trojan No 0 Yes No G:\XIAO.VBS
03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Documents and Settings\ferari tioarbi\Desktop\SmitfraudFix.exe
03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Documents and Settings\ferari tioarbi\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b2udfhi.default\Cache\576CDDCEd01
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\RECYCLER\S-1-5-21-2052111302-1993962763-1801674531-1003\Dc16.vbs
03582346 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\IEDFix.C.exe
03582346 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\IEDFix.C.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================



Ya, the popup is gone already, thx for your help! Regarding to 4 threats which are detected by Pada Scan, is there any other step sould I take? Thank you very much one more time 4 ur help.
mpempe
Active Member
 
Posts: 5
Joined: September 2nd, 2008, 5:42 pm

Re: Windows Security Alert Popup and linked to Antispy Smartsoft

Unread postby Bob4 » September 5th, 2008, 2:30 pm

You've been infected with a flash drive infection that we need to clean up.

Please download the following tool:

Flash disinfector by SuBS

With your Pen/flash drive in the computer

Double click it to run it. Your background will disappear briefly - this is normal.
That's it.


________________________________________
Open notepad up and copy everything exactly in the box below into it.

Code: Select all
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c36f5aa9-788b-11dd-8c6f-00167604800e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e299f45-792d-11dd-8c74-00167604800e}]





make sure to have no lines before
Windows Registry Editor Version 5.00

and

One (1) space before the end.
Now click on save and save TO YOUR DESKTOP

as "File Name" fix.reg

Save as File type "all files" NOT TXT DOCUMENT

Once saved double click the file you just made and when asked to merge with the registry click yes.

Now delete that file.

_____________________________

Open the flash /pen drive now and delete the following files/folders.


G:\[/b]NT.Config[/b] <<Folder
G:\$LDDATA$ <<Folder
G:\yg dikirim
G:\MSRM
G:\MMM refernce
G:\MPW
G:\TRAILER
G:\RECYCLER
G:\Banu Bebe kakak
G:\GDC
G:\New Folder
G:\buat cosmopolitan
G:\CDJ sound effects
D:\master\Adobe Captivate 3\Keygen.EXE << Delete this. Key generators are about the top of the list that will bring malware to a computer.






_____________________________
Submit 2 files to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste this filepath in there.
If theres is more than one file to scan, insert them 1 at a time.




C:\WINDOWS\HWS.exe
C:\WINDOWS\HMD.exe



Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

You may recieve a message stating "
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

Just let me know if that is what you saw.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html









_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Jottis/virus total
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Windows Security Alert Popup and linked to Antispy Smartsoft

Unread postby NonSuch » September 10th, 2008, 9:45 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 271 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware