Hijiack Logfile :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:05:29, on 9/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://runonce.msn.com/?v=msgrv75R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.avg.com/ww.special-toolbar-first-run-tlbrcR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?353435c6af7540f28799d435ccb6d004
O8 - Extra context menu item: Open in new foreground tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?353435c6af7540f28799d435ccb6d004
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9250 bytes
SmitFraudFix v2.345
Scan done at 6:11:17.57, Thu 09/04/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ferari tioarbi
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ferari tioarbi\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FERARI~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 202.188.0.133
DNS Server Search Order: 192.168.123.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6101FF53-EC92-40F0-81DF-2F793143D32F}: DhcpNameServer=202.188.0.133 192.168.123.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6101FF53-EC92-40F0-81DF-2F793143D32F}: DhcpNameServer=202.188.0.133 192.168.123.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6101FF53-EC92-40F0-81DF-2F793143D32F}: DhcpNameServer=202.188.0.133 192.168.123.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 192.168.123.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 192.168.123.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 192.168.123.254
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Log.txt :Logfile of random's system information tool (written by random/random)
Run by ferari tioarbi at 2008-09-04 06:13:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 85 GB (87%) free of 97 GB
Total RAM: 2046 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:13:28, on 9/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\ferari tioarbi\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\ferari tioarbi.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://runonce.msn.com/?v=msgrv75R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.avg.com/ww.special-toolbar-first-run-tlbrcR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?353435c6af7540f28799d435ccb6d004
O8 - Extra context menu item: Open in new foreground tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?353435c6af7540f28799d435ccb6d004
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9247 bytes
Scheduled tasks folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
Registry dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [2005-04-22 328275]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-02 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-02 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [2005-04-22 328275]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-02 2055960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ipTray.exe"=C:\Program Files\Intel\IDU\iptray.exe [2005-04-29 1267200]
"awTray.exe"=C:\Program Files\Intel\IDU\awtray.exe [2005-03-11 1910784]
"DiskeeperSystray"=C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2005-04-25 196696]
"WINCINEMAMGR"=C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-04-29 278528]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-06-28 1626112]
"SigmatelSysTrayApp"=sttray.exe []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-02 1235736]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-06-18 4534272]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\SETUP.EXE
shell\configure\command - F:\SETUP.EXE
shell\install\command - F:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e299f45-792d-11dd-8c74-00167604800e}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c36f5aa9-788b-11dd-8c6f-00167604800e}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
File associations
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*
List of files/folders created in the last three months
2008-09-04 06:13:15 ----D---- C:\rsit
2008-09-04 06:11:21 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-04 06:11:17 ----A---- C:\rapport.txt
2008-09-04 06:11:05 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-04 06:11:05 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-04 06:11:04 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-04 06:11:03 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-04 06:11:03 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-04 06:11:01 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-04 06:11:01 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-04 06:11:01 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-09-04 06:11:00 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-04 06:11:00 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-04 06:10:59 ----A---- C:\WINDOWS\system32\swsc.exe
2008-09-04 06:10:59 ----A---- C:\WINDOWS\system32\swreg.exe
2008-09-04 06:10:58 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-04 06:01:04 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-03 08:41:58 ----D---- C:\WINDOWS\Sun
2008-09-03 08:41:58 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Sun
2008-09-03 08:38:16 ----D---- C:\Program Files\Sun
2008-09-03 08:38:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-03 08:38:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-03 08:38:02 ----A---- C:\WINDOWS\system32\java.exe
2008-09-03 08:37:23 ----D---- C:\Program Files\Java
2008-09-03 08:34:36 ----D---- C:\Program Files\Common Files\Java
2008-09-03 08:25:11 ----D---- C:\Program Files\CCleaner
2008-09-03 05:37:47 ----D---- C:\Program Files\Trend Micro
2008-09-02 03:06:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-02 03:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-02 03:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-02 03:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-02 03:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-02 03:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-02 03:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-02 03:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-02 03:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-02 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-02 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-02 03:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-02 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-02 02:44:53 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-09-02 02:42:56 ----D---- C:\Program Files\Microsoft Works
2008-09-02 02:42:42 ----D---- C:\Program Files\MSBuild
2008-09-02 02:41:42 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-02 02:41:42 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-02 02:34:37 ----D---- C:\WINDOWS\SHELLNEW
2008-09-02 02:33:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-02 02:33:10 ----RHD---- C:\MSOCache
2008-09-02 02:25:04 ----D---- C:\Program Files\D-Tools
2008-09-02 02:19:26 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-02 02:01:30 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\vlc
2008-09-02 02:00:01 ----D---- C:\Program Files\VideoLAN
2008-09-02 01:55:54 ----D---- C:\WINDOWS\system32\PreInstall
2008-09-02 01:55:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-02 01:55:53 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-09-02 01:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-09-02 01:55:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-02 01:21:59 ----A---- C:\WINDOWS\system32\190.tmp
2008-09-02 01:12:56 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Malwarebytes
2008-09-02 01:12:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-02 01:12:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-02 00:44:25 ----D---- C:\Program Files\Windows Live Favorites
2008-09-02 00:43:17 ----HD---- C:\$AVG8.VAULT$
2008-09-02 00:37:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-09-02 00:37:43 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\AVGTOOLBAR
2008-09-02 00:36:33 ----D---- C:\Program Files\AVG
2008-09-02 00:36:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-01 19:20:43 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-01 18:01:24 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Apple Computer
2008-09-01 18:01:12 ----D---- C:\Program Files\iPod
2008-09-01 18:01:10 ----D---- C:\Program Files\iTunes
2008-09-01 18:00:22 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-01 18:00:09 ----D---- C:\Program Files\Apple Software Update
2008-09-01 17:59:46 ----D---- C:\Program Files\Common Files\Apple
2008-09-01 17:59:45 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-01 17:57:47 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-01 17:51:47 ----D---- C:\Program Files\BitComet
2008-09-01 17:45:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-09-01 17:42:16 ----D---- C:\Program Files\WinRAR
2008-09-01 17:34:49 ----D---- C:\Program Files\Microsoft Office
2008-09-01 17:34:38 ----D---- C:\Program Files\MSECache
2008-09-01 17:33:20 ----D---- C:\Program Files\Common Files\Macromedia Shared
2008-09-01 17:33:20 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-01 17:32:29 ----D---- C:\Program Files\Macromedia
2008-09-01 17:31:32 ----D---- C:\Program Files\MagicISO
2008-09-01 17:28:40 ----SHD---- C:\RECYCLER
2008-09-01 17:20:12 ----D---- C:\Program Files\Common Files\Control Panels
2008-09-01 17:18:26 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-09-01 17:14:03 ----D---- C:\Program Files\QuickTime
2008-09-01 17:13:23 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-09-01 17:13:23 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-09-01 17:10:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-01 17:08:24 ----D---- C:\Program Files\Bonjour
2008-09-01 17:04:57 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-09-01 16:55:44 ----D---- C:\WINDOWS\Prefetch
2008-09-01 16:48:24 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-01 16:36:31 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-09-01 16:36:31 ----A---- C:\WINDOWS\system32\irclass.dll
2008-09-01 16:36:08 ----RA---- C:\WINDOWS\SET4A.tmp
2008-09-01 16:36:04 ----RA---- C:\WINDOWS\SET3E.tmp
2008-09-01 16:36:01 ----RA---- C:\WINDOWS\SET3B.tmp
2008-09-01 16:03:02 ----D---- C:\Program Files\Real
2008-09-01 16:02:53 ----A---- C:\WINDOWS\system32\muweb.dll
2008-09-01 16:02:53 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-01 16:02:53 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-01 16:02:44 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-09-01 16:02:34 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-09-01 16:01:40 ----D---- C:\Program Files\Windows Live Toolbar
2008-09-01 16:01:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-01 16:01:13 ----D---- C:\Program Files\MSN Messenger
2008-09-01 15:54:22 ----D---- C:\Program Files\Easy Video Downloader
2008-09-01 15:53:46 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Mozilla
2008-09-01 15:53:43 ----D---- C:\Program Files\Mozilla Firefox
2008-09-01 15:51:33 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Macromedia
2008-09-01 15:50:59 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Yahoo!
2008-09-01 15:50:54 ----A---- C:\YServer.txt
2008-09-01 15:48:55 ----D---- C:\WINDOWS\Minidump
2008-09-01 15:44:57 ----A---- C:\WINDOWS\iun6002.exe
2008-09-01 15:44:50 ----D---- C:\Program Files\GameFace Messenger
2008-09-01 15:41:40 ----D---- C:\Program Files\My Company Name
2008-09-01 15:41:25 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-09-01 15:41:25 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-09-01 15:41:25 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-09-01 15:41:25 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-09-01 15:41:24 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-09-01 15:41:24 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-09-01 15:41:24 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-09-01 15:41:24 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-09-01 15:41:23 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-09-01 15:41:23 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-09-01 15:41:23 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-09-01 15:41:22 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-09-01 15:41:22 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-01 15:41:22 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-01 15:41:22 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-01 15:41:21 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-09-01 15:41:08 ----D---- C:\Program Files\ASUS
2008-09-01 15:39:59 ----D---- C:\WINDOWS\nview
2008-09-01 15:39:59 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-09-01 15:39:13 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-01 15:34:39 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2008-09-01 15:34:39 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2008-09-01 15:34:38 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2008-09-01 15:34:38 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2008-09-01 15:34:38 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2008-09-01 15:34:38 ----A---- C:\WINDOWS\system32\IVIresize.dll
2008-09-01 15:33:56 ----D---- C:\Program Files\InterVideo
2008-09-01 15:33:56 ----A---- C:\WINDOWS\HWS.exe
2008-09-01 15:33:56 ----A---- C:\WINDOWS\HMD.exe
2008-09-01 15:33:55 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\InterVideo
2008-09-01 15:33:20 ----D---- C:\Program Files\Common Files\NewTech Infosystems
2008-09-01 15:33:18 ----D---- C:\Program Files\NewTech Infosystems
2008-09-01 15:33:14 ----RH---- C:\WINDOWS\system32\NTIBUN4.dll
2008-09-01 15:32:52 ----D---- C:\Program Files\Executive Software
2008-09-01 15:32:47 ----D---- C:\WINDOWS\Downloaded Installations
2008-09-01 15:31:58 ----D---- C:\WINDOWS\Drivers
2008-09-01 15:31:27 ----D---- C:\Program Files\Common Files\Scanner
2008-09-01 15:31:23 ----D---- C:\Program Files\Yahoo!
2008-09-01 15:31:12 ----D---- C:\WINDOWS\Profiles
2008-09-01 15:30:50 ----D---- C:\WINDOWS\system32\Adobe
2008-09-01 15:30:50 ----D---- C:\Program Files\Common Files\Adobe
2008-09-01 15:30:50 ----D---- C:\Program Files\Adobe
2008-09-01 15:30:50 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\InterTrust
2008-09-01 15:30:50 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Adobe
2008-09-01 15:30:48 ----A---- C:\WINDOWS\IsUninst.exe
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\PRONtObj.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\ncscrtp71.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\ncscrt71.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\NcsCoLib.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\Ncs2InstUtility.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\Ncs2DMIX.dll
2008-09-01 15:29:21 ----N---- C:\WINDOWS\system32\Accesor.dll
2008-09-01 15:29:03 ----RA---- C:\WINDOWS\system32\Prounstl.exe
2008-09-01 15:29:03 ----RA---- C:\WINDOWS\system32\NicIn32.dll
2008-09-01 15:29:03 ----RA---- C:\WINDOWS\system32\NicCo32.dll
2008-09-01 15:29:03 ----RA---- C:\WINDOWS\system32\e100bmsg.dll
2008-09-01 15:26:54 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-09-01 15:26:52 ----A---- C:\WINDOWS\system32\staco.dll
2008-09-01 15:26:47 ----A---- C:\WINDOWS\system32\stacapi.dll
2008-09-01 15:26:34 ----D---- C:\Program Files\SigmaTel
2008-09-01 15:26:33 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-01 15:26:31 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-01 15:23:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-01 15:22:58 ----D---- C:\Program Files\Intel
2008-09-01 15:21:42 ----D---- C:\Program Files\MSXML 4.0
2008-09-01 15:21:32 ----D---- C:\TempEI4
2008-09-01 15:18:59 ----D---- C:\Documents and Settings\ferari tioarbi\Application Data\Identities
2008-09-01 15:18:57 ----HD---- C:\Program Files\Uninstall Information
2008-09-01 15:18:50 ----SD---- C:\Documents and Settings\ferari tioarbi\Application Data\Microsoft
2008-09-01 15:18:50 ----ASH---- C:\Documents and Settings\ferari tioarbi\Application Data\desktop.ini
2008-09-01 15:17:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-01 15:17:23 ----SD---- C:\WINDOWS\system32\Microsoft
2008-09-01 15:17:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-01 15:13:56 ----D---- C:\WINDOWS\system32\xircom
2008-09-01 15:13:56 ----D---- C:\Program Files\xerox
2008-09-01 15:13:56 ----D---- C:\Program Files\microsoft frontpage
2008-09-01 15:13:39 ----A---- C:\WINDOWS\control.ini
2008-09-01 15:13:39 ----A---- C:\AUTOEXEC.BAT
2008-09-01 15:13:25 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-09-01 15:12:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-01 15:12:30 ----RD---- C:\WINDOWS\Offline Web Pages
2008-09-01 15:12:23 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-09-01 15:12:18 ----HD---- C:\Program Files\WindowsUpdate
2008-09-01 15:11:56 ----D---- C:\WINDOWS\system32\DirectX
2008-09-01 15:11:51 ----A---- C:\WINDOWS\system32\atrace.dll
2008-09-01 15:11:48 ----A---- C:\WINDOWS\system32\desktop.ini
2008-09-01 15:11:48 ----A---- C:\WINDOWS\desktop.ini
2008-09-01 15:11:42 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-09-01 15:11:40 ----D---- C:\Program Files\Common Files\Services
2008-09-01 15:11:40 ----A---- C:\WINDOWS\system32\acctres.dll
2008-09-01 15:11:37 ----SD---- C:\WINDOWS\Tasks
2008-09-01 15:11:37 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-09-01 15:11:36 ----D---- C:\Program Files\Common Files\MSSoap
2008-09-01 15:11:33 ----D---- C:\WINDOWS\srchasst
2008-09-01 15:11:32 ----D---- C:\WINDOWS\system32\Macromed
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wups.dll
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-09-01 15:11:29 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-09-01 15:11:28 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-09-01 15:11:24 ----D---- C:\Program Files\Movie Maker
2008-09-01 15:11:06 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-09-01 15:11:06 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-09-01 15:11:06 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-09-01 15:11:06 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-09-01 15:11:03 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-09-01 15:11:03 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-09-01 15:11:02 ----D---- C:\WINDOWS\system32\Restore
2008-09-01 15:11:02 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-09-01 15:11:02 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-09-01 15:11:02 ----A---- C:\WINDOWS\system32\srclient.dll
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\msconf.dll
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-09-01 15:11:01 ----A---- C:\WINDOWS\system32\ils.dll
2008-09-01 15:10:58 ----D---- C:\Program Files\NetMeeting
2008-09-01 15:10:58 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-09-01 15:10:58 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-09-01 15:10:57 ----A---- C:\WINDOWS\system32\inetres.dll
2008-09-01 15:10:57 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-09-01 15:10:55 ----D---- C:\Program Files\Outlook Express
2008-09-01 15:10:55 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-09-01 15:10:55 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-09-01 15:10:55 ----A---- C:\WINDOWS\system32\mstask.dll
2008-09-01 15:10:55 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-09-01 15:10:55 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-09-01 15:10:54 ----A---- C:\WINDOWS\system32\isign32.dll
2008-09-01 15:10:54 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-09-01 15:10:49 ----D---- C:\Program Files\Common Files\System
2008-09-01 15:10:47 ----D---- C:\Program Files\Internet Explorer
2008-09-01 15:10:11 ----D---- C:\Program Files\ComPlus Applications
2008-09-01 15:10:09 ----A---- C:\WINDOWS\vbaddin.ini
2008-09-01 15:10:09 ----A---- C:\WINDOWS\vb.ini
2008-09-01 15:10:04 ----D---- C:\WINDOWS\Registration
2008-09-01 15:09:56 ----D---- C:\Program Files\Windows Media Player
2008-09-01 15:09:56 ----D---- C:\Program Files\Online Services
2008-09-01 15:09:49 ----D---- C:\Program Files\Messenger
2008-09-01 15:09:46 ----D---- C:\Program Files\MSN Gaming Zone
2008-09-01 15:09:46 ----A---- C:\WINDOWS\system32\write.exe
2008-09-01 15:09:35 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-09-01 15:09:35 ----A---- C:\WINDOWS\system32\hticons.dll
2008-09-01 15:09:35 ----A---- C:\WINDOWS\system32\avwav.dll
2008-09-01 15:09:35 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-09-01 15:09:35 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-09-01 15:09:34 ----A---- C:\WINDOWS\system32\winchat.exe
2008-09-01 15:09:26 ----A---- C:\WINDOWS\system32\getuname.dll
2008-09-01 15:09:26 ----A---- C:\WINDOWS\system32\charmap.exe
2008-09-01 15:09:25 ----A---- C:\WINDOWS\system32\winmine.exe
2008-09-01 15:09:25 ----A---- C:\WINDOWS\system32\sol.exe
2008-09-01 15:09:25 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-09-01 15:09:25 ----A---- C:\WINDOWS\system32\calc.exe
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\tskill.exe
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\reset.exe
2008-09-01 15:09:24 ----A---- C:\WINDOWS\system32\freecell.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\tscon.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\shadow.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\regini.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-09-01 15:09:23 ----A---- C:\WINDOWS\system32\msg.exe
2008-09-01 15:09:22 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-09-01 15:09:22 ----A---- C:\WINDOWS\system32\logoff.exe
2008-09-01 15:09:22 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-09-01 15:09:12 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-09-01 15:09:02 ----D---- C:\Program Files\MSN
2008-09-01 15:09:01 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-09-01 15:09:01 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-09-01 15:09:00 ----D---- C:\Program Files\Windows NT
2008-09-01 15:09:00 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-09-01 15:09:00 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-09-01 15:09:00 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-09-01 15:08:59 ----D---- C:\WINDOWS\system32\en-US
2008-09-01 15:08:59 ----A---- C:\WINDOWS\system32\spider.exe
2008-09-01 15:08:59 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-09-01 15:08:57 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-09-01 15:08:57 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-09-01 15:08:56 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-01 15:08:56 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-09-01 15:08:56 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-09-01 15:08:55 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-09-01 15:08:54 ----D---- C:\WINDOWS\system32\MsDtc
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-09-01 15:08:54 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-09-01 15:08:53 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-09-01 15:08:53 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-09-01 15:08:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-09-01 15:08:53 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-09-01 15:08:53 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-09-01 15:08:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-09-01 15:08:51 ----D---- C:\WINDOWS\system32\Com
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\stclient.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\colbact.dll
2008-09-01 15:08:51 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\comuid.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-09-01 15:08:50 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-09-01 15:08:49 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-09-01 15:08:43 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-09-01 15:08:42 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-09-01 15:08:42 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-09-01 15:08:42 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-09-01 08:07:15 ----A---- C:\WINDOWS\system32\h323log.txt
2008-09-01 08:02:43 ----SHD---- C:\WINDOWS\Installer
2008-09-01 08:02:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-01 08:02:42 ----D---- C:\Program Files\Common Files\ODBC
2008-09-01 08:02:42 ----A---- C:\WINDOWS\ODBCINST.INI
2008-09-01 08:02:39 ----RD---- C:\Program Files
2008-09-01 08:02:39 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-09-01 08:02:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-01 08:02:39 ----D---- C:\Program Files\Common Files
2008-09-01 08:02:22 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-09-01 08:02:22 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-09-01 08:02:19 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-09-01 08:02:17 ----A---- C:\WINDOWS\system32\storprop.dll
2008-09-01 08:02:08----ASH----C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-09-01 08:02:03 ----RA---- C:\WINDOWS\SET8.tmp
2008-09-01 08:02:00 ----RA---- C:\WINDOWS\SET4.tmp
2008-09-01 08:01:59 ----RA---- C:\WINDOWS\SET3.tmp
2008-09-01 08:01:54 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-01 08:01:54 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-01 08:01:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-01 08:01:22 ----SHD---- C:\System Volume Information
2008-09-01 08:01:22 ----D---- C:\Documents and Settings
2008-09-01 08:00:21 ----SH---- C:\boot.ini
2008-09-01 07:54:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-01 07:54:25 ----RSD---- C:\WINDOWS\Fonts
2008-09-01 07:54:25 ----RD---- C:\WINDOWS\Web
2008-09-01 07:54:25 ----HD---- C:\WINDOWS\inf
2008-09-01 07:54:25 ----D---- C:\WINDOWS\WinSxS
2008-09-01 07:54:25 ----D---- C:\WINDOWS\twain_32
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Temp
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\wins
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\wbem
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\usmt
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\spool
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\ShellExt
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\Setup
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\scripting
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\ras
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\oobe
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\npp
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\mui
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\IME
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\icsxml
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\ias
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\export
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\en
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\drivers
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\dhcp
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\config
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\3com_dmi
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\3076
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\2052
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1054
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1042
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1041
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1037
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1033
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1031
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1028
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32\1025
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system32
2008-09-01 07:54:25 ----D---- C:\WINDOWS\system
2008-09-01 07:54:25 ----D---- C:\WINDOWS\security
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Resources
2008-09-01 07:54:25 ----D---- C:\WINDOWS\repair
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Provisioning
2008-09-01 07:54:25 ----D---- C:\WINDOWS\PeerNet
2008-09-01 07:54:25 ----D---- C:\WINDOWS\pchealth
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Network Diagnostic
2008-09-01 07:54:25 ----D---- C:\WINDOWS\mui
2008-09-01 07:54:25 ----D---- C:\WINDOWS\msapps
2008-09-01 07:54:25 ----D---- C:\WINDOWS\msagent
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Media
2008-09-01 07:54:25 ----D---- C:\WINDOWS\L2Schemas
2008-09-01 07:54:25 ----D---- C:\WINDOWS\java
2008-09-01 07:54:25 ----D---- C:\WINDOWS\ime
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Help
2008-09-01 07:54:25 ----D---- C:\WINDOWS\ehome
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Driver Cache
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Debug
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Cursors
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Connection Wizard
2008-09-01 07:54:25 ----D---- C:\WINDOWS\Config
2008-09-01 07:54:25 ----D---- C:\WINDOWS\AppPatch
2008-09-01 07:54:25 ----D---- C:\WINDOWS\addins
2008-09-01 07:54:25 ----D---- C:\WINDOWS
List of drivers
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\system32\System32\Drivers\avgtdix.sys []
R2 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 SIODRV;SIODRV; \??\C:\WINDOWS\system32\drivers\SIODRV.SYS []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-12-26 10752]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-09-01 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-08-10 41216]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-11-03 36484]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-08-09 1021608]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
S3 ASUSVRC;ASUSTeK Virtual Capture Device; C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 iviudf;iviudf; C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 116224]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 smbusp;Intel(R) SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2005-03-15 21248]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
List of services
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-02 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2005-04-26 622700]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S1 udffsrec;udffsrec; C:\WINDOWS\system32\drivers\udffsrec.sys [2004-12-19 5248]
S2 iHCService;Intel(R) Desktop Utilities Service; C:\Program Files\Intel\IDU\IDUServ.exe [2005-04-29 1302016]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-01 72704]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-01 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-09-01 68096]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
info.txtinfo.txt logfile of random's system information tool 2008-09-04 06:13:30
Uninstall list
-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
-->"C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40602E2C-AB5C-4887-8093-3BFE5B8B95B3}\setup.exe" REMOVEALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitComet 0.70-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Diskeeper Lite-->MsiExec.exe /X{3872D54E-84A0-4C04-9BDB-684D01840CA6}
Easy Video Downloader v. 2.0-->"C:\Program Files\Easy Video Downloader\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Desktop Utilities-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE1FD294-CF2A-4936-92F4-B1B778371627}
Intel(R) PRO Network Connections Software v10.1.41.0-->C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qf /le C:\DOCUME~1\FERARI~1\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
InterVideo MediaOne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Director MX 2004-->C:\PROGRA~1\MACROM~1\DIRECT~1\UNWISE.EXE C:\PROGRA~1\MACROM~1\DIRECT~1\install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access database engine 2007 (English)-->MsiExec.exe /I{90120000-00D1-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x9 -remove -removeonly
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar-->MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\YPSR\unwise32.exe /U C:\PROGRA~1\Yahoo!\YPSR\ypsrinst.log
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar with Anti-Spy-->rundll32.exe C:\PROGRA~1\Yahoo!\YPSR\ycomp5_6_2_0.dll,DllCommand uis
Security center information
AV: AVG Internet Security
Environment variables
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Intel\DMIX;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Panda :;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-04 08:04:46
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Internet Security 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ferari tioarbi\Cookies\ferari
tioarbi@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ferari tioarbi\Cookies\ferari tioarbi@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ferari tioarbi\Cookies\ferari
tioarbi@bs.serving-sys[2].txt
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\NT.Config\NT.Config.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\$LDDATA$\TQ\TQ.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\yg dikirim\yg dikirim.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\$LDDATA$\$LDDATA$.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\MSRM\MSRM.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\MMM refernce\MMM refernce.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\MPW\MPW.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\TRAILER\TRAILER.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\S-1-5-21-1482476501-1644491937-682003330-1013.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\RECYCLER\RECYCLER.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\Banu Bebe kakak\Banu Bebe kakak.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\GDC\GDC\GDC.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\GDC\GDC.EXE
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\New Folder.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\buat cosmopolitan\buat cosmopolitan.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\New Folder\New Folder.exe
00360657 W32/VaoDay.A.worm Virus/Worm No 1 Yes No G:\CDJ sound effects\CDJ sound effects.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\WIN32.EXE
03446814 Generic Trojan Virus/Trojan No 0 Yes No D:\master\Adobe Captivate 3\Keygen.EXE
03469784 VBS/Autorun.ABT Virus/Trojan No 0 Yes No G:\XIAO.VBS
03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Documents and Settings\ferari tioarbi\Desktop\SmitfraudFix.exe
03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Documents and Settings\ferari tioarbi\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b2udfhi.default\Cache\576CDDCEd01
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\RECYCLER\S-1-5-21-2052111302-1993962763-1801674531-1003\Dc16.vbs
03582346 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\IEDFix.C.exe
03582346 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\IEDFix.C.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Ya, the popup is gone already, thx for your help! Regarding to 4 threats which are detected by Pada Scan, is there any other step sould I take? Thank you very much one more time 4 ur help.