Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected with Trojan.win32


  • This topic is locked This topic is locked
16 replies to this topic

#1 vrijes

vrijes

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 20 November 2008 - 08:10 AM

I downloaded a gta 3 game but it didn't work. I have BitDefender antivirus and it didn't find any viruses. Then I opened a folder of that game and clicked and run several exe files. Nothing hapened and it was suspicious to me, so I analyzed them at VirusTotal, and found out that one of them is virus...
Now when I left doubleclick any folder on the Desktop I get it's Properties instead opening it....

....please help me to get rid of it

thank you

Here is VirusTotal log:

Antivirus;Version;Last Update;Result
AhnLab-V3;2008.11.20.3;2008.11.20;-
AntiVir;7.9.0.34;2008.11.20;-
Authentium;5.1.0.4;2008.11.20;-
Avast;4.8.1281.0;2008.11.19;-
AVG;8.0.0.199;2008.11.20;-
BitDefender;7.2;2008.11.20;-
CAT-QuickHeal;10.00;2008.11.20;-
ClamAV;0.94.1;2008.11.20;-
DrWeb;4.44.0.09170;2008.11.20;-
eSafe;7.0.17.0;2008.11.19;Suspicious File
eTrust-Vet;31.6.6219;2008.11.20;-
Ewido;4.0;2008.11.20;-
F-Prot;4.4.4.56;2008.11.20;-
F-Secure;8.0.14332.0;2008.11.20;-
Fortinet;3.117.0.0;2008.11.20;-
GData;19;2008.11.20;-
Ikarus;T3.1.1.45.0;2008.11.20;-
K7AntiVirus;7.10.528;2008.11.19;Trojan.Win32.Malware.1
Kaspersky;7.0.0.125;2008.11.20;-
McAfee;5439;2008.11.19;-
Microsoft;1.4104;2008.11.20;-
NOD32;3627;2008.11.20;-
Norman;5.80.02;2008.11.19;-
Panda;9.0.0.4;2008.11.20;-
PCTools;4.4.2.0;2008.11.20;-
Prevx1;V2;2008.11.20;-
Rising;21.04.32.00;2008.11.20;-
SecureWeb-Gateway;6.7.6;2008.11.20;-
Sophos;4.35.0;2008.11.20;-
Sunbelt;3.1.1801.2;2008.11.14;-
Symantec;10;2008.11.20;-
TheHacker;6.3.1.1.159;2008.11.19;-
TrendMicro;8.700.0.1004;2008.11.20;-
VBA32;3.12.8.9;2008.11.19;-
ViRobot;2008.11.18.1474;2008.11.18;-
VirusBuster;4.5.11.0;2008.11.19;-

Additional information
File size: 20992 bytes
MD5...: 831b8cad53201fb1fc2771493c3d81a8
SHA1..: 05541d4c6e4b0317439dcaca0682abe0712f8ca7
SHA256: 5cdbcf960930e3a4eb1d2688a1f769fff0e42d656789669eada4bd23c497d592
SHA512: 83dfecf94a4f286d9256c1bbab8a17004fb9c5ca37ffee4e54f983219236a125<br>e9f46d5ada91adf573f432b8f5fb930d8df2ea6dfb2a56fa4f34b8a380bc2b9b
PEiD..: UPX 2.90 [LZMA] -&gt; Markus Oberhumer, Laszlo Molnar &amp; John Reiser
TrID..: File type identification<br>UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40f960<br>timedatestamp.....: 0x398de276 (Sun Aug 06 22:11:02 2000)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xb000 0x5000 0x4c00 7.85 ad99935160f1437282120df04cff8244<br>UPX2 0x10000 0x1000 0x200 1.86 bf7e06e756e0c6eb6e0a164a60b54fd2<br><br>( 3 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess<br>&gt; MSACM32.dll: acmDriverAddA<br>&gt; WINMM.dll: mmioRead<br><br>( 0 exports ) <br>
ThreatExpert info: http://www.threatexpert.com/report.aspx?md...c2771493c3d81a8
packers (F-Prot): UPX
packers (Kaspersky): UPX

BC AdBot (Login to Remove)

 


#2 vrijes

vrijes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 November 2008 - 05:05 AM

Dear Don77,

I want to apologise that I didn't contact you that I couldn't go on with malware removal training program. That's because I was occupied with some exams that I had to finish in a very short time. Following that, I had some health problems, and I had to take care about it too. I had completely forgotten that I have to tell you that I can't dedicate myself to this program. I am very sorry, and I hope that you won't take offence of that too much.

I hope that you will accept this excuse, and that someone will still help me with my virus problem...

#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:12 AM

Posted 06 December 2008 - 08:17 AM

Hello vrijes

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#4 vrijes

vrijes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 28 December 2008 - 02:51 AM

Hi Kahdah!

During the time, I had to reinstall my Windows OS, so this first infection is solved now. I am sorry about that, but I thought that you can't help me considering the time passed before your reply. But now, I have another problem:

I installed one application on my computer and fix for that application. I scanned the fix with my BitDefender antivirus and it said that everything is ok. But than, at any rate I checked it at VirusTotal, and I had a surprise - it found 10 virus detections for that fix.

Please help me!

Here is VirusTotal log:

File visual.certexam.suite.1.9.954-pat received on 12.28.2008 08:44:52 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.28 Backdoor.Pigeon!IK
AhnLab-V3 2008.12.25.0 2008.12.27 Win-Trojan/Agent.20480.KQ
AntiVir 7.9.0.45 2008.12.27 -
Authentium 5.1.0.4 2008.12.28 W32/Trojan2.ELEL
Avast 4.8.1281.0 2008.12.27 -
AVG 8.0.0.199 2008.12.28 -
BitDefender 7.2 2008.12.28 -
CAT-QuickHeal 10.00 2008.12.27 -
ClamAV 0.94.1 2008.12.28 -
Comodo 826 2008.12.27 ApplicUnwnt.Win32.Patcher.~C
DrWeb 4.44.0.09170 2008.12.28 -
eSafe 7.0.17.0 2008.12.24 Suspicious File
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.27 -
F-Prot 4.4.4.56 2008.12.27 W32/Trojan2.ELEL
F-Secure 8.0.14332.0 2008.12.28 -
Fortinet 3.117.0.0 2008.12.27 -
GData 19 2008.12.28 -
Ikarus T3.1.1.45.0 2008.12.28 Backdoor.Pigeon
K7AntiVirus 7.10.568 2008.12.27 -
Kaspersky 7.0.0.125 2008.12.28 -
McAfee 5476 2008.12.27 -
McAfee+Artemis 5476 2008.12.27 Generic!Artemis
Microsoft 1.4205 2008.12.28 -
NOD32 3719 2008.12.27 Win32/Agent.OBH
Norman 5.80.02 2008.12.26 -
Panda 9.0.0.4 2008.12.27 -
PCTools 4.4.2.0 2008.12.27 -
Prevx1 V2 2008.12.28 -
Rising 21.09.61.00 2008.12.28 -
SecureWeb-Gateway 6.7.6 2008.12.28 -
Sophos 4.37.0 2008.12.28 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.28 -
TheHacker 6.3.1.4.200 2008.12.26 -
TrendMicro 8.700.0.1004 2008.12.26 -
VBA32 3.12.8.10 2008.12.27 Win32.Agent.OBH
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.27 -
Additional information
File size: 435712 bytes
MD5...: 21ffe44cfb16e84fa8f9f5ba08ac4ff6
SHA1..: 652281e633b0cc7ad4d4c809ea4d8e1895e65135
SHA256: 71f3139d9852c23e4db1444349aaaa27bb32c3c39bb1d9d4f5acb4593b536fc4
SHA512: 279d5852cd6e7665cc2a7c94e5d4348ce287ffd1a3980f9127d8399e5eaeaeac<br>1719df40238c4f16ec025ea678f470ecd3ab91dea4e72cd9035d84fb72588434<br>
ssdeep: 6144:3/53+4FlvblrcVTWlXxEPVypcPa+xQCOt7MvXeYA6rYhfhUTBlm13Kzyj1k<br>73RJn:3/UolAV22omJxQ1ovumT7m16zWk73<br>
PEiD..: UPX 2.90 [LZMA] -&gt; Markus Oberhumer, Laszlo Molnar &amp; John Reiser
TrID..: File type identification<br>UPX compressed Win32 Executable (43.8%)<br>Win32 EXE Yoda's Crypter (38.1%)<br>Win32 Executable Generic (12.2%)<br>Generic Win/DOS Executable (2.8%)<br>DOS Executable Generic (2.8%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x500e60<br>timedatestamp.....: 0x46c9b047 (Mon Aug 20 15:16:23 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xb8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xb9000 0x49000 0x48200 7.90 c97c1abbe22f98360ebcfce7502ff638<br>.rsrc 0x102000 0x22000 0x22000 5.63 627ab9f03c4ccf2aa53c5a575bb698eb<br><br>( 7 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>&gt; advapi32.dll: RegCloseKey<br>&gt; comctl32.dll: InitCommonControls<br>&gt; comdlg32.dll: GetSaveFileNameA<br>&gt; gdi32.dll: RoundRect<br>&gt; shell32.dll: ShellExecuteA<br>&gt; user32.dll: SetFocus<br><br>( 0 exports ) <br>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (Authentium): UPX
packers (F-Prot): UPX
CWSandbox info: &lt;a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=21ffe44cfb16e84fa8f9f5ba08ac4ff6' target='_blank'&gt;http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=21ffe44cfb16e84fa8f9f5ba08ac4ff6&lt;/a&gt;

Antivirus;Version;Last Update;Result
a-squared;4.0.0.73;2008.12.28;Backdoor.Pigeon!IK
AhnLab-V3;2008.12.25.0;2008.12.27;Win-Trojan/Agent.20480.KQ
AntiVir;7.9.0.45;2008.12.27;-
Authentium;5.1.0.4;2008.12.28;W32/Trojan2.ELEL
Avast;4.8.1281.0;2008.12.27;-
AVG;8.0.0.199;2008.12.28;-
BitDefender;7.2;2008.12.28;-
CAT-QuickHeal;10.00;2008.12.27;-
ClamAV;0.94.1;2008.12.28;-
Comodo;826;2008.12.27;ApplicUnwnt.Win32.Patcher.~C
DrWeb;4.44.0.09170;2008.12.28;-
eSafe;7.0.17.0;2008.12.24;Suspicious File
eTrust-Vet;31.6.6276;2008.12.24;-
Ewido;4.0;2008.12.27;-
F-Prot;4.4.4.56;2008.12.27;W32/Trojan2.ELEL
F-Secure;8.0.14332.0;2008.12.28;-
Fortinet;3.117.0.0;2008.12.27;-
GData;19;2008.12.28;-
Ikarus;T3.1.1.45.0;2008.12.28;Backdoor.Pigeon
K7AntiVirus;7.10.568;2008.12.27;-
Kaspersky;7.0.0.125;2008.12.28;-
McAfee;5476;2008.12.27;-
McAfee+Artemis;5476;2008.12.27;Generic!Artemis
Microsoft;1.4205;2008.12.28;-
NOD32;3719;2008.12.27;Win32/Agent.OBH
Norman;5.80.02;2008.12.26;-
Panda;9.0.0.4;2008.12.27;-
PCTools;4.4.2.0;2008.12.27;-
Prevx1;V2;2008.12.28;-
Rising;21.09.61.00;2008.12.28;-
SecureWeb-Gateway;6.7.6;2008.12.28;-
Sophos;4.37.0;2008.12.28;-
Sunbelt;3.2.1809.2;2008.12.22;-
Symantec;10;2008.12.28;-
TheHacker;6.3.1.4.200;2008.12.26;-
TrendMicro;8.700.0.1004;2008.12.26;-
VBA32;3.12.8.10;2008.12.27;Win32.Agent.OBH
ViRobot;2008.12.26.1536;2008.12.26;-
VirusBuster;4.5.11.0;2008.12.27;-

Additional information
File size: 435712 bytes
MD5...: 21ffe44cfb16e84fa8f9f5ba08ac4ff6
SHA1..: 652281e633b0cc7ad4d4c809ea4d8e1895e65135
SHA256: 71f3139d9852c23e4db1444349aaaa27bb32c3c39bb1d9d4f5acb4593b536fc4
SHA512: 279d5852cd6e7665cc2a7c94e5d4348ce287ffd1a3980f9127d8399e5eaeaeac<br>1719df40238c4f16ec025ea678f470ecd3ab91dea4e72cd9035d84fb72588434<br>
ssdeep: 6144:3/53+4FlvblrcVTWlXxEPVypcPa+xQCOt7MvXeYA6rYhfhUTBlm13Kzyj1k<br>73RJn:3/UolAV22omJxQ1ovumT7m16zWk73<br>
PEiD..: UPX 2.90 [LZMA] -&gt; Markus Oberhumer, Laszlo Molnar &amp; John Reiser
TrID..: File type identification<br>UPX compressed Win32 Executable (43.8%)<br>Win32 EXE Yoda's Crypter (38.1%)<br>Win32 Executable Generic (12.2%)<br>Generic Win/DOS Executable (2.8%)<br>DOS Executable Generic (2.8%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x500e60<br>timedatestamp.....: 0x46c9b047 (Mon Aug 20 15:16:23 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xb8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xb9000 0x49000 0x48200 7.90 c97c1abbe22f98360ebcfce7502ff638<br>.rsrc 0x102000 0x22000 0x22000 5.63 627ab9f03c4ccf2aa53c5a575bb698eb<br><br>( 7 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>&gt; advapi32.dll: RegCloseKey<br>&gt; comctl32.dll: InitCommonControls<br>&gt; comdlg32.dll: GetSaveFileNameA<br>&gt; gdi32.dll: RoundRect<br>&gt; shell32.dll: ShellExecuteA<br>&gt; user32.dll: SetFocus<br><br>( 0 exports ) <br>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (Authentium): UPX
packers (F-Prot): UPX
CWSandbox info: &lt;a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=21ffe44cfb16e84fa8f9f5ba08ac4ff6' target='_blank'&gt;http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=21ffe44cfb16e84fa8f9f5ba08ac4ff6&lt;/a&gt;

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:12 AM

Posted 28 December 2008 - 09:32 AM

No problem did you by chance download that through a torrent or a P2P program?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 vrijes

vrijes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 28 December 2008 - 11:47 PM

Thank you!

I downloaded it by Bit Torrent program...

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:12 AM

Posted 29 December 2008 - 12:11 AM

Having P2p programs such as these raise the possibility of getting infected as you can see.
See here for information on P2P's.
I will leave it up to you if you want to remove it.
To remove it just simply uninstall it then delete this folder>C:\Program Files\Bit Torrent
=========
PLease run the Rsit program that I posted a few post back and post those logs please so I can see if anything is on your system.
Thanks.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 vrijes

vrijes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 29 December 2008 - 08:09 PM

Hi Kahdah!

Thank you for your help!

Unfortunately, I can't uninstall Bit Torrent program because I am not the only one using this computer, but I am sure that I will be much more carefull about what I download by this program.

Here is log.txt :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Žarko Kasum at 2008-12-30 02:01:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (18%) free of 76 GB
Total RAM: 2046 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:06, on 30.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\program files\steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\VMware\VMware Server\vmware-hostd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Documents and Settings\Žarko Kasum\Desktop\RSIT.exe
C:\Program Files\trend micro\Žarko Kasum.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228693452078
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-hostd.exe
O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe
O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmVssWriter.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7659 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-01-07 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728]
"IMONTRAY"=C:\Program Files\Intel\Intel® Active Monitor\imontray.exe [2003-01-10 32768]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-12-07 360448]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-16 342848]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Steam"=c:\program files\steam\steam.exe [2008-12-26 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

C:\Documents and Settings\Žarko Kasum\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\VMware\VMware Server\vmware-authd.exe"="C:\Program Files\VMware\VMware Server\vmware-authd.exe:*:Enabled:VMware Authd"
"C:\Program Files\VMware\VMware Server\vmware-hostd.exe"="C:\Program Files\VMware\VMware Server\vmware-hostd.exe:*:Enabled:VMware Hostd"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{963b4743-c4a8-11dd-8411-806d6172696f}]
shell\AutoRun\command - D:\Setup.exe


======List of files/folders created in the last 1 months======

2008-12-30 02:01:54 ----D---- C:\rsit
2008-12-30 02:01:54 ----D---- C:\Program Files\trend micro
2008-12-28 09:33:22 ----D---- C:\Program Files\Safer Networking
2008-12-28 07:58:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-28 07:58:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 00:51:03 ----D---- C:\Program Files\Lionhead Studios Ltd
2008-12-28 00:51:03 ----D---- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
2008-12-26 10:29:13 ----D---- C:\Program Files\Steam
2008-12-25 18:17:41 ----A---- C:\WINDOWS\Half-Life II Fix-Bundle Uninstall Log.txt
2008-12-25 03:24:50 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\Lionhead Studios
2008-12-25 03:15:13 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-12-25 03:15:04 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-12-25 03:06:38 ----SHD---- C:\WINDOWS\ftpcache
2008-12-25 00:55:30 ----D---- C:\Program Files\EA GAMES
2008-12-25 00:55:29 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2008-12-24 10:45:35 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-24 10:45:35 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-24 10:45:33 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-24 10:45:18 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-24 10:45:18 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-24 10:45:17 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-24 10:45:16 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-24 10:45:15 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-24 10:45:14 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-24 10:45:13 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-24 10:45:10 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-24 10:41:41 ----D---- C:\WINDOWS\system32\URTTEMP
2008-12-24 10:35:08 ----D---- C:\Program Files\Ucilica 2008
2008-12-21 19:16:15 ----D---- C:\WINDOWS\pss
2008-12-21 19:07:31 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2008-12-21 19:06:59 ----D---- C:\Program Files\Visual CertExam Suite
2008-12-18 19:19:45 ----D---- C:\Program Files\The KMPlayer
2008-12-14 21:08:21 ----D---- C:\Program Files\DivX Subtitle Displayer
2008-12-14 20:28:37 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\VMware
2008-12-14 20:00:22 ----A---- C:\WINDOWS\system32\vmnetdhcp.exe
2008-12-14 20:00:20 ----A---- C:\WINDOWS\system32\vmnat.exe
2008-12-14 20:00:00 ----A---- C:\WINDOWS\system32\vnetlib.dll
2008-12-14 19:53:40 ----D---- C:\Virtual Machines
2008-12-14 19:53:40 ----D---- C:\Program Files\VMware
2008-12-14 19:53:40 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-12-14 19:20:05 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\Nero
2008-12-14 19:09:35 ----D---- C:\Program Files\Common Files\Nero
2008-12-14 19:09:35 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-12-14 03:45:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-13 13:54:09 ----D---- C:\Program Files\HWiNFO32
2008-12-13 12:43:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-13 12:43:12 ----D---- C:\Program Files\MSN Messenger
2008-12-12 22:13:14 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-10 22:14:17 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\DivX
2008-12-10 22:12:54 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-12-10 22:12:54 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-10 22:12:54 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 22:12:54 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-12-10 22:12:54 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-10 22:12:53 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 22:12:53 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 22:12:53 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 22:12:53 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 22:12:53 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 22:12:53 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-10 22:12:53 ----N---- C:\WINDOWS\system32\px.dll
2008-12-10 22:12:38 ----D---- C:\Program Files\DivX
2008-12-10 09:43:08 ----D---- C:\WINDOWS\Half-Life II Fix-Bundle
2008-12-10 09:34:49 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\WinRAR
2008-12-10 07:31:35 ----D---- C:\Program Files\Valve
2008-12-10 04:59:25 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\ATI
2008-12-10 04:59:25 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-10 04:54:45 ----RSD---- C:\WINDOWS\assembly
2008-12-10 04:54:15 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-10 04:44:02 ----D---- C:\Program Files\ATI
2008-12-10 04:42:47 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-12-10 04:41:39 ----D---- C:\Program Files\ATI Technologies
2008-12-10 04:40:53 ----D---- C:\ATI
2008-12-10 03:01:09 ----D---- C:\Program Files\TIRH2006
2008-12-09 23:42:23 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\Macromedia
2008-12-09 22:19:35 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-09 09:41:50 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\Adobe
2008-12-08 20:42:33 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-12-08 20:40:50 ----D---- C:\Program Files\Common Files\Adobe
2008-12-08 20:40:50 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-08 20:40:37 ----D---- C:\Program Files\Adobe
2008-12-08 20:36:59 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\BitTorrent
2008-12-08 20:36:42 ----D---- C:\Program Files\DNA
2008-12-08 20:36:42 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\DNA
2008-12-08 20:36:41 ----D---- C:\Program Files\BitTorrent
2008-12-08 20:33:01 ----D---- C:\Program Files\WinRAR
2008-12-08 19:33:24 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\Netscape
2008-12-08 19:32:49 ----D---- C:\Program Files\Netscape
2008-12-08 19:26:11 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\Mozilla
2008-12-08 19:26:04 ----D---- C:\Program Files\Mozilla Firefox
2008-12-08 17:20:26 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-08 10:41:08 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\MSNInstaller
2008-12-08 00:51:57 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-08 00:51:28 ----D---- C:\Program Files\Windows Live
2008-12-08 00:51:17 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-08 00:45:30 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-08 00:45:30 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-08 00:45:30 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-08 00:45:29 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-08 00:45:29 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-07 23:57:49 ----SHD---- C:\RECYCLER
2008-12-07 23:47:00 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\Ahead
2008-12-07 23:42:57 ----D---- C:\Program Files\Nero
2008-12-07 23:42:57 ----D---- C:\Program Files\Common Files\Ahead
2008-12-07 23:40:53 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-07 23:40:24 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-07 23:40:23 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-07 23:31:30 ----A---- C:\WINDOWS\ODBC.INI
2008-12-07 23:31:24 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-12-07 23:30:24 ----D---- C:\Program Files\Common Files\L&H
2008-12-07 23:30:18 ----D---- C:\Program Files\Microsoft.NET
2008-12-07 23:30:10 ----D---- C:\Program Files\Microsoft ActiveSync
2008-12-07 23:29:31 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-07 23:29:27 ----D---- C:\Program Files\Microsoft Works
2008-12-07 23:29:17 ----D---- C:\Program Files\Microsoft Visual Studio
2008-12-07 23:29:04 ----D---- C:\WINDOWS\SHELLNEW
2008-12-07 23:28:57 ----D---- C:\Program Files\Microsoft Office
2008-12-07 23:26:01 ----RHD---- C:\MSOCache
2008-12-07 23:15:44 ----A---- C:\WINDOWS\bdagent.INI
2008-12-07 23:02:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-07 23:00:25 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\Bitdefender
2008-12-07 23:00:07 ----D---- C:\Program Files\BitDefender
2008-12-07 23:00:07 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-12-07 22:59:31 ----D---- C:\Program Files\Common Files\BitDefender
2008-12-07 22:55:43 ----D---- C:\WINDOWS\Prefetch
2008-12-07 22:49:47 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-07 22:49:47 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-12-07 22:49:47 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-07 22:49:46 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-07 22:49:46 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-07 22:49:27 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-07 22:48:26 ----A---- C:\WINDOWS\imsins.BAK
2008-12-07 22:48:23 ----SHD---- C:\WINDOWS\Installer
2008-12-07 22:48:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-07 22:48:22 ----D---- C:\Program Files\Common Files\ODBC
2008-12-07 22:48:22 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-07 22:48:19 ----RD---- C:\Program Files
2008-12-07 22:48:19 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-07 22:48:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-07 22:48:19 ----D---- C:\Program Files\Common Files
2008-12-07 22:48:16 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-07 22:48:16 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-07 22:48:16 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-07 22:48:14 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-07 22:48:12 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-07 22:48:12 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-07 22:48:12 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-07 22:48:12 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-07 22:48:12 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-07 22:48:12 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-07 22:48:12 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-07 22:48:11 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-07 22:48:11 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-07 22:48:11 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-07 22:48:11 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-07 22:48:11 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-07 22:48:09 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-07 22:48:08 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-07 22:48:06 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-07 22:48:06 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-07 22:48:06 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-07 22:48:06 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-07 22:48:05 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-07 22:48:03 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-07 22:48:03 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-07 22:48:03 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-07 22:48:02 ----A---- C:\WINDOWS\notepad.exe
2008-12-07 22:48:01 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-07 22:47:53 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-07 22:47:49 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-07 22:47:46 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-07 22:47:45 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-07 22:47:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 22:47:40 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-07 22:47:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-07 22:47:19 ----A---- C:\WINDOWS\setuplog.txt
2008-12-07 22:47:16 ----SHD---- C:\System Volume Information
2008-12-07 22:47:16 ----D---- C:\Documents and Settings
2008-12-07 22:46:22 ----SH---- C:\boot.ini
2008-12-07 22:45:37 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-07 22:45:37 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-12-07 22:45:24 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-07 22:45:24 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-07 22:45:24 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-12-07 22:45:23 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-07 22:45:23 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-07 22:45:22 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-07 22:45:22 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-07 22:45:22 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-07 22:45:21 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-07 22:45:20 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-07 22:45:20 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-07 22:45:20 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-12-07 22:45:20 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-07 22:45:20 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-07 22:45:20 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-07 22:45:20 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-07 22:45:20 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-07 22:45:20 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-07 22:45:19 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-07 22:45:18 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-07 22:45:17 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-07 22:45:17 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-07 22:45:17 ----N---- C:\WINDOWS\slrundll.exe
2008-12-07 22:45:17 ----D---- C:\WINDOWS\system32\scripting
2008-12-07 22:45:17 ----D---- C:\WINDOWS\system32\en-us
2008-12-07 22:45:16 ----D---- C:\WINDOWS\system32\en
2008-12-07 22:45:16 ----D---- C:\WINDOWS\system32\bits
2008-12-07 22:45:16 ----D---- C:\WINDOWS\l2schemas
2008-12-07 22:43:45 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-07 22:42:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-07 22:42:39 ----RSD---- C:\WINDOWS\Fonts
2008-12-07 22:42:39 ----RD---- C:\WINDOWS\Web
2008-12-07 22:42:39 ----HD---- C:\WINDOWS\inf
2008-12-07 22:42:39 ----D---- C:\WINDOWS\WinSxS
2008-12-07 22:42:39 ----D---- C:\WINDOWS\twain_32
2008-12-07 22:42:39 ----D---- C:\WINDOWS\Temp
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\wins
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\wbem
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\usmt
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\spool
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\Setup
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\ras
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\oobe
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\npp
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\mui
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\IME
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\icsxml
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\ias
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\export
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\drivers
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\dhcp
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\config
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\3076
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\2052
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\1054
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\1042
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\1041
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\1037
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\1033
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\1031
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\1028
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32\1025
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system32
2008-12-07 22:42:39 ----D---- C:\WINDOWS\system
2008-12-07 22:42:39 ----D---- C:\WINDOWS\security
2008-12-07 22:42:39 ----D---- C:\WINDOWS\Resources
2008-12-07 22:42:39 ----D---- C:\WINDOWS\repair
2008-12-07 22:42:39 ----D---- C:\WINDOWS\Provisioning
2008-12-07 22:42:39 ----D---- C:\WINDOWS\PeerNet
2008-12-07 22:42:39 ----D---- C:\WINDOWS\pchealth
2008-12-07 22:42:39 ----D---- C:\WINDOWS\mui
2008-12-07 22:42:39 ----D---- C:\WINDOWS\msapps
2008-12-07 22:42:39 ----D---- C:\WINDOWS\msagent
2008-12-07 22:42:39 ----D---- C:\WINDOWS\Media
2008-12-07 22:42:39 ----D---- C:\WINDOWS\java
2008-12-07 22:42:39 ----D---- C:\WINDOWS\ime
2008-12-07 22:42:39 ----D---- C:\WINDOWS\Help
2008-12-07 22:42:39 ----D---- C:\WINDOWS\ehome
2008-12-07 22:42:39 ----D---- C:\WINDOWS\Driver Cache
2008-12-07 22:42:39 ----D---- C:\WINDOWS\Debug
2008-12-07 22:42:39 ----D---- C:\WINDOWS\Cursors
2008-12-07 22:42:39 ----D---- C:\WINDOWS\Connection Wizard
2008-12-07 22:42:39 ----D---- C:\WINDOWS\Config
2008-12-07 22:42:39 ----D---- C:\WINDOWS\AppPatch
2008-12-07 22:42:39 ----D---- C:\WINDOWS\addins
2008-12-07 22:42:39 ----D---- C:\WINDOWS
2008-12-07 22:42:13 ----D---- C:\WINDOWS\network diagnostic
2008-12-07 22:41:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-07 22:40:57 ----A---- C:\WINDOWS\002877_.tmp
2008-12-07 22:40:31 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-07 22:38:43 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-07 22:27:39 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-12-07 22:27:38 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-12-07 22:27:38 ----A---- C:\WINDOWS\system32\SensorDLL.dll
2008-12-07 22:27:38 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2008-12-07 22:27:38 ----A---- C:\WINDOWS\system32\iSMBiosVB.dll
2008-12-07 22:27:38 ----A---- C:\WINDOWS\system32\iSmbios.dll
2008-12-07 22:27:38 ----A---- C:\WINDOWS\system32\HH.EXE
2008-12-07 22:25:55 ----RA---- C:\WINDOWS\system32\Prounstl.exe
2008-12-07 22:25:55 ----RA---- C:\WINDOWS\system32\IntelNic.dll
2008-12-07 22:25:55 ----RA---- C:\WINDOWS\system32\e100bmsg.dll
2008-12-07 22:25:00 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-07 22:24:51 ----A---- C:\WINDOWS\system32\wdmioctl.dll
2008-12-07 22:24:51 ----A---- C:\WINDOWS\system32\SMMedia.dll
2008-12-07 22:24:48 ----D---- C:\WINDOWS\VirtualEar
2008-12-07 22:24:48 ----A---- C:\WINDOWS\system32\virtear.dll
2008-12-07 22:24:48 ----A---- C:\WINDOWS\system32\Audio3d.dll
2008-12-07 22:24:47 ----D---- C:\Program Files\Analog Devices
2008-12-07 22:24:47 ----A---- C:\WINDOWS\system32\CleanUp.exe
2008-12-07 22:24:47 ----A---- C:\WINDOWS\system32\a3d.dll
2008-12-07 22:24:46 ----A---- C:\WINDOWS\system32\DSndUp.exe
2008-12-07 22:23:14 ----D---- C:\Program Files\Intel
2008-12-07 22:22:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-07 22:22:47 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-07 22:22:45 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-07 22:20:39 ----D---- C:\TempEI4
2008-12-07 22:15:20 ----D---- C:\Documents and Settings\Žarko Kasum\Application Data\Identities
2008-12-07 22:15:19 ----HD---- C:\Program Files\Uninstall Information
2008-12-07 22:15:13 ----SD---- C:\Documents and Settings\Žarko Kasum\Application Data\Microsoft
2008-12-07 22:15:13 ----ASH---- C:\Documents and Settings\Žarko Kasum\Application Data\desktop.ini
2008-12-07 22:13:51 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-07 22:13:49 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-07 22:13:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 22:10:35 ----D---- C:\WINDOWS\system32\xircom
2008-12-07 22:10:35 ----D---- C:\Program Files\xerox
2008-12-07 22:10:35 ----D---- C:\Program Files\microsoft frontpage
2008-12-07 22:10:15 ----A---- C:\WINDOWS\control.ini
2008-12-07 22:10:15 ----A---- C:\AUTOEXEC.BAT
2008-12-07 22:09:59 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-07 22:09:02 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-07 22:09:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-07 22:09:01 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-07 22:08:55 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-07 22:08:50 ----HD---- C:\Program Files\WindowsUpdate
2008-12-07 22:08:32 ----D---- C:\WINDOWS\system32\DirectX
2008-12-07 22:08:13 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-07 22:08:11 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-07 22:08:11 ----A---- C:\WINDOWS\desktop.ini
2008-12-07 22:08:04 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-07 22:08:03 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-07 22:08:02 ----D---- C:\Program Files\Common Files\Services
2008-12-07 22:08:00 ----SD---- C:\WINDOWS\Tasks
2008-12-07 22:08:00 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-07 22:07:59 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-07 22:07:55 ----D---- C:\WINDOWS\system32\Macromed
2008-12-07 22:07:55 ----D---- C:\WINDOWS\srchasst
2008-12-07 22:07:52 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-07 22:07:52 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-07 22:07:52 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-07 22:07:52 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-07 22:07:51 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-07 22:07:51 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-07 22:07:51 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-07 22:07:51 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-07 22:07:51 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-07 22:07:51 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-07 22:07:51 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-07 22:07:51 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-07 22:07:51 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-07 22:07:47 ----D---- C:\Program Files\Movie Maker
2008-12-07 22:07:44 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-07 22:07:44 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-07 22:07:43 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-07 22:07:43 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-07 22:07:40 ----D---- C:\WINDOWS\system32\Restore
2008-12-07 22:07:40 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-07 22:07:40 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-07 22:07:40 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-07 22:07:40 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-07 22:07:40 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-07 22:07:39 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-07 22:07:39 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-07 22:07:39 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-07 22:07:39 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-07 22:07:39 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-07 22:07:38 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-07 22:07:36 ----D---- C:\Program Files\NetMeeting
2008-12-07 22:07:36 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-07 22:07:36 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-07 22:07:35 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-07 22:07:35 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-07 22:07:33 ----D---- C:\Program Files\Outlook Express
2008-12-07 22:07:33 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-07 22:07:33 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-07 22:07:33 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-07 22:07:33 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-07 22:07:33 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-07 22:07:33 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-07 22:07:32 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-07 22:07:28 ----D---- C:\Program Files\Common Files\System
2008-12-07 22:07:23 ----D---- C:\Program Files\Internet Explorer
2008-12-07 22:06:51 ----D---- C:\Program Files\ComPlus Applications
2008-12-07 22:06:49 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-07 22:06:49 ----A---- C:\WINDOWS\vb.ini
2008-12-07 22:06:45 ----D---- C:\WINDOWS\Registration
2008-12-07 22:06:38 ----D---- C:\Program Files\Windows Media Player
2008-12-07 22:06:38 ----D---- C:\Program Files\Online Services
2008-12-07 22:06:33 ----D---- C:\Program Files\Messenger
2008-12-07 22:06:29 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-07 22:06:29 ----A---- C:\WINDOWS\system32\write.exe
2008-12-07 22:06:20 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-07 22:06:20 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-07 22:06:20 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-07 22:06:20 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-07 22:06:20 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-07 22:06:20 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-07 22:06:13 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-07 22:06:13 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-07 22:06:13 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-07 22:06:13 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-07 22:06:12 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-07 22:06:12 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-07 22:06:12 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-07 22:06:12 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-07 22:06:12 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-07 22:06:12 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-07 22:06:12 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-07 22:06:12 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-07 22:06:11 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-07 22:06:10 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-07 22:06:10 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-07 22:06:10 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-07 22:06:10 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-07 22:06:10 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-07 22:06:09 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-07 22:06:09 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-07 22:06:09 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-07 22:06:09 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-07 22:06:04 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-07 22:05:56 ----D---- C:\Program Files\MSN
2008-12-07 22:05:55 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-07 22:05:54 ----D---- C:\Program Files\Windows NT
2008-12-07 22:05:54 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-07 22:05:54 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-07 22:05:54 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-07 22:05:54 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-07 22:05:53 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-07 22:05:53 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-07 22:05:53 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-07 22:05:52 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-07 22:05:52 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-07 22:05:52 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-07 22:05:52 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-07 22:05:52 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-07 22:05:52 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-07 22:05:52 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-07 22:05:52 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-07 22:05:52 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-07 22:05:51 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-07 22:05:51 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-07 22:05:51 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-07 22:05:51 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-07 22:05:51 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-07 22:05:51 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-07 22:05:51 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-07 22:05:51 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-07 22:05:51 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-07 22:05:50 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-07 22:05:50 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-07 22:05:50 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-07 22:05:50 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-07 22:05:50 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-07 22:05:49 ----D---- C:\WINDOWS\system32\Com
2008-12-07 22:05:49 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-07 22:05:49 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-07 22:05:49 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-07 22:05:49 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-07 22:05:49 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-07 22:05:48 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-07 22:05:48 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-07 22:05:48 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-07 22:05:43 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-07 22:05:42 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-07 22:05:42 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-07 22:05:42 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2008-12-21 19:16:32 ----A---- C:\WINDOWS\win.ini
2008-12-21 19:16:32 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-09 33248]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R2 iSMBIOS;iSMBIOS; \??\C:\WINDOWS\system32\drivers\iSMBIOS.SYS []
R2 SIODRV;SIODRV; \??\C:\WINDOWS\system32\drivers\SIODRV.SYS []
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-09-11 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-14 100224]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 85520]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 196368]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 SMBios;Intel ® System Managment BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-06-17 35012]
R3 smbusp;Intel® SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\smb.sys [2002-10-23 21963]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-09-11 16560]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
R2 imonNT;Intel® Active Monitor; C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe [2003-01-10 102400]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-12-07 1155072]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Server\vmware-authd.exe [2008-09-11 121392]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-09-11 326192]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-09-11 399920]
R2 VMwareHostd;VMware Host Agent; C:\Program Files\VMware\VMware Server\vmware-hostd.exe [2008-09-11 322096]
R2 VMwareServerWebAccess;VMware Server Web Access; C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2008-09-11 57344]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-02-21 1216512]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-11-27 86016]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-03 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 vmwriter;VMware VSS Writer; C:\Program Files\VMware\VMware Server\vmVssWriter.exe [2008-09-11 29744]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

And here is info.txt:

info.txt logfile of random's system information tool 1.05 2008-12-30 02:02:10

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3630
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BitDefender Internet Security 2008-->MsiExec.exe /I{BF7D87C5-CFC3-40C5-A367-24586EEBB8CA}
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Subtitle Displayer 5.00-->"C:\Program Files\DivX Subtitle Displayer\unins000.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HT TIRH 2006-->C:\PROGRA~1\TIRH2006\UNWISE.EXE C:\PROGRA~1\TIRH2006\INSTALL.LOG
HWiNFO32 Version 2.20-->"C:\Program Files\HWiNFO32\unins000.exe"
Intel® Active Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}\setup.exe"
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}
Netscape Navigator (9.0.0.6)-->C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
The Movies™-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0556F885-2415-4666-B53E-33727E46AEA1} /l1033
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Učilica-->C:\PROGRA~1\UCILIC~1\UNWISE.EXE C:\PROGRA~1\UCILIC~1\INSTALL.log
Visual CertExam Suite 1.9-->"C:\Program Files\Visual CertExam Suite\unins000.exe"
VMware Server-->MsiExec.exe /I{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
XMLinst-->MsiExec.exe /I{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}

======Security center information======

AV: Bitdefender Antivirus
FW: Bitdefender Firewall

System event log

Computer Name: CAMACO
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 1296
Source Name: Service Control Manager
Time Written: 20081214011340.000000+060
Event Type: information
User:

Computer Name: CAMACO
Event Code: 7035
Message: The Terminal Services service was successfully sent a start control.

Record Number: 1295
Source Name: Service Control Manager
Time Written: 20081214011336.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: CAMACO
Event Code: 7035
Message: The bdfsfltr service was successfully sent a start control.

Record Number: 1294
Source Name: Service Control Manager
Time Written: 20081214011332.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: CAMACO
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 1293
Source Name: Service Control Manager
Time Written: 20081214011320.000000+060
Event Type: information
User:

Computer Name: CAMACO
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 1292
Source Name: Service Control Manager
Time Written: 20081214011320.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: CAMACO
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20081207220641.000000+060
Event Type: information
User:

Computer Name: CAMACO
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20081207220638.000000+060
Event Type: information
User:

Computer Name: CAMACO
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20081207220317.000000+060
Event Type: information
User:

Computer Name: CAMACO
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20081207220255.000000+060
Event Type: information
User:

Computer Name: CAMACO
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20081207220254.000000+060
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------



Thank you very much for helping me again!

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:12 AM

Posted 29 December 2008 - 09:33 PM

You are welcome your logs are clean.
Stay away from those torrent sites they are mostly loaded with malware.


Delete this folder C:\Rsit
=======================
Your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 vrijes

vrijes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 30 December 2008 - 06:43 AM

Yupiiiii! :thumbsup:

It's great! You really want to say that I am not infected?! This fix was not virus?
I allready started to doubt in my BitDefender antivirus...

Anyway, THANK YOU VEEEEEERY MUCH!

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:12 AM

Posted 30 December 2008 - 07:33 AM

No the file that you downloaded from the torrent was a virus I am saying that you delete that file but as far as your system goes you are clean other than that file.
Once you delete it no worries.
But don't run it.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 vrijes

vrijes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 30 December 2008 - 02:33 PM

Maybe you didn't understand me well,

I allready run that file, that is why I asked you for help...I wanted to use the program and I thought that it will patch it, but not until that I checked it at VirusTotal...and then I found out that it is virus

...are you sure I am clean?

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:12 AM

Posted 30 December 2008 - 07:01 PM

Why did you run the file?
I didn't know that you did that either way your logs are still clean.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 vrijes

vrijes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 31 December 2008 - 04:44 AM

I didn't know that it was virus, because my Bit Defender told me that everything was ok. Than I run that file, and after that I analyzed it at VirusTotal. And after that I asked you for help...
But if you say I'm clean, than, great!

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:12 AM

Posted 31 December 2008 - 08:24 AM

Yes anything that is a keygen will be detected whether or not it drops files or malware any keygen is detected because of how the file is coded when written.
That is why it was detected best to stay away from any patch or keygen's.
Yes your logs are still clean.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users