Virus alert! [Archive] - Safer-Networking Forums

ushpen25

2008-07-20, 14:46

Hello, i got a virus in my computer which really made my computer slow. Some of the drives in the My Computer were gone. But still I manage to remove those possible malware, spyware and viruses in my computer i guess coz there's still .dll files left in my system32 that has infected by a trojan that cant be deleted by a Spybot Search and Destroy.

I have made a HJT Log. Here it is.

Deckard's System Scanner v20071014.68
Run by * on 2007-07-20 19:37:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as *.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37: VIRUS ALERT!, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\*\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\7CF3~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {245A2B98-510E-4069-A6CD-09313268C0DB} - C:\WINDOWS\system32\xxyxYqpn.dll
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - C:\WINDOWS\system32\iifghhEt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {653f1854-1259-55c8-44e4-6ae29f7b2b5c} - {c5b2b7f9-2ea6-4e44-8c55-95214581f356} - C:\WINDOWS\system32\lijrdz.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [3cf160d6] rundll32.exe "C:\WINDOWS\system32\uqjbmdix.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8678] command /c del "C:\WINDOWS\system32\iifghhEt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6323] cmd /c del "C:\WINDOWS\system32\iifghhEt.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: iifghhEt - C:\WINDOWS\SYSTEM32\iifghhEt.dll
O21 - SSODL: kvxqmtre - {8C66CBC2-40D1-41A8-B7B6-3C44CEE457E0} - C:\WINDOWS\kvxqmtre.dll (file missing)
O21 - SSODL: evgratsm - {CDFB613B-B940-4454-8538-B12306D6FC79} - C:\WINDOWS\evgratsm.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7576 bytes

-- Files created between 2007-06-20 and 2007-07-20 -----------------------------

2008-07-19 18:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-19 18:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-19 18:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-19 18:20:30 0 dr------- C:\Program Files
2008-07-19 18:20:30 0 d-------- C:\Program Files\Common Files
2008-07-19 18:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-19 18:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-19 18:17:45 0 d-------- C:\Documents and Settings
2008-07-19 18:17:44 0 d--hs---- C:\System Volume Information
2008-07-19 18:12:31 0 d-------- C:\WINDOWS
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-19 18:12:31 0 dr------- C:\WINDOWS\Web
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-19 18:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\security
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\repair
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Media
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\java
2008-07-19 18:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ime
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Help
2008-07-19 18:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\addins
2008-07-19 10:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-19 10:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-19 10:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 10:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-19 10:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-19 10:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-19 10:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-19 10:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-19 10:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-19 10:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-19 10:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-19 10:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-19 10:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-19 10:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 10:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-19 10:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-19 10:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-19 10:33:44 0 dr-h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-19 10:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-19 10:33:43 2097152 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-19 10:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-19 10:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 10:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-19 10:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-19 10:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-19 10:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-19 10:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-19 10:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-19 10:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-19 10:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-19 10:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-19 10:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-19 10:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-19 10:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-19 10:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-19 10:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-19 10:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-19 10:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-19 10:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-19 10:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-19 10:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-19 10:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-19 10:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-19 10:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-19 10:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-19 10:24:48 0 d-------- C:\Program Files\Online Services
2008-07-19 10:24:43 0 d-------- C:\Program Files\Messenger
2008-07-19 10:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-19 10:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-19 10:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-19 10:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-01-23 05:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-23 04:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-23 04:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 04:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-23 04:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-23 04:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-23 04:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-23 04:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-23 04:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-23 04:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-23 04:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-23 04:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-23 03:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-23 03:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-23 03:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 03:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-23 03:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-20 18:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-20 14:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-20 13:53:26 0 d-------- C:\Program Files\EPSON
2007-07-20 13:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-20 13:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-20 08:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-20 08:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-20 07:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-20 06:12:59 116864 --a------ C:\WINDOWS\system32\lijrdz.dll
2007-07-20 06:12:56 116864 --a------ C:\WINDOWS\system32\kmbrgabn.dll
2007-07-20 06:11:03 93184 --a------ C:\WINDOWS\system32\uqjbmdix.dll
2007-07-20 02:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-20 02:11:50 0 d-------- C:\Documents and Settings\Test\Application Data\Macromedia
2007-07-20 02:10:49 0 d-------- C:\Documents and Settings\Test\Application Data\Mozilla
2007-07-20 02:09:28 0 d-------- C:\Documents and Settings\Test\Application Data\AVGTOOLBAR
2007-07-20 02:08:52 0 d-------- C:\Documents and Settings\Test\Application Data\TmpRecentIcons
2007-07-20 02:08:51 0 d-------- C:\Documents and Settings\Test\Application Data\ATI
2007-07-20 02:08:34 0 d-------- C:\Documents and Settings\Test\Application Data\Identities
2007-07-20 02:07:51 0 d---s---- C:\Documents and Settings\Test\Favorites <FAVORI~1>
2007-07-20 02:07:51 0 d-------- C:\Documents and Settings\Test\Desktop
2007-07-20 02:07:51 0 d---s---- C:\Documents and Settings\Test\Cookies
2007-07-20 02:07:51 0 dr-h----- C:\Documents and Settings\Test\Application Data <APPLIC~1>
2007-07-20 02:07:51 0 d---s---- C:\Documents and Settings\Test\Application Data\Microsoft
2007-07-20 02:07:50 0 d--h----- C:\Documents and Settings\Test\Templates <TEMPLA~1>
2007-07-20 02:07:50 0 dr------- C:\Documents and Settings\Test\Start Menu <STARTM~1>
2007-07-20 02:07:50 0 dr-h----- C:\Documents and Settings\Test\SendTo
2007-07-20 02:07:50 0 d--hs---- C:\Documents and Settings\Test\Recent
2007-07-20 02:07:50 0 d--h----- C:\Documents and Settings\Test\PrintHood <PRINTH~1>
2007-07-20 02:07:50 786432 --ah----- C:\Documents and Settings\Test\NTUSER.DAT
2007-07-20 02:07:50 0 d--h----- C:\Documents and Settings\Test\NetHood
2007-07-20 02:07:50 0 d---s---- C:\Documents and Settings\Test\My Documents <MYDOCU~1>
2007-07-20 02:07:50 0 d--h----- C:\Documents and Settings\Test\Local Settings <LOCALS~1>
2007-07-20 00:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 22:53:21 116864 --a------ C:\WINDOWS\system32\fwhbwk.dll
2007-07-19 22:53:16 116864 --a------ C:\WINDOWS\system32\gxftedky.dll
2007-07-19 22:52:08 193479 --ahs---- C:\WINDOWS\system32\npqYxyxx.ini2
2007-07-19 22:51:56 322816 --a------ C:\WINDOWS\system32\xxyxYqpn.dll
2007-07-19 22:44:09 32640 -----n--- C:\WINDOWS\system32\iifghhEt.dll
2007-07-19 22:43:31 454656 --a------ C:\WINDOWS\kgxmotapktx.dll
2007-07-19 22:43:29 155648 --a------ C:\WINDOWS\agpqlrfm.exe
2007-07-19 22:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-19 17:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-19 16:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-19 16:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-19 16:09:09 0 -rahs---- C:\IO.SYS
2007-07-19 16:09:09 0 --a------ C:\CONFIG.SYS
2007-07-19 16:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-19 16:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-19 16:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-19 16:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-19 16:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-19 15:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-19 15:51:24 0 d-------- C:\WINDOWS\pss
2007-07-19 15:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-19 15:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-19 15:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-19 15:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-19 15:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-19 15:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-19 12:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-19 11:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-19 11:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-19 11:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-19 11:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-19 11:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-19 11:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-19 11:26:25 0 dr-h----- C:\MSOCache
2007-07-19 11:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-19 11:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-19 11:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-19 11:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-19 11:08:56 0 d-------- C:\Program Files\Winamp
2007-07-19 11:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-19 11:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-19 11:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-19 11:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-19 11:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-19 11:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-19 11:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-19 11:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-19 11:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-19 11:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-19 11:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-19 10:59:57 0 d-------- C:\Program Files\AVG
2007-07-19 10:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-19 18:20:04 62 --ahs---- C:\Documents and Settings\*\Application Data\desktop.ini
2007-07-19 11:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{245A2B98-510E-4069-A6CD-09313268C0DB}]
07/19/2007 22:52: VIRUS ALERT! 322816 --a------ C:\WINDOWS\system32\xxyxYqpn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]
07/19/2007 22:44: VIRUS ALERT! 32640 --------- C:\WINDOWS\system32\iifghhEt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/19/2007 17:06: VIRUS ALERT! 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5b2b7f9-2ea6-4e44-8c55-95214581f356}]
07/20/2007 06:12: VIRUS ALERT! 116864 --a------ C:\WINDOWS\system32\lijrdz.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/19/2007 17:06: VIRUS ALERT! 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35: VIRUS ALERT!]
"RTHDCPL"="RTHDCPL.EXE" [12/19/2006 11:12: VIRUS ALERT! C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/16/2006 18:04: VIRUS ALERT! C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 18:43: VIRUS ALERT! C:\WINDOWS\ALCMTR.EXE]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/19/2007 17:06: VIRUS ALERT!]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 00:47: VIRUS ALERT!]
"3cf160d6"="C:\WINDOWS\system32\uqjbmdix.dll" [07/20/2007 06:11: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56: VIRUS ALERT!]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 18:05: VIRUS ALERT!]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 22:42: VIRUS ALERT!]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42: VIRUS ALERT!]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
"SpybotDeletingA8678"=command /c del "C:\WINDOWS\system32\iifghhEt.dll"
"SpybotDeletingC6323"=cmd /c del "C:\WINDOWS\system32\iifghhEt.dll"

C:\Documents and Settings\ÿ\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/21/2006 3:43:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/20/2007 1:52:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}"= C:\WINDOWS\system32\iifghhEt.dll [07/19/2007 22:44: VIRUS ALERT! 32640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kvxqmtre"= {8C66CBC2-40D1-41A8-B7B6-3C44CEE457E0} - C:\WINDOWS\kvxqmtre.dll [ ]
"evgratsm"= {CDFB613B-B940-4454-8538-B12306D6FC79} - C:\WINDOWS\evgratsm.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifghhEt]
iifghhEt.dll 07/19/2007 22:44: VIRUS ALERT! 32640 C:\WINDOWS\system32\iifghhEt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyxYqpn

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

-- End of Deckard's System Scanner: finished at 2007-07-20 19:38:38 ------------

Shaba

2008-07-21, 13:14

Hi ushpen25

If you already have SDFix, please delete this copy and download it again as it's being updated regularly.

Please download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) by AndyManchesta and save it to your desktop.
Double click on SDFix.exe. By default, it will install to C:\.
Click on Install.

Please print out or save this set of instructions as you will not have internet access during the fix.

Next, boot into Safe Mode.

:!: Let me know if you can't boot into Safe Mode. Do not continue with the fixes.

When you see BIOS screen, start pressing F8.
A boot menu will appear shortly.
Using the up down arrows, select Safe Mode and press the Enter key.
Windows will now load.
Log in to your usual account.
Navigate to C:\SDfix (if you installed it to the default location, otherwise, locate where you installed it) Double click on RunThis.bat
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any key to reboot.
When the PC restarts the tool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load, the SDFix report will open on screen. You can also find the report in SDFix folder, named Report.txt.

ushpen25

2008-07-21, 15:02

Hello Shaba,

I got a little problem when putting my pc into safe mode. When I restart my computer and pressing F8 this is what appeared.

Please Select boot device

Floppy Drive
WDC
Lite-on DVDRW.

Shaba

2008-07-21, 15:55

Hi

You press F8 too early in booting process and that's why boot menu comes up.

Try to press it a bit later :)

ushpen25

2008-07-21, 17:07

Hello again Shaba,

I successfully followed all the guides you've posted, and I guess everything is fixed though my Drive C and D is still missing in my My Computer. Anyway do I have to post it here the Report.txt?

Thanks for the help.

Shaba

2008-07-21, 17:09

Hi

Yes, please post both report.txt and a fresh HijackThis log, we are not done yet :)

ushpen25

2008-07-21, 17:14

Ok Shaba, here's the Report.txt and HJT Log.

SDFix: Version 1.207
Run by ÿ on Sat 07/21/2007 at 21:52

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-21 21:59:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Finished!

Deckard's System Scanner v20071014.68
Run by * on 2007-07-21 22:11:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as *.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:57, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\*\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\7CF3~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - C:\WINDOWS\system32\xxyxYqpn.dll (file missing)
O2 - BHO: {8cf9ad63-33fc-2888-00c4-32699f328fd6} - {6df823f9-9623-4c00-8882-cf3336da9fc8} - C:\WINDOWS\system32\emnnul.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [3cf160d6] rundll32.exe "C:\WINDOWS\system32\vbqukygs.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8099 bytes

-- Files created between 2007-06-21 and 2007-07-21 -----------------------------

2008-07-19 18:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-19 18:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-19 18:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-19 18:20:30 0 dr------- C:\Program Files
2008-07-19 18:20:30 0 d-------- C:\Program Files\Common Files
2008-07-19 18:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-19 18:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-19 18:17:45 0 d-------- C:\Documents and Settings
2008-07-19 18:17:44 0 d--hs---- C:\System Volume Information
2008-07-19 18:12:31 0 d-------- C:\WINDOWS
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-19 18:12:31 0 dr------- C:\WINDOWS\Web
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-19 18:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\security
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\repair
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Media
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\java
2008-07-19 18:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ime
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Help
2008-07-19 18:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\addins
2008-07-19 10:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-19 10:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-19 10:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 10:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-19 10:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-19 10:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-19 10:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-19 10:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-19 10:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-19 10:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-19 10:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-19 10:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-19 10:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-19 10:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 10:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-19 10:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-19 10:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-19 10:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-19 10:33:43 2359296 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-19 10:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-19 10:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 10:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-19 10:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-19 10:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-19 10:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-19 10:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-19 10:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-19 10:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-19 10:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-19 10:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-19 10:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-19 10:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-19 10:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-19 10:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-19 10:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-19 10:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-19 10:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-19 10:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-19 10:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-19 10:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-19 10:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-19 10:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-19 10:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-19 10:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-19 10:24:48 0 d-------- C:\Program Files\Online Services
2008-07-19 10:24:43 0 d-------- C:\Program Files\Messenger
2008-07-19 10:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-19 10:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-19 10:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-19 10:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-01-23 05:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-23 04:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-23 04:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 04:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-23 04:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-23 04:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-23 04:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-23 04:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-23 04:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-23 04:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-23 04:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-23 04:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-23 03:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-23 03:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-23 03:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 03:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-23 03:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-21 21:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 21:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 20:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 20:58:51 0 d-------- C:\Program Files\Java
2007-07-21 20:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-21 19:41:22 93184 --a------ C:\WINDOWS\system32\vbqukygs.dll
2007-07-21 19:40:01 116352 --a------ C:\WINDOWS\system32\emnnul.dll
2007-07-21 19:39:57 116352 --a------ C:\WINDOWS\system32\sgagnuql.dll
2007-07-20 18:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-20 14:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-20 13:53:26 0 d-------- C:\Program Files\EPSON
2007-07-20 13:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-20 13:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-20 08:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-20 08:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-20 07:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-20 06:12:59 116864 --a------ C:\WINDOWS\system32\lijrdz.dll
2007-07-20 06:12:56 116864 --a------ C:\WINDOWS\system32\kmbrgabn.dll
2007-07-20 02:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-20 00:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 22:53:21 116864 --a------ C:\WINDOWS\system32\fwhbwk.dll
2007-07-19 22:53:16 116864 --a------ C:\WINDOWS\system32\gxftedky.dll
2007-07-19 22:52:08 137114 --ahs---- C:\WINDOWS\system32\npqYxyxx.ini2
2007-07-19 22:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-19 17:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-19 16:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-19 16:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-19 16:09:09 0 -rahs---- C:\IO.SYS
2007-07-19 16:09:09 0 --a------ C:\CONFIG.SYS
2007-07-19 16:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-19 16:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-19 16:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-19 16:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-19 16:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-19 15:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-19 15:51:24 0 d-------- C:\WINDOWS\pss
2007-07-19 15:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-19 15:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-19 15:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-19 15:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-19 15:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-19 15:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-19 12:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-19 11:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-19 11:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-19 11:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-19 11:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-19 11:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-19 11:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-19 11:26:25 0 dr-h----- C:\MSOCache
2007-07-19 11:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-19 11:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-19 11:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-19 11:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-19 11:08:56 0 d-------- C:\Program Files\Winamp
2007-07-19 11:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-19 11:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-19 11:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-19 11:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-19 11:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-19 11:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-19 11:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-19 11:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-19 11:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-19 11:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-19 11:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-19 10:59:57 0 d-------- C:\Program Files\AVG
2007-07-19 10:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-19 18:20:04 62 --ahs---- C:\Documents and Settings\*\Application Data\desktop.ini
2007-07-19 11:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]
C:\WINDOWS\system32\xxyxYqpn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]
07/21/2007 19:39 116352 --a------ C:\WINDOWS\system32\emnnul.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/19/2007 17:06 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/19/2007 17:06 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35]
"RTHDCPL"="RTHDCPL.EXE" [12/19/2006 11:12 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/16/2006 18:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/19/2007 17:06]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 00:47]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/21/2004 02:41]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2003 17:35]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 15:40]
"3cf160d6"="C:\WINDOWS\system32\vbqukygs.dll" [07/21/2007 19:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 18:05]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 22:42]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/19/2007 06:05]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 17:43]

C:\Documents and Settings\ÿ\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [6/19/2008 2:46:56 AM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/19/2007 6:05:02 AM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/21/2006 3:43:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/20/2007 1:52:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyxYqpn

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

-- End of Deckard's System Scanner: finished at 2007-07-21 22:12:52 ------------

Shaba

2008-07-21, 17:22

Hi

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Go to Start > Run
Type regedit and click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - C:\WINDOWS\system32\xxyxYqpn.dll (file missing)
O2 - BHO: {8cf9ad63-33fc-2888-00c4-32699f328fd6} - {6df823f9-9623-4c00-8882-cf3336da9fc8} - C:\WINDOWS\system32\emnnul.dll
O4 - HKLM\..\Run: [3cf160d6] rundll32.exe "C:\WINDOWS\system32\vbqukygs.dll",b

Close all windows including browser and press fix checked.

Reboot.

Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\vbqukygs.dll
C:\WINDOWS\system32\emnnul.dll
C:\WINDOWS\system32\sgagnuql.dll
C:\WINDOWS\system32\lijrdz.dll
C:\WINDOWS\system32\kmbrgabn.dll
C:\WINDOWS\system32\fwhbwk.dll
C:\WINDOWS\system32\gxftedky.dll
C:\WINDOWS\system32\npqYxyxx.ini2

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run dss.

Post:

- a fresh dss log
- otmoveit2 report

ushpen25

2008-07-21, 17:57

Hi, here's what you requested for,

Deckard's System Scanner v20071014.68
Run by * on 2007-07-21 22:53:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as *.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:38, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\*\Desktop\OTMoveIt2.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\*\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\7CF3~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7574 bytes

-- Files created between 2007-06-21 and 2007-07-21 -----------------------------

2008-07-19 18:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-19 18:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-19 18:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-19 18:20:30 0 dr------- C:\Program Files
2008-07-19 18:20:30 0 d-------- C:\Program Files\Common Files
2008-07-19 18:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-19 18:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-19 18:17:45 0 d-------- C:\Documents and Settings
2008-07-19 18:17:44 0 d--hs---- C:\System Volume Information
2008-07-19 18:12:31 0 d-------- C:\WINDOWS
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-19 18:12:31 0 dr------- C:\WINDOWS\Web
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-19 18:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\security
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\repair
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Media
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\java
2008-07-19 18:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ime
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Help
2008-07-19 18:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\addins
2008-07-19 10:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-19 10:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-19 10:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 10:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-19 10:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-19 10:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-19 10:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-19 10:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-19 10:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-19 10:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-19 10:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-19 10:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-19 10:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-19 10:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 10:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-19 10:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\My Documents
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\Favorites
2008-07-19 10:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Application Data
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\Templates
2008-07-19 10:33:43 0 dr------- C:\Documents and Settings\*\Start Menu
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood
2008-07-19 10:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-19 10:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-19 10:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 10:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-19 10:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-19 10:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-19 10:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-19 10:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-19 10:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-19 10:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-19 10:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-19 10:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-19 10:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-19 10:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-19 10:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-19 10:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-19 10:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-19 10:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-19 10:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-19 10:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-19 10:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-19 10:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-19 10:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-19 10:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-19 10:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-19 10:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-19 10:24:48 0 d-------- C:\Program Files\Online Services
2008-07-19 10:24:43 0 d-------- C:\Program Files\Messenger
2008-07-19 10:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-19 10:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-19 10:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-19 10:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-01-23 05:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-23 04:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-23 04:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 04:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-23 04:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-23 04:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-23 04:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-23 04:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-23 04:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-23 04:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-23 04:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-23 04:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-23 03:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-23 03:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-23 03:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 03:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-23 03:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-21 21:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 21:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 20:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 20:58:51 0 d-------- C:\Program Files\Java
2007-07-21 20:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-20 18:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-20 14:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-20 13:53:26 0 d-------- C:\Program Files\EPSON
2007-07-20 13:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-20 13:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-20 08:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-20 08:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-20 07:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-20 02:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-20 00:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 22:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-19 17:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-19 16:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-19 16:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-19 16:09:09 0 -rahs---- C:\IO.SYS
2007-07-19 16:09:09 0 --a------ C:\CONFIG.SYS
2007-07-19 16:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-19 16:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-19 16:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-19 16:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-19 16:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-19 15:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-19 15:51:24 0 d-------- C:\WINDOWS\pss
2007-07-19 15:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-19 15:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-19 15:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-19 15:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-19 15:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-19 15:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-19 12:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-19 11:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-19 11:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-19 11:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-19 11:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-19 11:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-19 11:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-19 11:26:25 0 dr-h----- C:\MSOCache
2007-07-19 11:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-19 11:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-19 11:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-19 11:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-19 11:08:56 0 d-------- C:\Program Files\Winamp
2007-07-19 11:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-19 11:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-19 11:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-19 11:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-19 11:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-19 11:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-19 11:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-19 11:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-19 11:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-19 11:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-19 11:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-19 10:59:57 0 d-------- C:\Program Files\AVG
2007-07-19 10:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-19 18:20:04 62 --ahs---- C:\Documents and Settings\*\Application Data\desktop.ini
2007-07-19 11:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/19/2007 17:06 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/19/2007 17:06 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35]
"RTHDCPL"="RTHDCPL.EXE" [12/19/2006 11:12 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/16/2006 18:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/19/2007 17:06]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 00:47]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/21/2004 02:41]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2003 17:35]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 15:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 18:05]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 22:42]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/19/2007 06:05]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 17:43]

C:\Documents and Settings\ÿ\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [6/19/2008 2:46:56 AM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/19/2007 6:05:02 AM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/21/2006 3:43:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/20/2007 1:52:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

-- End of Deckard's System Scanner: finished at 2007-07-21 22:54:34 ------------

[B]OTMoveit

DllUnregisterServer procedure not found in C:\WINDOWS\system32\vbqukygs.dll
C:\WINDOWS\system32\vbqukygs.dll NOT unregistered.
C:\WINDOWS\system32\vbqukygs.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\emnnul.dll
C:\WINDOWS\system32\emnnul.dll NOT unregistered.
C:\WINDOWS\system32\emnnul.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sgagnuql.dll
C:\WINDOWS\system32\sgagnuql.dll NOT unregistered.
C:\WINDOWS\system32\sgagnuql.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lijrdz.dll
C:\WINDOWS\system32\lijrdz.dll NOT unregistered.
C:\WINDOWS\system32\lijrdz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kmbrgabn.dll
C:\WINDOWS\system32\kmbrgabn.dll NOT unregistered.
C:\WINDOWS\system32\kmbrgabn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fwhbwk.dll
C:\WINDOWS\system32\fwhbwk.dll NOT unregistered.
C:\WINDOWS\system32\fwhbwk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gxftedky.dll
C:\WINDOWS\system32\gxftedky.dll NOT unregistered.
C:\WINDOWS\system32\gxftedky.dll moved successfully.
C:\WINDOWS\system32\npqYxyxx.ini2 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07212007_224952

Shaba

2008-07-21, 18:05

Hi

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

ushpen25

2008-07-22, 01:16

Hi, sorry for the late reply

I got a problem when trying to download kapersky, here is what it says.

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: License key creation date is invalid. Check system date settings.]

Is this usually happened?

Shaba

2008-07-22, 14:05

Hi

Can happen sometimes, yes.

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

ushpen25

2008-07-22, 14:32

Hello,

I used a alternative one to scan my computer online since kapersky doesn't work and it always keeps me giving update error and panda online scan as well, so i tried ESET Online Scan and here is the Logs you've requested. Maybe Ill do that guidelines later after you read this Logs.

ESET LOG

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3287 (20080722)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=071bd0d0a2e96e4b8f6d6cde3fc9fc53
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2007-07-22 11:25:10
# local_time=2007-07-22 07:25:10 (+0800, Taipei Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=160704
# found=5
# scan_time=1440
D:\Musics\itak tak mo.mp3 WMA/TrojanDownloader.Wimad.N trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\Musics\just like splendid lovesong.mp3 WMA/TrojanDownloader.Wimad.N trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\Musics\taligsik band.mp3 WMA/TrojanDownloader.Wimad.N trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\RECYCLER\S-1-5-21-1275210071-1979792683-839522115-1003\Dd2.mp3 WMA/TrojanDownloader.Wimad.N trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\RECYCLER\S-1-5-21-1275210071-1979792683-839522115-1003\Dd3.mp3 WMA/TrojanDownloader.Wimad.N trojan (unable to clean - deleted) 00000000000000000000000000000000

Deckard's System Scanner v20071014.68
Run by * on 2007-07-22 19:27:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as *.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:43, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\*\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\7CF3~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [3cf160d6] rundll32.exe "C:\WINDOWS\system32\vbqukygs.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8078 bytes

-- Files created between 2007-06-22 and 2007-07-22 -----------------------------

2008-07-19 18:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-19 18:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-19 18:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-19 18:20:30 0 dr------- C:\Program Files
2008-07-19 18:20:30 0 d-------- C:\Program Files\Common Files
2008-07-19 18:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-19 18:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-19 18:17:45 0 d-------- C:\Documents and Settings
2008-07-19 18:17:44 0 d--hs---- C:\System Volume Information
2008-07-19 18:12:31 0 d-------- C:\WINDOWS
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-19 18:12:31 0 dr------- C:\WINDOWS\Web
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-19 18:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\security
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\repair
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Media
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\java
2008-07-19 18:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ime
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Help
2008-07-19 18:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\addins
2008-07-19 10:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-19 10:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-19 10:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 10:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-19 10:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-19 10:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-19 10:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-19 10:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-19 10:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-19 10:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-19 10:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-19 10:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-19 10:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-19 10:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 10:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-19 10:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\My Documents
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\Favorites
2008-07-19 10:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Application Data
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\Templates
2008-07-19 10:33:43 0 dr------- C:\Documents and Settings\*\Start Menu
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood
2008-07-19 10:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-19 10:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-19 10:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 10:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-19 10:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-19 10:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-19 10:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-19 10:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-19 10:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-19 10:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-19 10:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-19 10:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-19 10:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-19 10:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-19 10:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-19 10:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-19 10:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-19 10:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-19 10:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-19 10:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-19 10:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-19 10:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-19 10:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-19 10:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-19 10:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-19 10:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-19 10:24:48 0 d-------- C:\Program Files\Online Services
2008-07-19 10:24:43 0 d-------- C:\Program Files\Messenger
2008-07-19 10:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-19 10:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-19 10:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-19 10:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-23 05:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-23 04:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-23 04:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 04:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-23 04:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-23 04:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-23 04:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-23 04:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-23 04:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-23 04:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-23 04:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-23 04:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-23 03:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-23 03:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-23 03:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 03:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-23 03:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-27 14:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 14:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-22 18:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 23:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 23:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 21:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 21:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 20:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 20:58:51 0 d-------- C:\Program Files\Java
2007-07-21 20:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-20 18:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-20 14:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-20 13:53:26 0 d-------- C:\Program Files\EPSON
2007-07-20 13:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-20 13:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-20 08:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-20 08:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-20 07:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-20 02:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-20 00:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 22:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-19 17:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-19 16:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-19 16:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-19 16:09:09 0 -rahs---- C:\IO.SYS
2007-07-19 16:09:09 0 --a------ C:\CONFIG.SYS
2007-07-19 16:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-19 16:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-19 16:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-19 16:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-19 16:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-19 15:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-19 15:51:24 0 d-------- C:\WINDOWS\pss
2007-07-19 15:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-19 15:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-19 15:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-19 15:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-19 15:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-19 15:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-19 12:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-19 11:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-19 11:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-19 11:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-19 11:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-19 11:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-19 11:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-19 11:26:25 0 dr-h----- C:\MSOCache
2007-07-19 11:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-19 11:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-19 11:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-19 11:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-19 11:08:56 0 d-------- C:\Program Files\Winamp
2007-07-19 11:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-19 11:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-19 11:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-19 11:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-19 11:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-19 11:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-19 11:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-19 11:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-19 11:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-19 11:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-19 11:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-19 10:59:57 0 d-------- C:\Program Files\AVG
2007-07-19 10:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-19 18:20:04 62 --ahs---- C:\Documents and Settings\*\Application Data\desktop.ini
2007-07-19 11:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/19/2007 17:06 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/19/2007 17:06 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35]
"RTHDCPL"="RTHDCPL.EXE" [12/19/2006 11:12 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/16/2006 18:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/19/2007 17:06]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 00:47]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/21/2004 02:41]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2003 17:35]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 15:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]
"3cf160d6"="C:\WINDOWS\system32\vbqukygs.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 18:05]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 22:42]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/19/2007 06:05]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 17:43]

C:\Documents and Settings\ÿ\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [6/19/2008 2:46:56 AM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/19/2007 6:05:02 AM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/21/2006 3:43:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/20/2007 1:52:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

-- End of Deckard's System Scanner: finished at 2007-07-22 19:28:42 ------------

Shaba

2008-07-22, 14:42

Hi

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [3cf160d6] rundll32.exe "C:\WINDOWS\system32\vbqukygs.dll",b

Close all windows including browser and press fix checked.

Reboot.

Post back a fresh HijackThis log and tell me if you still have problems?

ushpen25

2008-07-22, 15:13

Hello,

Here's a new HJT Log.

Deckard's System Scanner v20071014.68
Run by * on 2007-07-22 20:11:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as *.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:21, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\*\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\7CF3~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7739 bytes

-- Files created between 2007-06-22 and 2007-07-22 -----------------------------

2008-07-19 18:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-19 18:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-19 18:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-19 18:20:30 0 dr------- C:\Program Files
2008-07-19 18:20:30 0 d-------- C:\Program Files\Common Files
2008-07-19 18:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-19 18:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-19 18:17:45 0 d-------- C:\Documents and Settings
2008-07-19 18:17:44 0 d--hs---- C:\System Volume Information
2008-07-19 18:12:31 0 d-------- C:\WINDOWS
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-19 18:12:31 0 dr------- C:\WINDOWS\Web
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-19 18:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\security
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\repair
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Media
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\java
2008-07-19 18:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ime
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Help
2008-07-19 18:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\addins
2008-07-19 10:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-19 10:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-19 10:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 10:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-19 10:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-19 10:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-19 10:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-19 10:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-19 10:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-19 10:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-19 10:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-19 10:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-19 10:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-19 10:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 10:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-19 10:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-19 10:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-19 10:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-19 10:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-19 10:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-19 10:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 10:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-19 10:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-19 10:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-19 10:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-19 10:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-19 10:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-19 10:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-19 10:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-19 10:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-19 10:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-19 10:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-19 10:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-19 10:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-19 10:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-19 10:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-19 10:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-19 10:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-19 10:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-19 10:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-19 10:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-19 10:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-19 10:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-19 10:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-19 10:24:48 0 d-------- C:\Program Files\Online Services
2008-07-19 10:24:43 0 d-------- C:\Program Files\Messenger
2008-07-19 10:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-19 10:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-19 10:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-19 10:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-23 05:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-23 04:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-23 04:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 04:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-23 04:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-23 04:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-23 04:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-23 04:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-23 04:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-23 04:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-23 04:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-23 04:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-23 03:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-23 03:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-23 03:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 03:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-23 03:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-27 14:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 14:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-22 19:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-22 18:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 23:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 23:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 21:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 21:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 20:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 20:58:51 0 d-------- C:\Program Files\Java
2007-07-21 20:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-20 18:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-20 14:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-20 13:53:26 0 d-------- C:\Program Files\EPSON
2007-07-20 13:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-20 13:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-20 08:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-20 08:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-20 07:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-20 02:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-20 00:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 22:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-19 17:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-19 16:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-19 16:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-19 16:09:09 0 -rahs---- C:\IO.SYS
2007-07-19 16:09:09 0 --a------ C:\CONFIG.SYS
2007-07-19 16:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-19 16:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-19 16:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-19 16:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-19 16:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-19 15:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-19 15:51:24 0 d-------- C:\WINDOWS\pss
2007-07-19 15:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-19 15:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-19 15:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-19 15:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-19 15:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-19 15:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-19 12:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-19 11:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-19 11:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-19 11:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-19 11:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-19 11:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-19 11:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-19 11:26:25 0 dr-h----- C:\MSOCache
2007-07-19 11:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-19 11:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-19 11:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-19 11:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-19 11:08:56 0 d-------- C:\Program Files\Winamp
2007-07-19 11:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-19 11:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-19 11:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-19 11:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-19 11:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-19 11:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-19 11:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-19 11:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-19 11:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-19 11:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-19 11:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-19 10:59:57 0 d-------- C:\Program Files\AVG
2007-07-19 10:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-19 18:20:04 62 --ahs---- C:\Documents and Settings\*\Application Data\desktop.ini
2007-07-19 11:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/19/2007 17:06 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/19/2007 17:06 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35]
"RTHDCPL"="RTHDCPL.EXE" [12/19/2006 11:12 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/16/2006 18:04 C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/19/2007 17:06]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 00:47]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/21/2004 02:41]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2003 17:35]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 15:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 18:05]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 22:42]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/19/2007 06:05]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 17:43]

C:\Documents and Settings\ÿ\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [6/19/2008 2:46:56 AM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/19/2007 6:05:02 AM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/21/2006 3:43:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/20/2007 1:52:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

-- End of Deckard's System Scanner: finished at 2007-07-22 20:12:16 ------------

ushpen25

2008-07-22, 16:05

Hello,

I would like you to confirm first my HJT Log if there is still a problem before ill tell you the possible problems left.

Thanks for the Help,

Shaba

2008-07-22, 16:12

Hi

Log is clean.

ushpen25

2008-07-22, 16:19

Hello,

I guess I still have a little problem, my Drive C and D is not yet visible in my My Computer, but i can access to the particular drive by typing manually C:\ nor D:\ to the address bar in windows. Is there any way to get back those Drives in my My Computer without typing manually itself?

Shaba

2008-07-22, 16:27

Hi

Copy text below to Notepad and save it as export.bat (save it as all files, *.*)

@ECHO OFF
REG EXPORT HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\export.reg

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG

Doubleclick export.bat; black dos windows will flash, that's normal.

(In case you are unsure how to create a bat file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Bat_File) with screenshots.)

Post back contents of C:\export.reg, please.

ushpen25

2008-07-22, 16:34

Hello,

Here it is Shaba. I've attached the export.reg as well.

[quote]Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:0000000c[/qoute]

Shaba

2008-07-22, 16:37

Hi

Go to Start > Run
Type regedit and click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=-

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)

Reboot.

Tell me if it helped :)

ushpen25

2008-07-22, 16:45

Hello again Shaba,

My Computer now is back to normal. Thanks for your time and effort to help me with my problem.

Thank you,

Shaba

2008-07-22, 17:18

Hi

Great news :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

You can delete fix.reg, export.reg and export.bat

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean! :bigthumb:

Shaba

2008-07-24, 12:19

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Shaba

2008-07-24, 18:32

Re-opened upon request.

ushpen25

2008-07-25, 02:12

Hello again Shaba,

My task manager and Regedit was disabled and I guess it is a malware issue. I have scan my computer with a malwarebyte's Anti-Malware and it detected some trojan and malware. It started by a free video converter, I installed it since my AVG 8.0 didn't detected any malicious data's. After the installation completed and restarted my computer my task manager and regedit was automatically disabled. So i tried to re-enable it by typing gpedit.msc on RUN but nothings happen after i re-enable it. So that was the time i thought that it is a malware issue that disabled my task manager and regedit. So i have made a HJT Log.

Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-25 07:08:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Pen.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:12 AM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8790 bytes

-- Files created between 2007-06-25 and 2007-07-25 -----------------------------

2008-07-19 18:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-19 18:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-19 18:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-19 18:20:30 0 dr------- C:\Program Files
2008-07-19 18:20:30 0 d-------- C:\Program Files\Common Files
2008-07-19 18:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-19 18:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-19 18:17:45 0 d-------- C:\Documents and Settings
2008-07-19 18:17:44 0 d--hs---- C:\System Volume Information
2008-07-19 18:12:31 0 d-------- C:\WINDOWS
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-19 18:12:31 0 dr------- C:\WINDOWS\Web
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-19 18:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\security
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\repair
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Media
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\java
2008-07-19 18:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ime
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Help
2008-07-19 18:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\addins
2008-07-19 10:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-19 10:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-19 10:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 10:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-19 10:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-19 10:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-19 10:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-19 10:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-19 10:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-19 10:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-19 10:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-19 10:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-19 10:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-19 10:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 10:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-19 10:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-19 10:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-19 10:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-19 10:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-19 10:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-19 10:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 10:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-19 10:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-19 10:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-19 10:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-19 10:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-19 10:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-19 10:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-19 10:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-19 10:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-19 10:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-19 10:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-19 10:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-19 10:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-19 10:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-19 10:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-19 10:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-19 10:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-19 10:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-19 10:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-19 10:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-19 10:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-19 10:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-19 10:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-19 10:24:48 0 d-------- C:\Program Files\Online Services
2008-07-19 10:24:43 0 d-------- C:\Program Files\Messenger
2008-07-19 10:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-19 10:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-19 10:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-19 10:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 16:59:03 522752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioTransform2 ActiveX DLL>
2008-02-08 16:59:03 467968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-02-08 16:59:03 467456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-02-08 16:59:03 966144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-02-08 16:59:03 877568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-02-08 16:59:03 634880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioEditor2 ActiveX DLL>
2008-02-08 16:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-23 05:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-23 04:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-23 04:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 04:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-23 04:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-23 04:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-23 04:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-23 04:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-23 04:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-23 04:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-23 04:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-23 04:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-23 03:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-23 03:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-23 03:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 03:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-23 03:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-27 14:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 14:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-24 20:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 20:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 20:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-24 20:42:05 4533 --a------ C:\Cool USEP Scandal.vbs
2007-07-24 12:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-24 12:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-24 12:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-24 12:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-24 11:26:04 4533 -rahs---- C:\sowar.vbs
2007-07-24 11:25:02 4533 -rahs---- C:\WINDOWS\SysRes.vbs
2007-07-24 11:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 22:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 21:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 20:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-23 19:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-23 18:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-23 18:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-23 18:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-23 18:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-23 18:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-23 18:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates <TEMPLA~1>
2007-07-23 18:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu <STARTM~1>
2007-07-23 18:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-23 18:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood <PRINTH~1>
2007-07-23 18:56:12 6029312 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-23 18:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents <MYDOCU~1>
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings <LOCALS~1>
2007-07-23 18:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites <FAVORI~1>
2007-07-23 18:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-23 18:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data <APPLIC~1>
2007-07-22 23:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 23:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 23:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 22:42:11 0 d-------- C:\Program Files\AskSBar
2007-07-22 22:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 22:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 22:41:22 0 d-------- C:\Program Files\COMODO
2007-07-22 20:19:01 274096 --a------ C:\WINDOWS\DJ Audio Editor Uninstaller.exe
2007-07-22 20:18:50 0 d-------- C:\Program Files\DJ Audio Editor
2007-07-22 19:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-22 18:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 23:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 23:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 21:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 21:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 20:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 20:58:51 0 d-------- C:\Program Files\Java
2007-07-21 20:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-20 18:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-20 14:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-20 13:53:26 0 d-------- C:\Program Files\EPSON
2007-07-20 13:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-20 13:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-20 08:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-20 08:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-20 07:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-20 02:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-20 00:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 22:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-19 17:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-19 16:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-19 16:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-19 16:09:09 0 -rahs---- C:\IO.SYS
2007-07-19 16:09:09 0 --a------ C:\CONFIG.SYS
2007-07-19 16:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-19 16:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-19 16:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-19 16:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-19 16:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-19 15:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-19 15:51:24 0 d-------- C:\WINDOWS\pss
2007-07-19 15:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-19 15:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-19 15:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-19 15:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-19 15:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-19 15:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-19 12:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-19 11:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-19 11:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-19 11:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-19 11:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-19 11:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-19 11:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-19 11:26:25 0 dr-h----- C:\MSOCache
2007-07-19 11:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-19 11:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-19 11:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-19 11:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-19 11:08:56 0 d-------- C:\Program Files\Winamp
2007-07-19 11:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-19 11:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-19 11:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-19 11:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-19 11:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-19 11:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-19 11:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-19 11:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-19 11:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-19 11:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-19 11:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-19 10:59:57 0 d-------- C:\Program Files\AVG
2007-07-19 10:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-19 18:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-19 11:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
07/22/2007 10:42 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/19/2007 05:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
07/22/2007 10:42 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/19/2007 05:06 PM 2055960]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [07/22/2007 10:42 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/19/2006 11:12 AM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/19/2007 05:06 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/21/2004 02:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2003 05:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 10:56 PM]
"System Restore"="wscript.exe" [08/04/2004 12:56 AM C:\WINDOWS\system32\wscript.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/19/2007 06:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 10:42 PM]

C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [6/19/2008 2:46:56 AM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/19/2007 6:05:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/20/2007 1:52:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

-- End of Deckard's System Scanner: finished at 2007-07-25 07:11:39 ------------

Shaba

2008-07-25, 12:30

Hi

Reason is right here:

O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"

That one is flash infection from USB flash drive.

Have you used any USB flash drives lately?

If so, those need to be formatted first as they are infected.

ushpen25

2008-07-25, 15:56

Yes my friend used USB from his cellphone and mp4 to my computer.

Shaba

2008-07-25, 18:48

Hi

Then tell your friend to format it.

After that:

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

ushpen25

2008-07-26, 04:49

Hello,

I have a problem when running the ComboFix, it says Date Error and check my setting, so i change it to US current time and date but nothings happen, still getting Date error.

Shaba

2008-07-26, 12:29

Hi

Did you use a fresh copy of Combofix from those links?

ushpen25

2008-07-26, 15:49

Yes I'd downloaded the ComboFix from the links you've given. I tried every link but still the same, it gives me Date Error.

Shaba

2008-07-26, 15:54

Hi

Ok, then re-run dss and post back its log, please.

ushpen25

2008-07-26, 16:03

Hi

Here's the HJT Log as requested.

Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-26 20:53:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Pen.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:00 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 9106 bytes

-- Files created between 2007-06-26 and 2007-07-26 -----------------------------

2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood
2008-07-18 14:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-24 00:42:05 4533 --a------ C:\Cool USEP Scandal.vbs
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:26:04 4533 -rahs---- C:\sowar.vbs
2007-07-23 15:25:02 4533 -rahs---- C:\WINDOWS\SysRes.vbs
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood
2007-07-22 22:56:12 6291456 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:42:11 0 d-------- C:\Program Files\AskSBar
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-18 20:09:09 0 -rahs---- C:\IO.SYS
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
07/22/2007 02:42 AM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 09:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
07/22/2007 02:42 AM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 09:06 PM 2055960]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [07/22/2007 02:42 AM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 04:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 03:12 PM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 10:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 01:33 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 04:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 06:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2003 09:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 07:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56 AM]
"System Restore"="wscript.exe" [08/03/2004 04:56 AM C:\WINDOWS\system32\wscript.exe]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/03/2004 04:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 10:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 09:43 PM]

C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/15/2005 11:16:50 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/22/2006 5:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/22/2006 4:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Restore]
wscript.exe "C:\WINDOWS\SysRes.vbs"

-- End of Deckard's System Scanner: finished at 2007-07-26 20:56:22 ------------

Shaba

2008-07-26, 17:23

Hi

Uninstall via add/remove programs:

Ask Toolbar

Copy text below to Notepad and save it as export.bat (save it as all files, *.*)

@ECHO OFF
REG EXPORT HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2 C:\export.reg

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG

Doubleclick export.bat; black dos windows will flash, that's normal.

(In case you are unsure how to create a bat file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Bat_File) with screenshots.)

Post back contents of C:\export.reg, please.

ushpen25

2008-07-26, 18:26

Hi

here is the content of export.reg.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\A]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc73e-557a-11dd-8bd0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc73f-557a-11dd-8bd0-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,09,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc741-557a-11dd-8bd0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc742-557a-11dd-8bd0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc744-557a-11dd-8bd0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{1d6fc73e-557a-11dd-8bd0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,\
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
00,5f,00,44,00,52,00,49,00,56,00,45,00,23,00,35,00,26,00,31,00,37,00,34,00,\
30,00,36,00,36,00,37,00,34,00,26,00,30,00,26,00,30,00,23,00,7b,00,35,00,33,\
00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,\
31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,\
00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,31,00,64,00,36,00,66,00,63,00,37,00,33,00,65,00,2d,00,35,00,35,\
00,37,00,61,00,2d,00,31,00,31,00,64,00,64,00,2d,00,38,00,62,00,64,00,30,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,10,00,\
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{1d6fc73f-557a-11dd-8bd0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
64,00,52,00,6f,00,6d,00,4c,00,49,00,54,00,45,00,2d,00,4f,00,4e,00,5f,00,44,\
00,56,00,44,00,52,00,57,00,5f,00,4c,00,48,00,2d,00,31,00,38,00,41,00,31,00,\
48,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,48,00,4c,00,30,00,39,00,5f,00,5f,00,\
5f,00,5f,00,23,00,35,00,26,00,37,00,39,00,66,00,33,00,35,00,30,00,63,00,26,\
00,30,00,26,00,30,00,2e,00,31,00,2e,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,31,00,64,00,36,00,66,00,63,00,37,00,33,00,66,00,2d,00,35,00,35,\
00,37,00,61,00,2d,00,31,00,31,00,64,00,64,00,2d,00,38,00,62,00,64,00,30,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,ff,01,00,\
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{1d6fc741-557a-11dd-8bd0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,42,00,36,00,46,00,33,00,42,00,36,\
00,46,00,33,00,4f,00,66,00,66,00,73,00,65,00,74,00,39,00,34,00,44,00,33,00,\
37,00,46,00,30,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,\
00,39,00,43,00,42,00,30,00,38,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,31,00,64,00,36,00,66,00,63,00,37,00,34,00,31,00,2d,00,35,00,35,\
00,37,00,61,00,2d,00,31,00,31,00,64,00,64,00,2d,00,38,00,62,00,64,00,30,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,d1,e8,8f,9c,00,00,00,00,00,00,00,30,\
00,60,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{1d6fc742-557a-11dd-8bd0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,42,00,36,00,46,00,33,00,42,00,36,\
00,46,00,33,00,4f,00,66,00,66,00,73,00,65,00,74,00,44,00,46,00,37,00,30,00,\
33,00,37,00,36,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,\
00,41,00,34,00,38,00,38,00,41,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,31,00,64,00,36,00,66,00,63,00,37,00,34,00,32,00,2d,00,35,00,35,\
00,37,00,61,00,2d,00,31,00,31,00,64,00,64,00,2d,00,38,00,62,00,64,00,30,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,95,29,e5,54,00,00,00,00,00,00,00,30,\
00,60,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{1d6fc744-557a-11dd-8bd0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,42,00,36,00,46,00,33,00,42,00,36,\
00,46,00,33,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,\
4c,00,65,00,6e,00,67,00,74,00,68,00,39,00,34,00,44,00,33,00,36,00,46,00,34,\
00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,\
2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,\
00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,\
62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,31,00,64,00,36,00,66,00,63,00,37,00,34,00,34,00,2d,00,35,00,35,\
00,37,00,61,00,2d,00,31,00,31,00,64,00,64,00,2d,00,38,00,62,00,64,00,30,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,79,60,f1,3c,00,00,00,00,00,00,00,30,\
00,60,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001

Shaba

2008-07-26, 18:33

Hi

Good that appears to be clean.

Go to Start > Run
Type regedit and click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Restore"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Restore]

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)

Reboot.

Delete this:

C:\WINDOWS\SysRes.vbs

Empty Recycle Bin.

Re-run dss.

Post back a fresh dss log

ushpen25

2008-07-26, 18:37

Hi,

My Regedit was still disabled and cannot be use. I can't follow the guidelines you've posted above.

Shaba

2008-07-26, 18:39

Hi

Sorry I forgot :oops:

Fix this entry with HijackThis and reboot.

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Regedit should work after that :)

ushpen25

2008-07-26, 19:07

Hi,

The line you wanted to delete is cannot be deleted by using HJT. After I do a system scan only, and check this line O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 and click Fix Checked the line still exist after i reboot my pc. I do it again but still the line existed. I guess the line wont be deleted.

Shaba

2008-07-26, 19:18

Hi

Then see here (http://wiki.answers.com/Q/How_to_enable_regedit)

ushpen25

2008-07-26, 19:30

Hi,

Still no luck, after i followed the guide of the link you've given and fix this line
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 using HJT and reboot my pc still regedit was disabled.

thanks for the time and effort though, Hope i don't bother you.

Shaba

2008-07-26, 19:31

Hi

Do this in safe mode then:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

There is either comodo or malware interfering; safe mode should "neutralize" them both.

ushpen25

2008-07-26, 19:55

Hello,

I can only use regedit when im in a safe mode. Is it ok if i follow the Post #37 in a safe mode? coz i really cant use regedit when i am in a normal mode.

Shaba

2008-07-26, 19:57

Hi

Did you do this in safe mode?

Start - run -
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f - OK?

If not, please do it now.

You can follow post #37 in safe mode but please do that REG thing before.

ushpen25

2008-07-26, 20:01

Yes i do the REG thing in a safe mode. But after i restarted and set my pc into normal mode still cant use regedit so i tried again the REG thing on a safe mode and try run the regedit and it works. Only in a Normal Mode cant. Oh and i also tried to delete this line O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 after doing the REG thing and reboot my pc into normal mode, but still i cant use Regedit thats why i asked you if it is ok if i follow the #37 in a safe mode.

Shaba

2008-07-26, 20:04

Hi

Well then there is malware left which puts it back upon reboot.

Please do it in safe mode and post back a fresh dss log afterwards.

ushpen25

2008-07-26, 20:21

Hi again,

By the way, how to delete this SysRes.vbs? this file doesnt existed in my C:\Windows.

Shaba

2008-07-26, 20:22

Hi

Are your hidden and system files visible, link (http://www.xtra.co.nz/help/0,,4155-1916458,00.html) ?

ushpen25

2008-07-26, 20:37

Hello

I cant set the folder and files to visible, it always rolled back to default, even safe mode wont do.

Shaba

2008-07-26, 20:39

Hi

OK, then skip that step and move on, please :)

ushpen25

2008-07-26, 20:44

Ok Shaba,

Here is the Log.

Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-27 01:33:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Pen.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:22 AM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8539 bytes

-- Files created between 2007-06-27 and 2007-07-27 -----------------------------

2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-18 14:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-26 23:18:00 27878 --a------ C:\export.reg
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-24 00:42:05 4533 --a------ C:\Cool USEP Scandal.vbs
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:26:04 4533 -rahs---- C:\sowar.vbs
2007-07-23 15:25:02 4533 -rahs---- C:\WINDOWS\SysRes.vbs
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates <TEMPLA~1>
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu <STARTM~1>
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood <PRINTH~1>
2007-07-22 22:56:12 6815744 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents <MYDOCU~1>
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings <LOCALS~1>
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites <FAVORI~1>
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data <APPLIC~1>
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-18 20:09:09 0 -rahs---- C:\IO.SYS
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 09:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 09:06 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 04:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 03:12 PM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 10:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 01:33 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 04:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 06:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2003 09:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 07:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56 AM]
"System Restore"="wscript.exe" [08/03/2004 04:56 AM C:\WINDOWS\system32\wscript.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 10:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 09:43 PM]

C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/15/2005 11:16:50 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/22/2006 5:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/22/2006 4:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc741-557a-11dd-8bd0-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc742-557a-11dd-8bd0-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc744-557a-11dd-8bd0-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

-- End of Deckard's System Scanner: finished at 2007-07-27 01:36:38 ------------

Shaba

2008-07-26, 20:51

Hi

And flash infector is back.

Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Cool USEP Scandal.vbs
C:\sowar.vbs
C:\WINDOWS\SysRes.vbs

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Go to start - run

Type these and click ok.

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C /f

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D /f

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E /f

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc741-557a-11dd-8bd0-806d6172696f} /f

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc742-557a-11dd-8bd0-806d6172696f} /f

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc744-557a-11dd-8bd0-806d6172696f} /f

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Re-run dss.

Post back a fresh dss log.

ushpen25

2008-07-27, 05:06

Hi

Here's the requested HJT Log and for the OTMoveIt2.

C:\Cool USEP Scandal.vbs moved successfully.
C:\sowar.vbs moved successfully.
C:\WINDOWS\SysRes.vbs moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07272007_095223

Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-27 09:54:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Pen.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:02 AM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8552 bytes

-- Files created between 2007-06-27 and 2007-07-27 -----------------------------

2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-18 14:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-26 23:18:00 27878 --a------ C:\export.reg
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-24 00:42:05 4533 --a------ C:\Cool USEP Scandal.vbs
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates <TEMPLA~1>
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu <STARTM~1>
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood <PRINTH~1>
2007-07-22 22:56:12 6815744 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents <MYDOCU~1>
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings <LOCALS~1>
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites <FAVORI~1>
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data <APPLIC~1>
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-18 20:09:09 0 -rahs---- C:\IO.SYS
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 09:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 09:06 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 04:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 03:12 PM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 10:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 01:33 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 04:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 06:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2003 09:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 07:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56 AM]
"System Restore"="wscript.exe" [08/03/2004 04:56 AM C:\WINDOWS\system32\wscript.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 10:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 09:43 PM]

C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/15/2005 11:16:50 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/22/2006 5:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/22/2006 4:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

-- End of Deckard's System Scanner: finished at 2007-07-27 09:57:17 ------------

Shaba

2008-07-27, 12:09

Hi

Have you used any USB flash drives meanwhile?

ushpen25

2008-07-27, 14:08

Hello

I haven't use USB on that particular time after i posted the HJT Log, but I used USB 2 hours ago. Just base the time of my response.

Shaba

2008-07-27, 14:17

Hi

You shouldn't use ANY USB drives while we are cleaning or we can stop this cleaning immediately as we won't get you clean.

You should format that USB stick you used next; it is infected.

Let me know when you have done that that we can continue with cleaning.

ushpen25

2008-07-27, 14:22

Hi

Sorry, i did not think of that. The reason why i used USB its because the USB i used 2 hours ago was different with the USB that was infected. Sorry wont do it again. Ok lets now go back to our cleaning.

Shaba

2008-07-27, 14:32

Hi

Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Cool USEP Scandal.vbs
C:\sowar.vbs
C:\WINDOWS\SysRes.vbs
C:\Autorun.inf

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Go to start - run

Type these and click ok.

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D /f

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E /f

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Re-run dss.

Post back a fresh dss log.

ushpen25

2008-07-27, 14:51

Hi,

I observed that this Autorun.inf cant be moved coz, when i tried to move this Autorun.inf again and again, it always shows up C:\Autorun.inf moved successfully.. Anyway here is the HJT Log and OTMoveIt2.

Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-27 19:39:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Pen.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:51 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8552 bytes

-- Files created between 2007-06-27 and 2007-07-27 -----------------------------

2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-18 14:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-26 23:18:00 27878 --a------ C:\export.reg
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates <TEMPLA~1>
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu <STARTM~1>
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood <PRINTH~1>
2007-07-22 22:56:12 6815744 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents <MYDOCU~1>
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings <LOCALS~1>
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites <FAVORI~1>
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data <APPLIC~1>
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 09:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 09:06 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 04:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 03:12 PM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 10:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 01:33 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 04:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 06:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2003 09:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 07:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56 AM]
"System Restore"="wscript.exe" [08/03/2004 04:56 AM C:\WINDOWS\system32\wscript.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 10:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 09:43 PM]

C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/15/2005 11:16:50 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/22/2006 5:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/22/2006 4:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc744-557a-11dd-8bd0-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9e2224-3ca2-11dc-b473-0019211ca709}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

-- End of Deckard's System Scanner: finished at 2007-07-27 19:41:56 ------------

C:\Cool USEP Scandal.vbs moved successfully.
C:\sowar.vbs moved successfully.
C:\WINDOWS\SysRes.vbs moved successfully.
C:\Autorun.inf moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07272007_192823

Shaba

2008-07-27, 14:58

Hi

OK, time for more powerful tools.

Download Avenger (http://swandog46.geekstogo.com/avenger2/download.php) by Swandog and unzip it to your Desktop.

Note: This program must be run from an account with Administrator priviledges.

Open the Avenger folder and double click Avenger.exe to launch the program.
Copy the text in the code box below and Paste it into the Input script here: box.

Files to delete:
C:\Cool USEP Scandal.vbs
C:\sowar.vbs
C:\WINDOWS\SysRes.vbs
C:\Autorun.inf

Registry keys to delete:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc744-557a-11dd-8bd0-806d6172696f}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9e2224-3ca2-11dc-b473-0019211ca709}

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | System Restore
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system | DisableTaskMgr
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system | DisableRegistryTools

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Ensure the following:

Scan for Rootkits is checked.
Automatically disable any rootkits found is Unchecked.

Press the Execute key.
Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
Post the log back here please. (it can also be found at C:\avenger.txt)

Re-run dss.

Post:

- dss log
- C:\avenger.txt

ushpen25

2008-07-27, 15:15

Hello,

There is something error pops up when i try to execute the script. See the SS Here (http://img37.picoodle.com/img/img37/4/7/27/f_untitledm_74f2bdb.png)

Shaba

2008-07-27, 15:18

Hi

My bad, forgot that avenger2 can't handle HKCU hive

Remove this part from script, please:

Registry keys to delete:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc744-557a-11dd-8bd0-806d6172696f}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9e2224-3ca2-11dc-b473-0019211ca709}

After that, try again, please.

ushpen25

2008-07-27, 15:24

Hi

This is what im trying to execute but still it gives me the same errror.

Files to delete:
C:\Cool USEP Scandal.vbs
C:\sowar.vbs
C:\WINDOWS\SysRes.vbs
C:\Autorun.inf

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | System Restore
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system | DisableTaskMgr
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system | DisableRegistryTools

Shaba

2008-07-27, 15:28

Hi

Remove this part too, please; also in HKCU hive:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system | DisableTaskMgr
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system | DisableRegistryTools

ushpen25

2008-07-27, 15:41

Ok here the avenger.txt and HJT Log.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Jul 27 20:03:53 2007

20:03:49: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
20:03:53: Error: Execution aborted by user!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Jul 27 20:14:02 2007

20:13:58: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system|DisableTaskMgr"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
20:14:00: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system|DisableRegistryTools"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
20:14:02: Error: Execution aborted by user!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\Cool USEP Scandal.vbs" not found!
Deletion of file "C:\Cool USEP Scandal.vbs" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\sowar.vbs" not found!
Deletion of file "C:\sowar.vbs" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\SysRes.vbs" not found!
Deletion of file "C:\WINDOWS\SysRes.vbs" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Autorun.inf" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|System Restore" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-27 20:27:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Pen.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:32 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8523 bytes

-- Files created between 2007-06-27 and 2007-07-27 -----------------------------

2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-18 14:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates <TEMPLA~1>
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu <STARTM~1>
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood <PRINTH~1>
2007-07-22 22:56:12 6815744 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents <MYDOCU~1>
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings <LOCALS~1>
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites <FAVORI~1>
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data <APPLIC~1>
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 09:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 09:06 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 04:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 03:12 PM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 10:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 01:33 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 04:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 06:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2003 09:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 07:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 10:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 09:43 PM]

C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/15/2005 11:16:50 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/22/2006 5:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/22/2006 4:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9e2224-3ca2-11dc-b473-0019211ca709}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

-- End of Deckard's System Scanner: finished at 2007-07-27 20:30:46 ------------

Shaba

2008-07-27, 16:10

Hi

Looks a bit better.

Copy text below to Notepad and save it as rem.bat (save it as all files, *.*)

@ECHO OFF

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E /f

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\5e9e2224-3ca2-11dc-b473-0019211ca709 /f

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG

Doubleclick rem.bat; black dos windows will flash, that's normal.

(In case you are unsure how to create a bat file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Bat_File) with screenshots.)

Reboot.

Re-run dss.

Post back a fresh dss log.

ushpen25

2008-07-27, 16:21

Ok here is the Log.

Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-27 21:10:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Pen.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:47 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8562 bytes

-- Files created between 2007-06-27 and 2007-07-27 -----------------------------

2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-18 14:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-27 20:44:57 4533 -rahs---- C:\sowar.vbs
2007-07-27 20:44:57 4533 --a------ C:\Cool USEP Scandal.vbs
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates <TEMPLA~1>
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu <STARTM~1>
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood <PRINTH~1>
2007-07-22 22:56:12 7340032 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents <MYDOCU~1>
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings <LOCALS~1>
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites <FAVORI~1>
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data <APPLIC~1>
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 09:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 09:06 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 04:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 03:12 PM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 10:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 01:33 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 04:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 06:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2003 09:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 07:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56 AM]
"System Restore"="wscript.exe" [08/03/2004 04:56 AM C:\WINDOWS\system32\wscript.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 10:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 09:43 PM]

C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/15/2005 11:16:50 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/22/2006 5:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/22/2006 4:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9e2224-3ca2-11dc-b473-0019211ca709}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

-- End of Deckard's System Scanner: finished at 2007-07-27 21:13:00 ------------

Shaba

2008-07-27, 16:42

And it looks like to respawn.

Let's try flash disinfector next.

Please download Flash_Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to your desktop.
Double click to run it.
You will be prompted to plug in your flash drive. Plug it in.
Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

After that:

Make your hidden files visible, link (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

Go to My Computer.

Go to each partition you have.

Delete COOL USEP SCANDAL.vbs from every partition.

Delete SOWAR.VBS and AUTORUN.INF from every partition (if you can't see them, restart your computer)

Delete C:\WINDOWS\SysRes.vbs.

Empty Recycle Bin.

Fix with HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Reboot.

Re-run dss.

Post back a fresh dss log.

ushpen25

2008-07-27, 17:49

ushpen25

2008-07-27, 17:52

Hello,

I did not see this files, SOWAR.VBS, AUTORUN.INF in every partition and this file as well as SysRes.vbs at Windows even i rebooted my pc and checked if the files and folder are visible. So I removed them by using OTMoveIt2.

I didn't see this lines in HJT as well.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Anyway here is the HJT Log.

Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-27 22:42:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Pen.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:18 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8105 bytes

-- Files created between 2007-06-27 and 2007-07-27 -----------------------------

2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-18 14:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates <TEMPLA~1>
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu <STARTM~1>
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood <PRINTH~1>
2007-07-22 22:56:12 7340032 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents <MYDOCU~1>
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings <LOCALS~1>
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites <FAVORI~1>
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data <APPLIC~1>
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 09:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 09:06 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 04:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 03:12 PM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 10:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 01:33 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 04:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 06:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2003 09:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 07:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 10:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 09:43 PM]

C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/15/2005 11:16:50 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/22/2006 5:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/22/2006 4:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9e2224-3ca2-11dc-b473-0019211ca709}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

-- End of Deckard's System Scanner: finished at 2007-07-27 22:45:20 ------------

Shaba

2008-07-27, 17:56

Hi

Now it looks much better :)

Likely flash disinfector removed them before that.

Fix these with HijackThis:

O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)

Go to Start > Run
Type regedit and click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9e2224-3ca2-11dc-b473-0019211ca709}]

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)

Reboot.

Re-run dss.

Post a fresh dss log.

ushpen25

2008-07-27, 18:12

Hello again,

Here it is

Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-27 23:01:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Pen.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:12 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7875 bytes

-- Files created between 2007-06-27 and 2007-07-27 -----------------------------

2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents <MYDOCU~1>
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings <LOCALS~1>
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites <FAVORI~1>
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data <APPLIC~1>
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates <TEMPLA~1>
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu <STARTM~1>
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood <PRINTH~1>
2008-07-18 14:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates <TEMPLA~1>
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu <STARTM~1>
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood <PRINTH~1>
2007-07-22 22:56:12 7340032 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents <MYDOCU~1>
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings <LOCALS~1>
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites <FAVORI~1>
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data <APPLIC~1>
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 09:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 09:06 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 04:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 03:12 PM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 10:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 01:33 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 04:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 06:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2003 09:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 07:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 10:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 09:43 PM]

C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/15/2005 11:16:50 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/22/2006 5:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/22/2006 4:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

-- End of Deckard's System Scanner: finished at 2007-07-27 23:04:20 ------------

Shaba

2008-07-27, 18:19

Hi

Please download Malwarebytes' Anti-Malware (http://www.malwaresupport.com/mbam/program/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

ushpen25

2008-07-27, 18:49

Hi,

Here it is.

Malwarebytes' Anti-Malware 1.23
Database version: 998
Windows 5.1.2600 Service Pack 2

11:41:32 PM 7/27/2007
mbam-log-7-27-2007 (23-41-32).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 77684
Time elapsed: 26 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Shaba

2008-07-27, 18:51

Hi

Still problems?

ushpen25

2008-07-28, 01:42

Hi,

My computer looks better now, i can now use task manager and regedit in my usual account but when i chose another one, both task manager and regedit was still disabled. Well i guess it doesn't matter at all, maybe i will just delete that account and make another one. So i conclude that my computer now is clean and good. Big thanks to you shaba. Hmm may i ask something? How will i avoid that kind of flash virus from USB's? is there a tool that could somehow blocked or detect that flash virus if the USB is plug in?

Shaba

2008-07-28, 08:35

Hi

"My computer looks better now, i can now use task manager and regedit in my usual account but when i chose another one, both task manager and regedit was still disabled."

Please post then HijackThis log from that account :)

"How will i avoid that kind of flash virus from USB's? is there a tool that could somehow blocked or detect that flash virus if the USB is plug in?"

No there isn't but flash_disinfector should help for removal. You can prevent flash viruses from spreading if you disable autorun.

ushpen25

2008-07-28, 16:57

Hello,

Here is the HJT Log from the account I am talking about.

Deckard's System Scanner v20071014.68
Run by * on 2007-07-28 21:46:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as *.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:04, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Pen\My Documents\Cleaning Tool\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\7CF3~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-21-776561741-1292428093-1801674531-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Pen')
O4 - HKUS\S-1-5-21-776561741-1292428093-1801674531-1006\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" (User 'Pen')
O4 - HKUS\S-1-5-21-776561741-1292428093-1801674531-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Pen')
O4 - HKUS\S-1-5-21-776561741-1292428093-1801674531-1006\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'Pen')
O4 - S-1-5-21-776561741-1292428093-1801674531-1006 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Pen')
O4 - S-1-5-21-776561741-1292428093-1801674531-1006 User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Pen')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8935 bytes

-- Files created between 2007-06-28 and 2007-07-28 -----------------------------

2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood
2008-07-18 14:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-28 08:27:27 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-07-28 08:27:27 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-07-28 08:27:25 0 d-------- C:\Program Files\Magic Video Converter
2007-07-28 07:06:01 0 d-------- C:\Documents and Settings\Pen\Application Data\Skype
2007-07-28 07:05:50 0 d-------- C:\Program Files\Skype
2007-07-28 07:05:50 0 d-------- C:\Program Files\Common Files\Skype
2007-07-28 07:05:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood
2007-07-22 22:56:12 7340032 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Application Data\Microsoft
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\*\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 21:06 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 21:06 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 16:35]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 15:12 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 22:04 C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 13:33]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 19:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 22:05]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 21:43]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []

C:\Documents and Settings\ÿ\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/28/2003 11:05:35 PM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/20/2006 7:43:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16da9670-389c-11dc-b451-0019211ca709}]
AutoRun\command- G:\password_viewer.exe %1
Explore\command- G:\password_viewer.exe %1
Open\command- G:\password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f05e7ba-3990-11dc-b457-0019211ca709}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f05e7c3-3990-11dc-b457-0019211ca709}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49d8a03-3967-11dc-b456-0019211ca709}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe TTMS816.dll.vbs

-- End of Deckard's System Scanner: finished at 2007-07-28 21:48:30 ------------

Shaba

2008-07-28, 17:13

Hi

Fix these with HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Copy text below to Notepad and save it as rem.bat (save it as all files, *.*)

@ECHO OFF

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f05e7ba-3990-11dc-b457-0019211ca709} /f

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f05e7c3-3990-11dc-b457-0019211ca709} /f

REG DELETE HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49d8a03-3967-11dc-b456-0019211ca709} /f

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG

Doubleclick rem.bat; black dos windows will flash, that's normal (run it from infected account).

(In case you are unsure how to create a bat file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Bat_File) with screenshots.)

Reboot.

Re-run dss from that account.

Post back a fresh dss log.

ushpen25

2008-07-28, 17:24

Hello

Here it is,

Deckard's System Scanner v20071014.68
Run by * on 2007-07-28 22:14:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as *.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:50, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pen\My Documents\Cleaning Tool\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\7CF3~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7845 bytes

-- Files created between 2007-06-28 and 2007-07-28 -----------------------------

2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood
2008-07-18 14:33:43 3932160 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-28 08:27:27 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-07-28 08:27:27 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-07-28 08:27:25 0 d-------- C:\Program Files\Magic Video Converter
2007-07-28 07:06:01 0 d-------- C:\Documents and Settings\Pen\Application Data\Skype
2007-07-28 07:05:50 0 d-------- C:\Program Files\Skype
2007-07-28 07:05:50 0 d-------- C:\Program Files\Common Files\Skype
2007-07-28 07:05:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood
2007-07-22 22:56:12 7340032 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Application Data\Microsoft
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\*\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 21:06 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 21:06 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 16:35]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 15:12 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 22:04 C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 13:33]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 19:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 22:05]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 21:43]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []

C:\Documents and Settings\ÿ\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/28/2003 11:05:35 PM]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/20/2006 7:43:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16da9670-389c-11dc-b451-0019211ca709}]
AutoRun\command- G:\password_viewer.exe %1
Explore\command- G:\password_viewer.exe %1
Open\command- G:\password_viewer.exe %1

-- End of Deckard's System Scanner: finished at 2007-07-28 22:16:08 ------------