ushpen25
2008-07-24, 16:13
Hello,
My regedit and task manager was disabled by a malware i guess. But I think I already removed all the possible malwares and malicious files in my Computer. But still my Regedit and Task Manager was disabled so i made a HJT Log.
Here's my HJT Log.
Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-24 20:53:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Pen.exe) -------------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-07-24 20:56:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 9847 bytes
-- Files created between 2007-06-24 and 2007-07-24 -----------------------------
2008-07-19 18:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-19 18:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-19 18:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-19 18:20:30 0 dr------- C:\Program Files
2008-07-19 18:20:30 0 d-------- C:\Program Files\Common Files
2008-07-19 18:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-19 18:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-19 18:17:45 0 d-------- C:\Documents and Settings
2008-07-19 18:17:44 0 d--hs---- C:\System Volume Information
2008-07-19 18:12:31 0 d-------- C:\WINDOWS
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-19 18:12:31 0 dr------- C:\WINDOWS\Web
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-19 18:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\security
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\repair
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Media
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\java
2008-07-19 18:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ime
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Help
2008-07-19 18:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\addins
2008-07-19 10:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-19 10:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-19 10:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 10:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-19 10:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-19 10:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-19 10:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-19 10:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-19 10:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-19 10:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-19 10:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-19 10:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-19 10:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-19 10:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 10:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-19 10:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\My Documents
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\Favorites
2008-07-19 10:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Application Data
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\Templates
2008-07-19 10:33:43 0 dr------- C:\Documents and Settings\*\Start Menu
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood
2008-07-19 10:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-19 10:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-19 10:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 10:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-19 10:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-19 10:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-19 10:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-19 10:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-19 10:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-19 10:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-19 10:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-19 10:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-19 10:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-19 10:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-19 10:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-19 10:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-19 10:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-19 10:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-19 10:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-19 10:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-19 10:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-19 10:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-19 10:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-19 10:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-19 10:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-19 10:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-19 10:24:48 0 d-------- C:\Program Files\Online Services
2008-07-19 10:24:43 0 d-------- C:\Program Files\Messenger
2008-07-19 10:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-19 10:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-19 10:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-19 10:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 16:59:03 522752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioTransform2 ActiveX DLL>
2008-02-08 16:59:03 467968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-02-08 16:59:03 467456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-02-08 16:59:03 966144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-02-08 16:59:03 877568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-02-08 16:59:03 634880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioEditor2 ActiveX DLL>
2008-02-08 16:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-23 05:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-23 04:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-23 04:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 04:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-23 04:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-23 04:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-23 04:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-23 04:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-23 04:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-23 04:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-23 04:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-23 04:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-23 03:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-23 03:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-23 03:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 03:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-23 03:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-27 14:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 14:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-24 20:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 20:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 20:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-24 20:42:05 4533 --a------ C:\Cool USEP Scandal.vbs
2007-07-24 12:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-24 12:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-24 12:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-24 12:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-24 11:26:04 4533 -rahs---- C:\sowar.vbs
2007-07-24 11:25:02 4533 -rahs---- C:\WINDOWS\SysRes.vbs
2007-07-24 11:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 22:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 21:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 20:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-23 19:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-23 18:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-23 18:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-23 18:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-23 18:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-23 18:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-23 18:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates
2007-07-23 18:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu
2007-07-23 18:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-23 18:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood
2007-07-23 18:56:12 6029312 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-23 18:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings
2007-07-23 18:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites
2007-07-23 18:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-23 18:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data
2007-07-22 23:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 23:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 23:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 22:42:11 0 d-------- C:\Program Files\AskSBar
2007-07-22 22:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 22:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 22:41:22 0 d-------- C:\Program Files\COMODO
2007-07-22 20:19:01 274096 --a------ C:\WINDOWS\DJ Audio Editor Uninstaller.exe
2007-07-22 20:18:50 0 d-------- C:\Program Files\DJ Audio Editor
2007-07-22 19:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-22 18:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 23:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 23:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 21:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 21:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 20:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 20:58:51 0 d-------- C:\Program Files\Java
2007-07-21 20:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-20 18:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-20 14:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-20 13:53:26 0 d-------- C:\Program Files\EPSON
2007-07-20 13:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-20 13:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-20 08:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-20 08:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-20 07:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-20 02:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-20 00:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 22:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-19 17:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-19 16:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-19 16:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-19 16:09:09 0 -rahs---- C:\IO.SYS
2007-07-19 16:09:09 0 --a------ C:\CONFIG.SYS
2007-07-19 16:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-19 16:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-19 16:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-19 16:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-19 16:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-19 15:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-19 15:51:24 0 d-------- C:\WINDOWS\pss
2007-07-19 15:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-19 15:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-19 15:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-19 15:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-19 15:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-19 15:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-19 12:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-19 11:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-19 11:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-19 11:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-19 11:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-19 11:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-19 11:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-19 11:26:25 0 dr-h----- C:\MSOCache
2007-07-19 11:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-19 11:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-19 11:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-19 11:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-19 11:08:56 0 d-------- C:\Program Files\Winamp
2007-07-19 11:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-19 11:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-19 11:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-19 11:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-19 11:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-19 11:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-19 11:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-19 11:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-19 11:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-19 11:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-19 11:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-19 10:59:57 0 d-------- C:\Program Files\AVG
2007-07-19 10:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
-- Find3M Report ---------------------------------------------------------------
2008-07-19 18:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-19 11:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
07/22/2007 10:42 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/19/2007 05:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
07/22/2007 10:42 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/19/2007 05:06 PM 2055960]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [07/22/2007 10:42 PM 262144]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/19/2006 11:12 AM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/19/2007 05:06 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/21/2004 02:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2003 05:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 10:56 PM]
"System Restore"="wscript.exe" [08/04/2004 12:56 AM C:\WINDOWS\system32\wscript.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/19/2007 06:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 10:42 PM]
C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [6/19/2008 2:46:56 AM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/19/2007 6:05:02 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/20/2007 1:52:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
C:\DOCUME~1\Pen\LOCALS~1\Temp\~mjqtfjp.tmp\temp00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
C:\DOCUME~1\Pen\LOCALS~1\Temp\~mjqtfjp.tmp\temp00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc741-557a-11dd-8bd0-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc742-557a-11dd-8bd0-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc744-557a-11dd-8bd0-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs
-- End of Deckard's System Scanner: finished at 2007-07-24 20:58:56 ------------
--------------------------------
http://forums.spybot.info/showthread.php?p=215792#post215792
My regedit and task manager was disabled by a malware i guess. But I think I already removed all the possible malwares and malicious files in my Computer. But still my Regedit and Task Manager was disabled so i made a HJT Log.
Here's my HJT Log.
Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-24 20:53:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Pen.exe) -------------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-07-24 20:56:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 9847 bytes
-- Files created between 2007-06-24 and 2007-07-24 -----------------------------
2008-07-19 18:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-19 18:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-19 18:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-19 18:20:30 0 dr------- C:\Program Files
2008-07-19 18:20:30 0 d-------- C:\Program Files\Common Files
2008-07-19 18:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-19 18:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-19 18:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-19 18:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-19 18:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-19 18:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 18:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-19 18:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-19 18:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-19 18:17:45 0 d-------- C:\Documents and Settings
2008-07-19 18:17:44 0 d--hs---- C:\System Volume Information
2008-07-19 18:12:31 0 d-------- C:\WINDOWS
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-19 18:12:31 0 dr------- C:\WINDOWS\Web
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-19 18:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\system
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\security
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\repair
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\mui
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Media
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\java
2008-07-19 18:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ime
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Help
2008-07-19 18:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\Config
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-19 18:12:31 0 d-------- C:\WINDOWS\addins
2008-07-19 10:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-19 10:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-19 10:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 10:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-19 10:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-19 10:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-19 10:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-19 10:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-19 10:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-19 10:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-19 10:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-19 10:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-19 10:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-19 10:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-19 10:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-19 10:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 10:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-19 10:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\My Documents
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings
2008-07-19 10:33:44 0 dr------- C:\Documents and Settings\*\Favorites
2008-07-19 10:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-19 10:33:44 0 d--h----- C:\Documents and Settings\*\Application Data
2008-07-19 10:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\Templates
2008-07-19 10:33:43 0 dr------- C:\Documents and Settings\*\Start Menu
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-19 10:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood
2008-07-19 10:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-19 10:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-19 10:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-19 10:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 10:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-19 10:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-19 10:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-19 10:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-19 10:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-19 10:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-19 10:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-19 10:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-19 10:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-19 10:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-19 10:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-19 10:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-19 10:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-19 10:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-19 10:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-19 10:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-19 10:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-19 10:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-19 10:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-19 10:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-19 10:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-19 10:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-19 10:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-19 10:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-19 10:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-19 10:24:48 0 d-------- C:\Program Files\Online Services
2008-07-19 10:24:43 0 d-------- C:\Program Files\Messenger
2008-07-19 10:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-19 10:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-19 10:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 10:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-19 10:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 16:59:03 522752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioTransform2 ActiveX DLL>
2008-02-08 16:59:03 467968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-02-08 16:59:03 467456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-02-08 16:59:03 966144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-02-08 16:59:03 877568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-02-08 16:59:03 634880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioEditor2 ActiveX DLL>
2008-02-08 16:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-23 05:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-23 04:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-23 04:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 04:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-23 04:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-23 04:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-23 04:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-23 04:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-23 04:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-23 04:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-23 04:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-23 04:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-23 04:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-23 03:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-23 03:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-23 03:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-23 03:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-23 03:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-27 14:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 14:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-24 20:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 20:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 20:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-24 20:42:05 4533 --a------ C:\Cool USEP Scandal.vbs
2007-07-24 12:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-24 12:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-24 12:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-24 12:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-24 11:26:04 4533 -rahs---- C:\sowar.vbs
2007-07-24 11:25:02 4533 -rahs---- C:\WINDOWS\SysRes.vbs
2007-07-24 11:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 22:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 21:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 20:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-23 19:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-23 18:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-23 18:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-23 18:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-23 18:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-23 18:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-23 18:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates
2007-07-23 18:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu
2007-07-23 18:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-23 18:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood
2007-07-23 18:56:12 6029312 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-23 18:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings
2007-07-23 18:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites
2007-07-23 18:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-23 18:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-23 18:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data
2007-07-22 23:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 23:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 23:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 22:42:11 0 d-------- C:\Program Files\AskSBar
2007-07-22 22:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 22:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 22:41:22 0 d-------- C:\Program Files\COMODO
2007-07-22 20:19:01 274096 --a------ C:\WINDOWS\DJ Audio Editor Uninstaller.exe
2007-07-22 20:18:50 0 d-------- C:\Program Files\DJ Audio Editor
2007-07-22 19:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-22 18:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 23:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 23:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 21:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 21:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 20:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 20:58:51 0 d-------- C:\Program Files\Java
2007-07-21 20:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-20 18:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-20 14:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-20 13:53:26 0 d-------- C:\Program Files\EPSON
2007-07-20 13:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-20 13:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-20 13:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-20 08:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-20 08:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-20 07:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-20 02:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-20 00:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 22:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-19 17:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-19 16:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-19 16:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-19 16:09:09 0 -rahs---- C:\IO.SYS
2007-07-19 16:09:09 0 --a------ C:\CONFIG.SYS
2007-07-19 16:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-19 16:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-19 16:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-19 16:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-19 16:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-19 16:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-19 15:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-19 15:51:24 0 d-------- C:\WINDOWS\pss
2007-07-19 15:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-19 15:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-19 15:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-19 15:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-19 15:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Nero
2007-07-19 15:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-19 15:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-19 12:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-19 11:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-19 11:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-19 11:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-19 11:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-19 11:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-19 11:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-19 11:26:25 0 dr-h----- C:\MSOCache
2007-07-19 11:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-19 11:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-19 11:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-19 11:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-19 11:08:56 0 d-------- C:\Program Files\Winamp
2007-07-19 11:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-19 11:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-19 11:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-19 11:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-19 11:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-19 11:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-19 11:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-19 11:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-19 11:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-19 11:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-19 11:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-19 10:59:57 0 d-------- C:\Program Files\AVG
2007-07-19 10:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
-- Find3M Report ---------------------------------------------------------------
2008-07-19 18:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-19 11:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
07/22/2007 10:42 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/19/2007 05:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
07/22/2007 10:42 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/19/2007 05:06 PM 2055960]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [07/22/2007 10:42 PM 262144]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/19/2006 11:12 AM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/19/2007 05:06 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/21/2004 02:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2003 05:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 10:56 PM]
"System Restore"="wscript.exe" [08/04/2004 12:56 AM C:\WINDOWS\system32\wscript.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/19/2007 06:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 10:42 PM]
C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [6/19/2008 2:46:56 AM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/19/2007 6:05:02 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/20/2007 1:52:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
C:\DOCUME~1\Pen\LOCALS~1\Temp\~mjqtfjp.tmp\temp00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
C:\DOCUME~1\Pen\LOCALS~1\Temp\~mjqtfjp.tmp\temp00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc741-557a-11dd-8bd0-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc742-557a-11dd-8bd0-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc744-557a-11dd-8bd0-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs
-- End of Deckard's System Scanner: finished at 2007-07-24 20:58:56 ------------
--------------------------------
http://forums.spybot.info/showthread.php?p=215792#post215792