Hi
Did you use a fresh copy of Combofix from those links?
Hi
Did you use a fresh copy of Combofix from those links?
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Yes I'd downloaded the ComboFix from the links you've given. I tried every link but still the same, it gives me Date Error.
Hi
Ok, then re-run dss and post back its log, please.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Hi
Here's the HJT Log as requested.
Deckard's System Scanner v20071014.68
Run by Pen on 2007-07-26 20:53:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Pen.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:00 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Pen\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pen.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacoolsoftware.com/sb-link/firefox.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: (no name) - {402652DA-68D1-49CD-A878-41D33F0A6F3C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {6df823f9-9623-4c00-8882-cf3336da9fc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 9106 bytes
-- Files created between 2007-06-26 and 2007-07-26 -----------------------------
2008-07-18 22:20:35 0 d--hs---- C:\WINDOWS\Installer
2008-07-18 22:20:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-18 22:20:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-18 22:20:30 0 dr------- C:\Program Files
2008-07-18 22:20:30 0 d-------- C:\Program Files\Common Files
2008-07-18 22:20:14 155136 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-18 22:20:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-18 22:20:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-18 22:20:04 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-18 22:20:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-18 22:20:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 22:18:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-18 22:18:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-18 22:18:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:17:45 0 d-------- C:\Documents and Settings
2008-07-18 22:17:44 0 d--hs---- C:\System Volume Information
2008-07-18 22:12:31 0 d-------- C:\WINDOWS
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\WinSxS
2008-07-18 22:12:31 0 dr------- C:\WINDOWS\Web
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\twain_32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wins
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\wbem
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\usmt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\spool
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\Setup
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ras
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\oobe
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\npp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\IME
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\ias
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\export
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-18 22:12:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\3076
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\2052
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1054
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1042
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1041
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1037
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1033
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1031
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1028
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system32\1025
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\system
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\security
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Resources
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\repair
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Provisioning
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\PeerNet
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\pchealth
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\mui
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msapps
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\msagent
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Media
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\java
2008-07-18 22:12:31 0 d--h----- C:\WINDOWS\inf
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ime
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Help
2008-07-18 22:12:31 0 dr--s---- C:\WINDOWS\Fonts
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\ehome
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Driver Cache
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Debug
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Cursors
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\Config
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\AppPatch
2008-07-18 22:12:31 0 d-------- C:\WINDOWS\addins
2008-07-18 14:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 14:54:22 0 d-------- C:\Program Files\GRETECH
2008-07-18 14:54:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 14:49:37 0 d-------- C:\WINDOWS\system32\Lang
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-18 14:49:36 0 d-------- C:\Documents and Settings\*\Application Data\ATI
2008-07-18 14:46:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-18 14:44:37 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-07-18 14:43:02 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-07-18 14:39:44 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-18 14:39:12 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-18 14:39:10 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 14:39:09 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 14:39:09 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 14:39:09 165782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 14:35:46 0 d-------- C:\Program Files\ATI Technologies
2008-07-18 14:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:35:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-18 14:34:02 0 d-------- C:\Documents and Settings\*\Application Data\Identities
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\My Documents
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Local Settings
2008-07-18 14:33:44 0 dr------- C:\Documents and Settings\*\Favorites
2008-07-18 14:33:44 0 d-------- C:\Documents and Settings\*\Desktop
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Cookies
2008-07-18 14:33:44 0 d--h----- C:\Documents and Settings\*\Application Data
2008-07-18 14:33:44 0 d---s---- C:\Documents and Settings\*\Application Data\Microsoft
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\Templates
2008-07-18 14:33:43 0 dr------- C:\Documents and Settings\*\Start Menu
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\SendTo
2008-07-18 14:33:43 0 dr-h----- C:\Documents and Settings\*\Recent
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\PrintHood
2008-07-18 14:33:43 2883584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2008-07-18 14:33:43 0 d--h----- C:\Documents and Settings\*\NetHood
2008-07-18 14:32:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-18 14:32:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 14:32:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-18 14:32:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-18 14:32:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-18 14:32:48 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-18 14:32:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-18 14:32:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-18 14:32:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-18 14:32:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-18 14:32:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-18 14:28:49 0 d-------- C:\WINDOWS\system32\xircom
2008-07-18 14:28:49 0 d-------- C:\Program Files\microsoft frontpage
2008-07-18 14:28:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-18 14:27:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-18 14:27:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-18 14:27:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-18 14:27:07 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-18 14:26:45 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-18 14:26:10 0 d---s---- C:\WINDOWS\Tasks
2008-07-18 14:26:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-18 14:26:06 0 d-------- C:\WINDOWS\srchasst
2008-07-18 14:26:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-18 14:26:01 285696 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:56 0 d-------- C:\Program Files\Movie Maker
2008-07-18 14:25:48 0 d-------- C:\WINDOWS\system32\Restore
2008-07-18 14:25:42 321536 --a------ C:\WINDOWS\system32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:25:08 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-18 14:24:54 0 d-------- C:\WINDOWS\Registration
2008-07-18 14:24:48 0 d-------- C:\Program Files\Online Services
2008-07-18 14:24:43 0 d-------- C:\Program Files\Messenger
2008-07-18 14:24:39 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-18 14:24:27 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:24:18 117760 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 180736 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:54 0 d-------- C:\Program Files\Windows NT
2008-07-18 14:23:53 439808 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:52 657408 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 14:23:51 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-18 14:23:49 0 d-------- C:\WINDOWS\system32\Com
2008-02-10 13:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 13:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-07 20:59:03 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-07 17:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-04 12:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-01-22 09:38:04 2845696 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>
2008-01-22 08:43:42 272384 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2008-01-22 08:36:44 9949184 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 08:35:58 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-22 08:35:48 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-01-22 08:35:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-01-22 08:35:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-01-22 08:35:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:34:06 512000 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-01-22 08:33:16 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-01-22 08:25:36 3121920 --a------ C:\WINDOWS\system32\ati3duag.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver>
2008-01-22 08:15:00 1664256 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2008-01-22 08:04:26 46080 --a------ C:\WINDOWS\system32\amdpcom32.dll <Not Verified; Advanced Micro Devices, Inc.; Advanced Micro Devices, Inc. Radeon PCOM Universal Driver>
2008-01-22 08:01:10 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-01-22 07:59:22 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-01-22 07:58:36 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-01-22 07:58:02 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-22 07:57:16 163840 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-22 07:53:52 503808 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-07-26 20:42:35 415232 --a------ C:\WINDOWS\system32\CF20178.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 20:38:48 415232 --a------ C:\WINDOWS\system32\CF19434.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 19:17:47 0 d-------- C:\Program Files\VirtualDub
2007-07-26 18:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-26 18:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 18:02:23 0 d-------- C:\Documents and Settings\Pen\Application Data\WinRAR
2007-07-26 17:55:53 0 d-------- C:\Program Files\Thomas Wright Consulting
2007-07-26 17:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-26 17:05:26 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-26 16:19:11 0 d-------- C:\Documents and Settings\Pen\Application Data\NCH Swift Sound
2007-07-26 11:11:55 415232 --a------ C:\WINDOWS\system32\CF6666.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 10:07:35 415232 --a------ C:\WINDOWS\system32\CF26822.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:57:50 415232 --a------ C:\WINDOWS\system32\CF24918.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 09:53:10 415232 --a------ C:\WINDOWS\system32\CF24007.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:51:11 415232 --a------ C:\WINDOWS\system32\CF17873.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:47:00 415232 --a------ C:\WINDOWS\system32\CF17053.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:41:37 415232 --a------ C:\WINDOWS\system32\CF15995.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-25 13:34:40 415232 --a------ C:\WINDOWS\system32\CF14516.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:45:26 415232 --a------ C:\WINDOWS\system32\CF29512.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 13:44:05 415232 --a------ C:\WINDOWS\system32\CF29251.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\IDM
2007-07-24 00:49:54 0 d-------- C:\Documents and Settings\Pen\Application Data\DMCache
2007-07-24 00:47:40 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-24 00:42:05 4533 --a------ C:\Cool USEP Scandal.vbs
2007-07-23 16:11:45 0 d-------- C:\Documents and Settings\*\Application Data\Nokia Multimedia Player
2007-07-23 16:03:13 0 d-------- C:\Documents and Settings\*\Phone Browser
2007-07-23 16:01:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-23 16:01:20 0 d-------- C:\Documents and Settings\*\Application Data\PC Suite
2007-07-23 15:26:04 4533 -rahs---- C:\sowar.vbs
2007-07-23 15:25:02 4533 -rahs---- C:\WINDOWS\SysRes.vbs
2007-07-23 15:08:04 0 d-------- C:\Program Files\Cucusoft
2007-07-23 02:39:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Ahead
2007-07-23 01:35:30 0 d-------- C:\Documents and Settings\Pen\Application Data\LimeWire
2007-07-23 00:08:38 0 d-------- C:\Documents and Settings\Pen\Application Data\Macromedia
2007-07-22 23:17:55 0 d-------- C:\Documents and Settings\Pen\Application Data\Mozilla
2007-07-22 22:59:45 0 d-------- C:\Documents and Settings\Pen\Application Data\Malwarebytes
2007-07-22 22:58:19 0 d-------- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
2007-07-22 22:56:56 0 d-------- C:\Documents and Settings\Pen\Application Data\Adobe
2007-07-22 22:56:55 0 d-------- C:\Documents and Settings\Pen\Application Data\ATI
2007-07-22 22:56:53 0 d-------- C:\Documents and Settings\Pen\Application Data\Comodo
2007-07-22 22:56:28 0 d-------- C:\Documents and Settings\Pen\Application Data\Identities
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Templates
2007-07-22 22:56:12 0 dr------- C:\Documents and Settings\Pen\Start Menu
2007-07-22 22:56:12 0 dr-h----- C:\Documents and Settings\Pen\SendTo
2007-07-22 22:56:12 0 d--hs---- C:\Documents and Settings\Pen\Recent
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\PrintHood
2007-07-22 22:56:12 6291456 --ah----- C:\Documents and Settings\Pen\NTUSER.DAT
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\NetHood
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\My Documents
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Local Settings
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Favorites
2007-07-22 22:56:12 0 d-------- C:\Documents and Settings\Pen\Desktop
2007-07-22 22:56:12 0 d---s---- C:\Documents and Settings\Pen\Cookies
2007-07-22 22:56:12 0 d--h----- C:\Documents and Settings\Pen\Application Data
2007-07-22 03:04:47 0 d-------- C:\Documents and Settings\*\Application Data\Malwarebytes
2007-07-22 03:04:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2007-07-22 03:04:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2007-07-22 02:42:11 0 d-------- C:\Program Files\AskSBar
2007-07-22 02:41:26 0 d-------- C:\Documents and Settings\*\Application Data\Comodo
2007-07-22 02:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-07-22 02:41:22 0 d-------- C:\Program Files\COMODO
2007-07-21 23:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-07-21 22:53:34 0 d-------- C:\Program Files\EsetOnlineScanner
2007-07-21 03:06:17 0 d-------- C:\WINDOWS\Sun
2007-07-21 03:06:17 0 d-------- C:\Documents and Settings\*\Application Data\Sun
2007-07-21 01:49:12 0 d-------- C:\WINDOWS\ERUNT
2007-07-21 01:00:38 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire
2007-07-21 00:59:54 0 d-------- C:\Program Files\Sun
2007-07-21 00:58:51 0 d-------- C:\Program Files\Java
2007-07-21 00:52:09 0 d-------- C:\Program Files\Common Files\Java
2007-07-19 22:56:36 0 d-------- C:\Documents and Settings\*\Application Data\WinRAR
2007-07-19 18:10:09 0 d-------- C:\Program Files\LimeWire
2007-07-19 17:53:26 0 d-------- C:\Program Files\EPSON
2007-07-19 17:53:03 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 55808 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-07-19 17:53:03 110592 --a------ C:\WINDOWS\system32\EEBDSCVR.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 131072 --a------ C:\WINDOWS\system32\EEBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:03 69632 --a------ C:\WINDOWS\system32\EBAPI.dll <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
2007-07-19 17:53:02 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-19 12:54:07 0 d-------- C:\Program Files\SpywareGuard
2007-07-19 12:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-19 11:10:26 0 d-------- C:\Program Files\Trend Micro
2007-07-19 06:19:00 0 d-------- C:\Program Files\Panda Security
2007-07-19 04:25:10 0 d-------- C:\Documents and Settings\*\Application Data\TmpRecentIcons
2007-07-19 02:35:26 0 d--h----- C:\$AVG8.VAULT$
2007-07-18 21:09:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 20:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-18 20:09:09 0 -rahs---- C:\MSDOS.SYS
2007-07-18 20:09:09 0 -rahs---- C:\IO.SYS
2007-07-18 20:09:09 0 --a------ C:\CONFIG.SYS
2007-07-18 20:09:09 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 20:09:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-07-18 20:09:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-18 20:08:58 0 d-------- C:\Program Files\SpywareBlaster
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\IDM
2007-07-18 20:02:46 0 d-------- C:\Documents and Settings\*\Application Data\DMCache
2007-07-18 20:02:42 0 d-------- C:\Program Files\Internet Download Manager
2007-07-18 19:57:51 0 d-------- C:\Documents and Settings\*\Application Data\Macromedia
2007-07-18 19:51:24 0 d-------- C:\WINDOWS\pss
2007-07-18 19:42:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-18 19:42:41 0 d-------- C:\Documents and Settings\*\Application Data\Mozilla
2007-07-18 19:40:23 0 d-------- C:\Program Files\Common Files\LightScribe
2007-07-18 19:39:39 0 d-------- C:\Documents and Settings\*\Application Data\Ahead
2007-07-18 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Nero
2007-07-18 19:37:15 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 19:36:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 16:24:06 0 d-------- C:\Documents and Settings\*\Application Data\GRETECH
2007-07-18 15:32:03 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 15:31:53 0 d-------- C:\Program Files\MSBuild
2007-07-18 15:30:38 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 15:28:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 15:27:39 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 15:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-18 15:26:25 0 dr-h----- C:\MSOCache
2007-07-18 15:18:47 0 d-------- C:\Program Files\Microsoft Student
2007-07-18 15:18:25 0 d-------- C:\Program Files\Learning Essentials
2007-07-18 15:10:45 0 d-------- C:\Program Files\VideoLAN
2007-07-18 15:09:56 0 d-------- C:\Program Files\Yahoo!
2007-07-18 15:08:56 0 d-------- C:\Program Files\Winamp
2007-07-18 15:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 15:08:23 0 d-------- C:\Program Files\CyberLink
2007-07-18 15:07:52 0 d-------- C:\Documents and Settings\*\Application Data\NCH Swift Sound
2007-07-18 15:07:42 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-18 15:06:29 0 d-------- C:\WINDOWS\ferrarie themes
2007-07-18 15:05:31 0 d-------- C:\Documents and Settings\*\Application Data\Adobe
2007-07-18 15:03:30 63385 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-18 15:01:58 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-18 15:01:38 0 d-------- C:\WINDOWS\BricoPacks
2007-07-18 15:00:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2007-07-18 15:00:09 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR
2007-07-18 14:59:57 0 d-------- C:\Program Files\AVG
2007-07-18 14:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
-- Find3M Report ---------------------------------------------------------------
2008-07-18 22:20:04 62 --ahs---- C:\Documents and Settings\Pen\Application Data\desktop.ini
2007-07-18 15:03:29 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
07/22/2007 02:42 AM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{402652DA-68D1-49CD-A878-41D33F0A6F3C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6df823f9-9623-4c00-8882-cf3336da9fc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2007 09:06 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
07/22/2007 02:42 AM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2007 09:06 PM 2055960]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [07/22/2007 02:42 AM 262144]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/09/2006 04:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/18/2006 03:12 PM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/15/2006 10:04 PM C:\WINDOWS\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2007 01:33 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 04:47 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 06:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2003 09:35 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/11/2006 07:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 08:27 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/22/2007 02:56 AM]
"System Restore"="wscript.exe" [08/03/2004 04:56 AM C:\WINDOWS\system32\wscript.exe]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/03/2004 04:56 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56 AM]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/18/2007 10:05 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/22/2006 10:05 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 02:42 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/29/2007 09:43 PM]
C:\Documents and Settings\Pen\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/15/2005 11:16:50 PM]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 10:05:02 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/22/2006 5:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/22/2006 4:01:50 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/19/2007 5:52:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Restore]
wscript.exe "C:\WINDOWS\SysRes.vbs"
-- End of Deckard's System Scanner: finished at 2007-07-26 20:56:22 ------------
Hi
Uninstall via add/remove programs:
Ask Toolbar
Copy text below to Notepad and save it as export.bat (save it as all files, *.*)
@ECHO OFF
REG EXPORT HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2 C:\export.reg
It should look like this ->
Doubleclick export.bat; black dos windows will flash, that's normal.
(In case you are unsure how to create a bat file, take a look here with screenshots.)
Post back contents of C:\export.reg, please.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Hi
here is the content of export.reg.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\A]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc73e-557a-11dd-8bd0-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc73f-557a-11dd-8bd0-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc741-557a-11dd-8bd0-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc742-557a-11dd-8bd0-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d6fc744-557a-11dd-8bd0-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{1d6fc73e-557a-11dd-8bd0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,\
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
00,5f,00,44,00,52,00,49,00,56,00,45,00,23,00,35,00,26,00,31,00,37,00,34,00,\
30,00,36,00,36,00,37,00,34,00,26,00,30,00,26,00,30,00,23,00,7b,00,35,00,33,\
00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,\
31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,\
00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,31,00,64,00,36,00,66,00,63,00,37,00,33,00,65,00,2d,00,35,00,35,\
00,37,00,61,00,2d,00,31,00,31,00,64,00,64,00,2d,00,38,00,62,00,64,00,30,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,10,00,\
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{1d6fc73f-557a-11dd-8bd0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
64,00,52,00,6f,00,6d,00,4c,00,49,00,54,00,45,00,2d,00,4f,00,4e,00,5f,00,44,\
00,56,00,44,00,52,00,57,00,5f,00,4c,00,48,00,2d,00,31,00,38,00,41,00,31,00,\
48,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,48,00,4c,00,30,00,39,00,5f,00,5f,00,\
5f,00,5f,00,23,00,35,00,26,00,37,00,39,00,66,00,33,00,35,00,30,00,63,00,26,\
00,30,00,26,00,30,00,2e,00,31,00,2e,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,31,00,64,00,36,00,66,00,63,00,37,00,33,00,66,00,2d,00,35,00,35,\
00,37,00,61,00,2d,00,31,00,31,00,64,00,64,00,2d,00,38,00,62,00,64,00,30,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,ff,01,00,\
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{1d6fc741-557a-11dd-8bd0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,42,00,36,00,46,00,33,00,42,00,36,\
00,46,00,33,00,4f,00,66,00,66,00,73,00,65,00,74,00,39,00,34,00,44,00,33,00,\
37,00,46,00,30,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,\
00,39,00,43,00,42,00,30,00,38,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,31,00,64,00,36,00,66,00,63,00,37,00,34,00,31,00,2d,00,35,00,35,\
00,37,00,61,00,2d,00,31,00,31,00,64,00,64,00,2d,00,38,00,62,00,64,00,30,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,d1,e8,8f,9c,00,00,00,00,00,00,00,30,\
00,60,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{1d6fc742-557a-11dd-8bd0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,42,00,36,00,46,00,33,00,42,00,36,\
00,46,00,33,00,4f,00,66,00,66,00,73,00,65,00,74,00,44,00,46,00,37,00,30,00,\
33,00,37,00,36,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,\
00,41,00,34,00,38,00,38,00,41,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,31,00,64,00,36,00,66,00,63,00,37,00,34,00,32,00,2d,00,35,00,35,\
00,37,00,61,00,2d,00,31,00,31,00,64,00,64,00,2d,00,38,00,62,00,64,00,30,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,95,29,e5,54,00,00,00,00,00,00,00,30,\
00,60,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{1d6fc744-557a-11dd-8bd0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,42,00,36,00,46,00,33,00,42,00,36,\
00,46,00,33,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,\
4c,00,65,00,6e,00,67,00,74,00,68,00,39,00,34,00,44,00,33,00,36,00,46,00,34,\
00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,\
2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,\
00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,\
62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,31,00,64,00,36,00,66,00,63,00,37,00,34,00,34,00,2d,00,35,00,35,\
00,37,00,61,00,2d,00,31,00,31,00,64,00,64,00,2d,00,38,00,62,00,64,00,30,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,79,60,f1,3c,00,00,00,00,00,00,00,30,\
00,60,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
Hi
Good that appears to be clean.
Go to Start > Run
Type regedit and click OK.
- On the leftside, click to highlight My Computer at the top.
- Go up to "File > Export"
- Make sure in that window there is a tick next to "All" under Export Branch.
- Leave the "Save As Type" as "Registration Files".
- Under "Filename" put backup
- Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
- Click Save and then go to File > Exit.
Open Notepad and copy the contents of the following box to a new file.
Save it as fix.reg (save type: "All files" (*.*)) to your desktop.Code:Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "System Restore"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Restore]
It should look like this ->
Go to Desktop, double-click fix.reg and merge the infomation with the registry.
(In case you are unsure how to create a reg file, take a look here with screenshots.)
Reboot.
Delete this:
C:\WINDOWS\SysRes.vbs
Empty Recycle Bin.
Re-run dss.
Post back a fresh dss log
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Hi,
My Regedit was still disabled and cannot be use. I can't follow the guidelines you've posted above.
Hi
Sorry I forgot
Fix this entry with HijackThis and reboot.
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Regedit should work after that
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Hi,
The line you wanted to delete is cannot be deleted by using HJT. After I do a system scan only, and check this line O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 and click Fix Checked the line still exist after i reboot my pc. I do it again but still the line existed. I guess the line wont be deleted.
Posting Permissions
