|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
Thread Tools |
05-09-2008, 07:53 AM
|
#1 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 1
OS: xp
|
do i have problems?
Deckard's System Scanner v20071014.68
Run by Mohammad on 2008-05-09 17:27:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-05-09 14:27:49 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Mohammad.exe) -------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-09 17:29:24 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.5730.13) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Anti Netcut\Anti NetCut.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Documents and Settings\Mohammad\Desktop\dss.exe C:\Documents and Settings\Mohammad\Desktop\Mohammad.exe C:\WINDOWS\system32\cmd.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [antinetcut2] C:\Program Files\Anti Netcut\Anti NetCut.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\RunOnce: [DAP Cleanup] "C:\DOCUME~1\Mohammad\LOCALS~1\Temp\DAPREMOVE.EXE" /CLEANUP /DIR="C:\PROGRA~1\DAP" O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O15 - Trusted Zone: http://update.microsoft.com (HKCU) O15 - Trusted Zone: http://v4.windowsupdate.microsoft.com (HKCU) O15 - Trusted Zone: http://v5.windowsupdate.microsoft.com (HKCU) O15 - Trusted Zone: http://windowsupdate.microsoft.com (HKCU) O15 - Trusted Zone: http://download.windowsupdate.com (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1209259877203 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: qoMeFWpM - C:\WINDOWS\system32\qoMeFWpM.dll (file missing) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceM - Unknown owner - C:\WINDOWS\system32\ServiceM.exe -- End of file - 7561 bytes -- HijackThis Fixed Entries (C:\Documents and Settings\Mohammad\Desktop\backups\) -------------------------------------------------------------------------------- backup-20080509-164621-189 O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S1 SiS315 - c:\windows\system32\drivers\sisgrp.sys (file missing) S3 ac97intc (Intel(r) 82801DB/DBM Audio Driver Service (WDM)) - c:\windows\system32\drivers\ac97ich4.sys <Not Verified; Intel Corporation; Intel(r) Integrated Controller Hub Audio Driver> S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> S3 UnlockerDriver5 (UnlockerDriver5 Driver) - c:\program files\unlocker\unlockerdriver4.sys S3 VIAudio (Vinyl AC'97 Audio Controller (WDM)) - c:\windows\system32\drivers\vinyl97.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 ServiceM - c:\windows\system32\servicem.exe S3 Netcom3 (NetCom3 Service) - c:\program files\netcom3 cleaner\pscmonitor.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_00001849&REV_03\3&13C0B0C5&0&10 Manufacturer: Intel Corporation Name: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller PNP Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_00001849&REV_03\3&13C0B0C5&0&10 Service: ialm -- Scheduled Tasks ------------------------------------------------------------- 2008-05-09 17:00:02 444 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job 2008-05-01 03:29:36 378 --a------ C:\WINDOWS\Tasks\RegCure.job -- Files created between 2008-04-09 and 2008-05-09 ----------------------------- 2008-05-09 17:10:27 0 d-------- C:\WINDOWS\LastGood 2008-05-09 17:06:16 0 d-------- C:\ie-spyad_zo 2008-05-09 16:51:49 0 d-------- C:\Documents and Settings\Mohammad\Application Data\IDM 2008-05-09 16:51:48 0 d-------- C:\Documents and Settings\Mohammad\Application Data\DMCache 2008-05-09 16:51:42 0 d-------- C:\Program Files\Internet Download Manager 2008-05-09 16:32:44 0 d-------- C:\Program Files\Netcom3 Cleaner 2008-05-09 15:12:58 0 d-------- C:\WINDOWS\nview 2008-05-09 15:02:35 0 dr-h----- C:\Documents and Settings\Mohammad\Recent 2008-05-09 14:14:12 0 d--hs---- C:\FOUND.004 2008-05-07 14:24:16 0 d--hs---- C:\FOUND.003 2008-05-07 04:10:13 45568 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys <Not Verified; Realtek Semiconductor Corporation; Realtek RTL8139/810x Family Fast Ethernet NIC> 2008-05-07 00:04:01 0 d-------- C:\Program Files\Intel 2008-05-06 12:15:45 0 d-------- C:\Program Files\PerformanceTest 2008-05-06 11:31:00 0 d-------- C:\WINDOWS\Prefetch 2008-05-06 09:36:40 0 d-------- C:\WINDOWS\system32\xircom 2008-05-06 09:36:40 0 d-------- C:\Program Files\msn gaming zone 2008-05-06 09:36:40 0 d-------- C:\Program Files\Common Files\speechengines 2008-05-06 09:36:39 0 d-------- C:\Program Files\microsoft frontpage 2008-05-06 09:24:48 0 d-------- C:\Program Files\Messenger 2008-05-06 09:24:07 0 d-------- C:\WINDOWS\system32\scripting 2008-05-06 09:24:04 0 d-------- C:\WINDOWS\l2schemas 2008-05-06 09:24:03 0 d-------- C:\WINDOWS\system32\en 2008-05-06 09:24:02 0 d-------- C:\WINDOWS\system32\bits 2008-05-06 09:18:39 0 d-------- C:\WINDOWS\network diagnostic 2008-05-06 09:14:45 2913792 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-05-06 09:13:07 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys <Not Verified; Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.; Macrovision SECURITY Driver> 2008-05-06 09:13:06 360448 --a------ C:\WINDOWS\system32\drivers\tcpip.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-05-06 08:55:25 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-05-06 08:20:54 0 d-------- C:\Program Files\Anti Netcut 2008-05-06 08:20:50 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows> 2008-05-06 08:20:48 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2008-05-05 20:27:16 0 d-------- C:\Program Files\NovaTech Network 2008-05-05 02:18:24 0 d-------- C:\NVIDIA 2008-05-05 01:40:15 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-05-03 04:38:31 266240 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application> 2008-05-03 04:38:31 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application> 2008-05-03 04:38:31 28672 --a------ C:\WINDOWS\CMIRmDriver.dll 2008-05-03 04:38:31 0 d-------- C:\Program Files\C-Media 3D Audio 2008-05-03 03:46:55 86275 --a------ C:\WINDOWS\system32\waitwnd.exe 2008-05-03 03:46:55 139264 --a------ C:\WINDOWS\system32\setuplib.dll <Not Verified; ; setuplib Dynamic Link Library> 2008-05-03 03:46:53 0 d-------- C:\Documents and Settings\Mohammad\WINDOWS 2008-05-03 03:22:49 107776 --a------ C:\WINDOWS\system32\drivers\ac97ich4.sys <Not Verified; Intel Corporation; Intel(r) Integrated Controller Hub Audio Driver> 2008-05-03 03:17:39 0 d-------- C:\WINDOWS\system32\appmgmt 2008-05-03 02:45:38 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> 2008-05-02 14:13:07 0 d-------- C:\Program Files\SystemRequirementsLab 2008-05-02 14:12:34 0 d-------- C:\Documents and Settings\Mohammad\Application Data\SystemRequirementsLab 2008-05-02 14:12:24 0 d-------- C:\WINDOWS\Sun 2008-05-02 14:12:24 0 d-------- C:\Documents and Settings\Mohammad\Application Data\Sun 2008-05-02 12:51:42 0 dr-h----- C:\Documents and Settings\Mohammad\Application Data\SecuROM 2008-05-02 12:51:12 0 d-------- C:\Program Files\EA SPORTS 2008-05-01 20:32:16 0 d-------- C:\Program Files\Enigma Software Group 2008-05-01 20:08:23 68096 --a------ C:\WINDOWS\zip.exe 2008-05-01 20:08:23 49152 --a------ C:\WINDOWS\VFind.exe 2008-05-01 20:08:23 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-05-01 20:08:23 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-05-01 20:08:23 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-05-01 20:08:23 98816 --a------ C:\WINDOWS\sed.exe 2008-05-01 20:08:23 80412 --a------ C:\WINDOWS\grep.exe 2008-05-01 20:08:23 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-05-01 15:24:29 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2008-04-30 20:51:25 0 d-------- C:\WINDOWS\SoftwareDistribution 2008-04-30 03:48:29 0 d-------- C:\Program Files\Panda Security 2008-04-29 22:40:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-04-29 19:50:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7 2008-04-29 19:47:30 0 d--hs---- C:\FOUND.002 2008-04-29 13:00:24 0 d-------- C:\Documents and Settings\Mohammad\Application Data\vlc 2008-04-29 12:57:19 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-04-28 19:10:24 0 d-------- C:\Program Files\Common Files\xing shared 2008-04-28 12:10:53 0 --a------ C:\WINDOWS\popcreg.dat 2008-04-28 12:10:53 0 --a------ C:\WINDOWS\popcinfot.dat 2008-04-28 11:55:06 0 dr-h----- C:\$VAULT$.AVG 2008-04-28 11:48:04 0 d-------- C:\Program Files\ReflexiveArcade 2008-04-28 01:57:16 0 d--hs---- C:\FOUND.001 2008-04-27 02:50:17 0 d-------- C:\Program Files\Java 2008-04-27 02:47:46 0 d-------- C:\Program Files\Common Files\Java 2008-04-27 02:32:25 888832 --a------ C:\WINDOWS\system32\securenet.dll 2008-04-27 02:17:19 32 --a------ C:\WINDOWS\go 2008-04-27 02:09:32 0 d-------- C:\Documents and Settings\Mohammad\Application Data\Hide IP NG 2008-04-26 13:49:37 0 d-------- C:\USEDemo 2008-04-26 13:47:58 4096 --a------ C:\WINDOWS\d3dx.dat 2008-04-24 14:27:55 0 d-------- C:\Documents and Settings\NetworkService\Start Menu 2008-04-24 01:48:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-04-24 00:50:35 0 d-------- C:\Program Files\RegCure 2008-04-23 20:12:06 0 d-------- C:\Documents and Settings\Mohammad\Application Data\Opera 2008-04-22 02:00:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-04-22 01:49:59 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-04-22 00:54:34 0 d-------- C:\WINDOWS\pss 2008-04-20 17:05:18 24 --a------ C:\WINDOWS\popcinfo.dat 2008-04-20 17:05:18 0 d-------- C:\Program Files\PopCap Games 2008-04-18 14:01:32 0 d-------- C:\Program Files\Microsoft Silverlight 2008-04-17 00:37:49 0 dr-h----- C:\Documents and Settings\Mohammad\Application Data\yahoo! 2008-04-16 23:12:30 0 d-------- C:\Documents and Settings\Mohammad\Application Data\Grisoft 2008-04-16 22:42:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-04-16 22:41:00 0 d-------- C:\Program Files\Yahoo! 2008-04-16 22:30:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-04-16 22:30:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-04-16 22:18:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-16 22:17:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft 2008-04-16 16:39:39 0 d-------- C:\Documents and Settings\Mohammad\Application Data\AVG7 2008-04-16 16:38:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-16 16:38:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-16 16:38:14 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-16 16:37:04 0 d-------- C:\Documents and Settings\Mohammad\Application Data\Earthsim 2008-04-16 15:54:40 0 d-------- C:\Program Files\Common Files\Real 2008-04-16 15:54:39 0 d-------- C:\Program Files\Real 2008-04-16 15:54:29 0 d-------- C:\Documents and Settings\Mohammad\Application Data\Real 2008-04-16 15:17:39 0 d-------- C:\Program Files\VIA 2008-04-16 15:02:59 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2008-04-16 13:45:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-16 13:25:46 0 d-------- C:\Program Files\Realtek Sound Manager 2008-04-16 13:25:41 0 d-------- C:\Program Files\AvRack 2008-04-16 13:25:28 0 d-------- C:\Program Files\Realtek AC97 2008-04-16 13:00:46 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-04-16 12:58:43 0 d-------- C:\WINDOWS\OPTIONS 2008-04-16 12:58:43 0 d-------- C:\Program Files\Realtek 2008-04-16 12:58:02 0 d-------- C:\Documents and Settings\Mohammad\Application Data\InstallShield 2008-04-16 12:49:25 49152 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-04-16 12:48:29 3727680 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS <Not Verified; Realtek Semiconductor Corp.; Windows (R) WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab)> 2008-04-16 12:48:00 10459136 -ra------ C:\WINDOWS\system32\RTLCPL.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek Audio Sound Effect Manager> 2008-04-16 12:47:57 90112 -----n--- C:\WINDOWS\SOUNDMAN.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek Sound Manager> 2008-04-16 12:47:56 157184 -ra------ C:\WINDOWS\system32\RtlCPAPI.dll <Not Verified; ; RtlCPAPI Module> 2008-04-16 12:47:55 307200 -ra------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool> 2008-04-16 12:47:55 212992 -ra------ C:\WINDOWS\Alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool> 2008-04-16 12:47:52 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-16 12:24:19 139330 --a------ C:\WINDOWS\system32\ServiceM.exe 2008-04-16 12:24:19 290816 --a------ C:\WINDOWS\system32\runcheck.exe 2008-04-16 12:24:19 481792 --a------ C:\WINDOWS\system32\Rscmpt.exe 2008-04-16 12:24:18 670833 --a------ C:\WINDOWS\system32\Nvglati.dll <Not Verified; ATI Corporation; ATI OpenGL ICD for Windows XP> 2008-04-16 12:24:17 249452 --a------ C:\WINDOWS\system32\drivers\atigrp.sys <Not Verified; ATI Corporation; ATI (R) Compatible Super VGA Miniport Driver for Windows XP> 2008-04-16 12:24:17 655360 --a------ C:\WINDOWS\system32\ativideo.dll <Not Verified; ATI Corporation; ATI (R) Super VGA Video Setting> 2008-04-16 12:24:17 745472 --a------ C:\WINDOWS\system32\atiumgr.dll <Not Verified; ATI Corporation; ATI (R) Super VGA Utility Manager> 2008-04-16 12:24:17 368640 --a------ C:\WINDOWS\system32\atiudisp.dll <Not Verified; ATI Corporation; ATI (R) Super VGA Display Modes Setting> 2008-04-16 12:24:17 905216 --a------ C:\WINDOWS\system32\atitry.exe <Not Verified; ATI Corporation Systems; ATI (R) Compatible Super VGA ATITray application> 2008-04-16 12:24:17 258048 --a------ C:\WINDOWS\system32\atiParse.dll <Not Verified; ATI Corporation; ATI (R) Super VGA Script Parser Dynamic Link Library> 2008-04-16 12:24:17 172032 --a------ C:\WINDOWS\system32\atiInst.dll <Not Verified; ATI Corporation; ATInst (R) Compatible Super VGA ATIInst Dynamic Link Library> 2008-04-16 12:24:17 758475 --a------ C:\WINDOWS\system32\atigrv.dll <Not Verified; ATI Corporation System; ATI (R) Compatible Super VGA Dispaly Driver for Windows XP> 2008-04-16 12:24:16 5024 --a------ C:\WINDOWS\system32\drivers\Vichw00.sys 2008-04-16 12:24:16 670833 --a------ C:\WINDOWS\system32\atigl.dll <Not Verified; ATI Systems Corporation; ATI (R) Radeon OpenGL ICD for Windows XP> 2008-04-16 12:24:16 49152 --a------ C:\WINDOWS\system32\ATIchipset2.bin 2008-04-16 12:24:16 49152 --a------ C:\WINDOWS\system32\ATIchipset.bin 2008-04-16 12:24:16 106496 --a------ C:\WINDOWS\system32\atiApCom.dll <Not Verified; ATI Integrated Systems Corporation; ATI (R) Super VGA SiSApCom Dynamic Link Library> 2008-04-16 11:36:26 0 d-------- C:\Documents and Settings\Mohammad\Application Data\Uniblue 2008-04-16 11:20:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-04-16 11:19:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Earthsim 2008-04-16 11:06:49 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-04-16 11:06:49 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-04-16 11:06:49 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-04-16 11:06:49 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-04-16 11:06:49 786432 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT 2008-04-16 11:06:49 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-04-16 11:06:49 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-04-16 11:06:49 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-04-16 11:06:49 0 d-------- C:\Documents and Settings\Administrator\ff_temp 2008-04-16 11:06:49 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-04-16 11:06:49 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-04-16 11:06:49 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2008-04-16 11:06:49 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-04-16 11:06:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-04-16 11:06:49 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-04-16 11:06:49 0 d-------- C:\Documents and Settings\Administrator\7zS18A2.tmp 2008-04-16 11:04:56 0 d--hs---- C:\WINDOWS\CSC 2008-04-16 03:43:40 7864320 --ah----- C:\Documents and Settings\Mohammad\NTUSER.DAT 2008-04-16 03:36:42 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2008-04-16 03:36:25 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2008-04-16 03:28:00 0 d-------- C:\WINDOWS\system32\DllCache 2008-04-16 03:25:21 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-04-16 03:24:59 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat 2008-04-16 03:10:32 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-16 03:10:25 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines> 2008-04-16 03:10:23 0 d-------- C:\Program Files\DAP 2008-04-16 03:03:59 0 d-------- C:\ATI 2008-04-16 02:25:58 0 d-------- C:\Program Files\Common Files\InstallShield 2008-04-16 02:22:02 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-16 02:04:28 0 d--hs---- C:\Documents and Settings\Mohammad\UserData 2008-04-16 01:59:14 0 d-------- C:\Documents and Settings\Mohammad\Application Data\Adobe 2008-04-16 01:53:56 0 d--hs---- C:\Recycled 2008-04-16 01:52:00 0 d-------- C:\Documents and Settings\Mohammad\Application Data\Macromedia 2008-04-16 01:43:40 0 d--h----- C:\Documents and Settings\Mohammad\Templates 2008-04-16 01:43:40 0 dr------- C:\Documents and Settings\Mohammad\Start Menu 2008-04-16 01:43:40 0 dr-h----- C:\Documents and Settings\Mohammad\SendTo 2008-04-16 01:43:40 0 d--h----- C:\Documents and Settings\Mohammad\PrintHood 2008-04-16 01:43:40 0 d--h----- C:\Documents and Settings\Mohammad\NetHood 2008-04-16 01:43:40 0 dr------- C:\Documents and Settings\Mohammad\My Documents 2008-04-16 01:43:40 0 d--h----- C:\Documents and Settings\Mohammad\Local Settings 2008-04-16 01:43:40 0 d-------- C:\Documents and Settings\Mohammad\ff_temp 2008-04-16 01:43:40 0 dr------- C:\Documents and Settings\Mohammad\Favorites 2008-04-16 01:43:40 0 d-------- C:\Documents and Settings\Mohammad\Desktop 2008-04-16 01:43:40 0 d--hs---- C:\Documents and Settings\Mohammad\Cookies 2008-04-16 01:43:40 0 dr-h----- C:\Documents and Settings\Mohammad\Application Data 2008-04-16 01:43:40 0 d-------- C:\Documents and Settings\Mohammad\Application Data\Mozilla 2008-04-16 01:43:40 0 d-------- C:\Documents and Settings\Mohammad\7zS18A2.tmp 2008-04-16 01:43:20 0 d--hs---- C:\FOUND.000 2008-04-16 01:39:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-04-16 01:38:44 4096 -----n--- C:\WINDOWS\system32\SoftwareDistribution 2008-04-16 01:36:55 0 d--hs---- C:\System Volume Information 2008-04-16 01:36:43 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-04-16 01:36:42 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2008-04-16 01:36:42 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2008-04-16 01:36:42 0 d-------- C:\Documents and Settings\LocalService\Application Data 2008-04-16 01:36:42 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2008-04-16 01:36:25 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2008-04-16 01:36:25 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2008-04-16 01:36:25 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2008-04-16 01:36:25 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2008-04-16 01:34:51 524288 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT 2008-04-16 01:34:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-16 01:34:25 0 d-------- C:\Program Files\QuickTime Alternative 2008-04-16 01:34:22 107132 --a------ C:\WINDOWS\UninstallFirefox.exe 2008-04-16 01:34:18 4297 --a------ C:\WINDOWS\mozver.dat 2008-04-16 01:34:18 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla 2008-04-16 01:34:14 0 d-------- C:\Documents and Settings\Default User\ff_temp 2008-04-16 01:34:07 0 d-------- C:\Documents and Settings\Default User\7zS18A2.tmp 2008-04-16 01:33:10 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-16 01:33:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-04-16 01:32:39 0 -rahs---- C:\MSDOS.SYS 2008-04-16 01:32:39 0 -rahs---- C:\IO.SYS 2008-04-16 01:32:39 0 --a------ C:\CONFIG.SYS 2008-04-16 01:32:39 0 --a------ C:\AUTOEXEC.BAT 2008-04-16 01:30:54 0 d--hs---- C:\Documents and Settings\All Users\DRM 2008-04-16 01:30:34 0 dr------- C:\WINDOWS\Offline Web Pages 2008-04-16 01:30:34 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-04-16 01:30:12 0 d--h----- C:\Program Files\WindowsUpdate 2008-04-16 01:30:06 0 d-------- C:\Program Files\Online Services 2008-04-16 01:29:40 0 d-------- C:\WINDOWS\system32\DirectX 2008-04-16 01:29:11 0 d---s---- C:\WINDOWS\Tasks 2008-04-16 01:29:09 0 d-------- C:\Program Files\Common Files\MSSoap 2008-04-16 01:29:05 0 d-------- C:\WINDOWS\srchasst 2008-04-16 01:29:04 0 d-------- C:\WINDOWS\system32\Macromed 2008-04-16 01:28:56 0 d-------- C:\Program Files\Movie Maker 2008-04-16 01:28:48 0 d-------- C:\WINDOWS\system32\Restore 2008-04-16 01:27:35 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-04-16 01:27:10 0 d-------- C:\WINDOWS\Registration 2008-04-16 01:22:20 0 d-------- C:\Program Files\MSN Messenger 2008-04-16 01:22:03 956688 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Calculator Plus> 2008-04-16 01:21:52 342528 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-04-16 01:21:52 0 d-------- C:\Program Files\Windows NT 2008-04-16 01:21:50 753664 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-04-16 01:21:50 420352 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-04-16 01:21:48 0 d-------- C:\WINDOWS\system32\MsDtc 2008-04-16 01:21:47 0 d-------- C:\WINDOWS\system32\Com 2008-04-16 01:14:12 0 d--hs---- C:\WINDOWS\Installer 2008-04-16 01:14:11 0 dr------- C:\Program Files 2008-04-16 01:14:11 0 d-------- C:\Program Files\Common Files 2008-04-16 01:14:11 0 d-------- C:\Program Files\Common Files\ODBC 2008-04-16 01:13:50 69120 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-04-16 01:13:39 0 d--h----- C:\Documents and Settings\Default User\Templates 2008-04-16 01:13:39 0 dr------- C:\Documents and Settings\Default User\Start Menu 2008-04-16 01:13:39 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2008-04-16 01:13:39 0 d--h----- C:\Documents and Settings\Default User\Recent 2008-04-16 01:13:39 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2008-04-16 01:13:39 0 d--h----- C:\Documents and Settings\Default User\NetHood 2008-04-16 01:13:39 0 d-------- C:\Documents and Settings\Default User\My Documents 2008-04-16 01:13:39 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2008-04-16 01:13:39 0 d-------- C:\Documents and Settings\Default User\Favorites 2008-04-16 01:13:39 0 d-------- C:\Documents and Settings\Default User\Desktop 2008-04-16 01:13:39 0 d---s---- C:\Documents and Settings\Default User\Cookies 2008-04-16 01:13:39 0 d--h----- C:\Documents and Settings\All Users\Templates 2008-04-16 01:13:39 0 dr------- C:\Documents and Settings\All Users\Start Menu 2008-04-16 01:13:39 0 d-------- C:\Documents and Settings\All Users\Favorites 2008-04-16 01:13:39 0 dr------- C:\Documents and Settings\All Users\Documents 2008-04-16 01:13:39 0 d-------- C:\Documents and Settings\All Users\Desktop 2008-04-16 01:12:28 0 d-------- C:\WINDOWS\system32\CatRoot2 2008-04-16 01:12:28 0 d-------- C:\WINDOWS\system32\CatRoot 2008-04-16 01:12:23 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2008-04-16 01:12:23 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2008-04-16 01:12:22 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2008-04-16 01:12:22 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-04-16 01:06:54 258048 --a------ C:\WINDOWS\system32\SiSParse.dll <Not Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA Script Parser Dynamic Link Library> 2008-04-16 01:06:53 176128 --a------ C:\WINDOWS\system32\SiSInst.dll <Not Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA SiSInst Dynamic Link Library> 2008-04-16 01:06:53 1127296 --a------ C:\WINDOWS\system32\sisgrv.dll <Not Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA Dispaly Driver for Windows XP> 2008-04-16 01:06:53 1862329 --a------ C:\WINDOWS\system32\sisgl.dll <Not Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA OpenGL ICD> 2008-04-16 01:06:53 49152 --a------ C:\WINDOWS\system32\SiSBase.dll <Not Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA SiSBase Dynamic Link Library> 2008-04-16 01:06:49 5561 --a------ C:\WINDOWS\system32\InstFunc.dll <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> 2008-04-16 01:06:31 49152 --a------ C:\WINDOWS\system32\sis740.bin 2008-04-16 01:06:31 49152 --a------ C:\WINDOWS\system32\sis650.bin 2008-04-16 01:05:28 0 d-------- C:\Documents and Settings 2008-04-16 00:58:32 0 d-------- C:\WINDOWS\system32\PreInstall 2008-04-16 00:58:32 0 d-------- C:\WINDOWS\system32\3com_dmi 2008-04-16 00:58:32 0 d-------- C:\WINDOWS\SDTemp 2008-04-16 00:58:32 0 d-------- C:\WINDOWS\PeerNet 2008-04-16 00:58:32 0 d-------- C:\WINDOWS\pchealth 2008-04-16 00:58:32 0 d-------- C:\WINDOWS\ehome 2008-04-16 00:58:31 0 d-------- C:\WINDOWS 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\WinSxS 2008-04-16 00:58:31 0 dr------- C:\WINDOWS\Web 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\twain_32 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\wins 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\wbem 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\usmt 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\spool 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\ShellExt 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\Setup 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\ras 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\oobe 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\npp 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\mui 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\inetsrv 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\IME 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\icsxml 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\ias 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\export 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\drivers 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\drivers\etc 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\drivers\disdn 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\dhcp 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\config 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\3076 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\2052 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\1054 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\1042 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\1041 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\1037 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\1033 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\1031 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\1028 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system32\1025 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\system 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\security 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\Resources 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\repair 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\Provisioning 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\mui 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\msapps 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\msagent 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\Media 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\java 2008-04-16 00:58:31 0 d--h----- C:\WINDOWS\inf 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\ime 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\Help 2008-04-16 00:58:31 0 dr--s---- C:\WINDOWS\Fonts 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\Driver Cache 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\Debug 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\Cursors 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\Connection Wizard 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\Config 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\AppPatch 2008-04-16 00:58:31 0 d-------- C:\WINDOWS\addins 2008-04-14 05:42:38 7680 --a------ C:\WINDOWS\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Find3M Report --------------------------------------------------------------- 2008-04-16 01:13:40 62 --ahs---- C:\Documents and Settings\Mohammad\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/18/2008 10:24 AM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 10:25 AM] "antinetcut2"="C:\Program Files\Anti Netcut\Anti NetCut.exe" [09/16/2006 02:37 PM] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [01/13/2006 02:42 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpyClean"="C:\Program Files\Netcom3 Cleaner\SpyClean.exe" [] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [05/05/2008 05:00 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "DAP Cleanup"="C:\DOCUME~1\Mohammad\LOCALS~1\Temp\DAPREMOVE.EXE" /CLEANUP /DIR="C:\PROGRA~1\DAP" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" "tscuninstall"=%systemroot%\system32\tscupgrd.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRemoteRecursiveEvents"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"=0 (0x0) "ClearRecentDocsOnExit"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "NoSaveSettings"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMeFWpM] qoMeFWpM.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mohammad^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Mohammad\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14f6849b] rundll32.exe "C:\WINDOWS\system32\omlcrijd.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM17c5b707] Rundll32.exe "C:\WINDOWS\system32\riajvrna.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AntiVirService"=2 (0x2) "AntiVirScheduler"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc -- End of Deckard's System Scanner: finished at 2008-05-09 17:43:09 ------------ |
|
     |
| Thread Tools | |
|
|
