MAin Text
Deckard's System Scanner v20071014.68
Run by jerionmari on 2008-03-20 14:28:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
39: 2008-03-20 06:28:50 UTC - RP39 - Deckard's System Scanner Restore Point
38: 2008-03-19 10:25:46 UTC - RP38 - ComboFix created restore point
37: 2008-03-16 01:54:22 UTC - RP37 - Software Distribution Service 3.0
36: 2008-03-15 02:05:27 UTC - RP36 - Software Distribution Service 3.0
35: 2008-03-15 02:02:07 UTC - RP35 - Installed Windows Media Player 11
-- First Restore Point --
1: 2008-03-05 02:43:57 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-20 14:29:53
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\vbptask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\jerionmari\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com.ph/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.google.com/keyword/%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microtek Scanner Finder.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -
https://www.e-games....GamesPlugin.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.ma...ash/swflash.cabO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5465 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 ivicd (Ivi CDVD Filter Driver) - c:\windows\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
R0 RITFSD - c:\windows\system32\drivers\ritfsd.sys
R0 VVBackd5 - c:\windows\system32\drivers\vvbackd5.sys
R2 Rcfilter - c:\windows\system32\drivers\rcfilter.sys <Not Verified; FarStone Technology Inc.,; Restore IT!>
R3 exdisk (Express Disk Service) - c:\windows\system32\drivers\exdisk.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S3 iviudf - c:\windows\system32\drivers\iviudf.sys <Not Verified; InterVideo; UDF File System Driver>
S3 npkcrypt - c:\program files\gravity\ragnarokonline\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-02-20 and 2008-03-20 -----------------------------
2008-03-20 12:26:45 100754 -r-hs---- C:\un9.cmd
2008-03-20 12:25:32 72192 -r-hs---- C:\WINDOWS\system32\amvo0.dll
2008-03-19 21:07:37 72192 -r-hs---- C:\WINDOWS\system32\amvo1.dll
2008-03-19 21:06:39 100754 -r-hs---- C:\WINDOWS\system32\amvo.exe
2008-03-19 18:49:47 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 18:49:43 0 d-------- C:\Program Files\SpywareBlaster
2008-03-19 18:25:00 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-19 18:25:00 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-19 18:25:00 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-19 18:25:00 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-19 18:06:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-19 11:36:09 99735 -r-hs---- C:\h6o0re.cmd
2008-03-18 15:01:37 0 dr-h----- C:\$VAULT$.AVG
2008-03-16 11:57:55 100836 -r-hs---- C:\3o.exe
2008-03-15 10:14:43 0 d-------- C:\Program Files\Common Files\Nero
2008-03-15 10:13:45 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-03-15 10:13:40 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-15 10:13:40 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-15 10:13:40 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-15 10:13:39 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-03-15 10:13:35 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-15 10:13:34 0 d-------- C:\Program Files\Ahead
2008-03-15 10:07:28 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-15 10:06:06 0 d-------- C:\a19a70a474e0d07f4bbe
2008-03-15 10:06:01 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-15 10:06:01 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-15 10:05:37 0 d-------- C:\59653168b3a8a2751c69
2008-03-15 09:52:54 101166 -r-hs---- C:\cfdflx.com
2008-03-12 11:42:38 100791 -r-hs---- C:\v.cmd
2008-03-11 23:47:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-11 23:47:38 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-03-11 12:52:42 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Google
2008-03-11 12:51:05 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-10 22:16:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-10 22:13:45 103034 -r-hs---- C:\b.com
2008-03-06 09:35:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-06 09:32:07 0 d-------- C:\Program Files\NetGames
2008-03-06 09:20:59 60928 --a------ C:\WINDOWS\system32\drivers\Smplscsi.sys <Not Verified; OnSpec Electronic, Inc.; Microsoft® Windows Operating System>
2008-03-06 09:20:59 7680 --a------ C:\WINDOWS\system32\drivers\Onsreged.sys
2008-03-06 09:20:59 285216 --a------ C:\WINDOWS\system32\drivers\Onsio.sys
2008-03-06 09:20:57 0 d-------- C:\Kpcms
2008-03-06 09:20:54 13962 --a------ C:\WINDOWS\system32\Msmusd6.dll <Not Verified; Microtek International Inc.; ScanMaker 4600>
2008-03-06 09:20:53 0 d-------- C:\Program Files\Microtek
2008-03-06 01:44:50 0 d-------- C:\Program Files\Google
2008-03-06 01:44:45 0 d-------- C:\Program Files\DivX
2008-03-05 19:20:51 0 d--hs---- C:\WINDOWS\Installer
2008-03-05 19:20:50 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-05 19:20:46 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-05 19:20:45 0 dr------- C:\Program Files
2008-03-05 19:20:45 0 d-------- C:\Program Files\Common Files
2008-03-05 19:20:19 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-03-05 19:20:19 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-03-05 19:20:19 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-03-05 19:20:19 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-03-05 19:20:19 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-03-05 19:20:19 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-03-05 19:20:19 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-03-05 19:20:19 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-03-05 19:20:19 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-03-05 19:20:19 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-03-05 19:20:19 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-03-05 19:20:19 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-03-05 19:20:19 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-03-05 19:20:19 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-03-05 19:20:19 0 dr------- C:\Documents and Settings\All Users\Documents
2008-03-05 19:20:19 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-03-05 19:20:05 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-03-05 19:20:05 0 d-------- C:\WINDOWS\system32\CatRoot
2008-03-05 19:20:00 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-03-05 19:20:00 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-03-05 19:20:00 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-03-05 19:20:00 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-03-05 19:19:33 0 d-------- C:\Documents and Settings
2008-03-05 19:19:32 0 d--hs---- C:\System Volume Information
2008-03-05 19:11:13 0 d-------- C:\WINDOWS
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\WinSxS
2008-03-05 19:11:13 0 dr------- C:\WINDOWS\Web
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\twain_32
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\wins
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\wbem
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\usmt
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\spool
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\ShellExt
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\Setup
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\ras
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\oobe
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\npp
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\mui
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\inetsrv
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\IME
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\icsxml
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\ias
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\export
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\drivers
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-03-05 19:11:13 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\dhcp
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\config
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\3076
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\2052
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1054
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1042
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1041
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1037
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1033
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1031
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1028
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1025
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\security
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Resources
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\repair
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Provisioning
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\PeerNet
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\pchealth
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\mui
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\msapps
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\msagent
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Media
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\java
2008-03-05 19:11:13 0 d--h----- C:\WINDOWS\inf
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\ime
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Help
2008-03-05 19:11:13 0 dr--s---- C:\WINDOWS\Fonts
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Driver Cache
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Debug
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Cursors
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Connection Wizard
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Config
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\AppPatch
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\addins
2008-03-05 17:56:36 0 d-------- C:\Program Files\Dragonfly
2008-03-05 17:56:25 0 d-------- C:\Documents and Settings\jerionmari\Application Data\InstallShield
2008-03-05 17:55:44 0 d-------- C:\Program Files\uTorrent
2008-03-05 17:55:27 0 d-------- C:\Documents and Settings\jerionmari\Application Data\uTorrent
2008-03-05 17:49:16 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-03-05 17:49:16 394240 --a------ C:\WINDOWS\system32\Smab.dll
2008-03-05 17:49:16 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-03-05 17:49:16 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-03-05 17:49:16 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-03-05 17:49:16 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-03-05 17:49:15 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-03-05 17:49:15 217073 --a------ C:\WINDOWS\meta4.exe
2008-03-05 17:49:14 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-05 17:48:57 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-03-05 17:48:57 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-03-05 17:48:53 0 d-------- C:\Program Files\eRightSoft
2008-03-05 16:02:53 0 d-------- C:\Documents and Settings\jerionmari\Application Data\LimeWire
2008-03-05 16:02:13 0 d-------- C:\Program Files\Java
2008-03-05 15:59:50 0 d-------- C:\Program Files\Common Files\Java
2008-03-05 15:59:28 0 d-------- C:\Program Files\LimeWire
2008-03-05 15:10:20 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-05 15:10:16 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Mozilla
2008-03-05 15:01:05 0 d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-03-05 14:59:38 495616 --a------ C:\WINDOWS\system32\PICSDK2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-05 14:59:38 73728 --a------ C:\WINDOWS\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-05 14:59:38 77824 --a------ C:\WINDOWS\system32\PICEntry.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-05 14:59:38 114688 --a------ C:\WINDOWS\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-05 14:59:37 111932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-05 14:59:37 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-05 14:59:37 1120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-05 14:59:37 1107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-05 14:59:37 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-05 14:59:37 1136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-05 14:59:37 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-05 14:59:37 1146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-05 14:59:37 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-05 14:59:37 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-05 14:59:37 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-05 14:59:37 21390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-05 14:59:37 11811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-05 14:59:37 24903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-05 14:59:37 20148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-05 14:59:37 31053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-05 14:59:37 27417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-05 14:59:37 26154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-05 14:59:37 65536 --a------ C:\WINDOWS\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-05 14:58:18 0 d-------- C:\Program Files\EPSON
2008-03-05 14:36:36 0 d-------- C:\WINDOWS\network diagnostic
2008-03-05 13:37:54 0 d-------- C:\Program Files\Tales of Pirates Online
2008-03-05 13:35:43 0 d-------- C:\Program Files\Softnyx
2008-03-05 13:26:34 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-03-05 13:06:53 0 d-------- C:\Program Files\Gravity
2008-03-05 12:58:47 0 d-------- C:\WINDOWS\ShellNew
2008-03-05 12:57:41 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Microsoft Web Folders
2008-03-05 12:50:46 0 d-------- C:\Program Files\e-Games
2008-03-05 12:37:44 0 d-------- C:\WINDOWS\pss
2008-03-05 12:14:27 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Grisoft
2008-03-05 12:12:57 0 d-------- C:\Documents and Settings\jerionmari\Application Data\AVG7
2008-03-05 12:12:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-05 12:12:41 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-05 12:11:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 11:59:11 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Macromedia
2008-03-05 11:59:10 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Adobe
2008-03-05 11:18:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-05 11:10:50 0 d--hs---- C:\Documents and Settings\jerionmari\UserData
2008-03-05 11:07:04 183987 --a------ C:\WINDOWS\system32\drivers\VVBackd5.sys
2008-03-05 11:07:01 33249 -ra------ C:\WINDOWS\system32\drivers\RITFSD.sys
2008-03-05 11:07:01 31872 -ra------ C:\WINDOWS\system32\drivers\Rcfilter.sys <Not Verified; FarStone Technology Inc.,; Restore IT!>
2008-03-05 11:07:01 14074 -ra------ C:\WINDOWS\system32\drivers\exdisk.sys
2008-03-05 11:07:01 45056 -ra------ C:\WINDOWS\DxpAppEx.exe
2008-03-05 11:06:58 49152 -ra------ C:\WINDOWS\system32\HookAPI.dll
2008-03-05 11:06:52 32768 -ra------ C:\WINDOWS\system32\RitShell.dll <Not Verified; ; RitShell Module>
2008-03-05 11:06:43 0 d-------- C:\Program Files\FarStone
2008-03-05 11:04:58 10368 -----n--- C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-03-05 11:04:45 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-05 11:04:45 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-05 11:04:45 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-05 11:04:45 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-05 11:04:45 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-05 11:04:45 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-05 11:03:56 59392 --a------ C:\WINDOWS\system32\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-03-05 11:03:56 5248 -----n--- C:\WINDOWS\system32\drivers\udffsrec.sys
2008-03-05 11:03:56 116224 -----n--- C:\WINDOWS\system32\drivers\IviUdf.sys <Not Verified; InterVideo; UDF File System Driver>
2008-03-05 11:03:56 38784 -----n--- C:\WINDOWS\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
2008-03-05 11:03:48 10752 -----n--- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-03-05 11:03:42 26694 --a------ C:\WINDOWS\HWS.exe
2008-03-05 11:03:42 26694 --a------ C:\WINDOWS\HMD.exe
2008-03-05 11:03:42 0 d-------- C:\Program Files\InterVideo
2008-03-05 11:03:42 0 d-------- C:\Documents and Settings\jerionmari\Application Data\InterVideo
2008-03-05 11:01:01 74752 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys <Not Verified; Realtek Semiconductor Corporation; Realtek 10/100/1000 NIC Family all in one NDIS Driver>
2008-03-05 11:01:00 0 d-------- C:\WINDOWS\OPTIONS
2008-03-05 11:00:51 0 d-------- C:\WINDOWS\system32\Lang
2008-03-05 10:57:55 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-03-05 10:57:30 0 d-------- C:\WINDOWS\system32\RTCOM
2008-03-05 10:56:32 0 d-------- C:\Program Files\Realtek
2008-03-05 10:56:28 487424 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-03-05 10:54:22 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-03-05 10:49:46 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-05 10:49:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-05 10:49:07 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-05 10:47:52 0 d-------- C:\Program Files\MSXML 4.0
2008-03-05 10:47:25 0 d-------- C:\TempEI4
2008-03-05 10:45:09 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-05 10:45:07 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-05 10:43:46 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Identities
2008-03-05 10:43:39 0 d--h----- C:\Documents and Settings\jerionmari\Templates
2008-03-05 10:43:39 0 dr------- C:\Documents and Settings\jerionmari\Start Menu
2008-03-05 10:43:39 0 dr-h----- C:\Documents and Settings\jerionmari\SendTo
2008-03-05 10:43:39 0 dr-h----- C:\Documents and Settings\jerionmari\Recent
2008-03-05 10:43:39 0 d--h----- C:\Documents and Settings\jerionmari\PrintHood
2008-03-05 10:43:39 0 d--h----- C:\Documents and Settings\jerionmari\NetHood
2008-03-05 10:43:39 0 dr------- C:\Documents and Settings\jerionmari\My Documents
2008-03-05 10:43:39 0 d--h----- C:\Documents and Settings\jerionmari\Local Settings
2008-03-05 10:43:39 0 dr------- C:\Documents and Settings\jerionmari\Favorites
2008-03-05 10:43:39 0 d-------- C:\Documents and Settings\jerionmari\Desktop
2008-03-05 10:43:39 0 d--hs---- C:\Documents and Settings\jerionmari\Cookies
2008-03-05 10:43:39 0 d--h----- C:\Documents and Settings\jerionmari\Application Data
2008-03-05 10:43:38 2621440 --ah----- C:\Documents and Settings\jerionmari\NTUSER.DAT
2008-03-05 10:38:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-05 10:34:59 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-03-05 10:34:58 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-03-05 10:34:58 0 d-------- C:\WINDOWS\Prefetch
2008-03-05 10:34:57 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-03-05 10:34:57 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-03-05 10:34:57 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-03-05 10:34:57 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-03-05 10:34:57 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-03-05 10:34:40 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-03-05 10:34:40 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-03-05 10:34:40 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-03-05 10:34:40 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-03-05 10:34:40 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-03-05 10:31:53 0 d-------- C:\WINDOWS\system32\xircom
2008-03-05 10:31:53 0 d-------- C:\Program Files\microsoft frontpage
2008-03-05 10:31:51 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-03-05 10:31:45 0 -rahs---- C:\MSDOS.SYS
2008-03-05 10:31:45 0 -rahs---- C:\IO.SYS
2008-03-05 10:31:45 0 --a------ C:\CONFIG.SYS
2008-03-05 10:31:45 0 --a------ C:\AUTOEXEC.BAT
2008-03-05 10:30:55 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-03-05 10:30:47 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-05 10:30:47 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-03-05 10:30:36 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-05 10:30:14 0 d-------- C:\WINDOWS\system32\DirectX
2008-03-05 10:29:35 0 d---s---- C:\WINDOWS\Tasks
2008-03-05 10:29:34 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-05 10:29:28 0 d-------- C:\WINDOWS\srchasst
2008-03-05 10:29:27 0 d-------- C:\WINDOWS\system32\Macromed
2008-03-05 10:29:16 0 d-------- C:\Program Files\Movie Maker
2008-03-05 10:29:06 0 d-------- C:\WINDOWS\system32\Restore
2008-03-05 10:28:44 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-05 10:28:30 0 d-------- C:\WINDOWS\Registration
2008-03-05 10:28:03 0 d-------- C:\Program Files\Online Services
2008-03-05 10:27:58 0 d-------- C:\Program Files\Messenger
2008-03-05 10:27:53 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-05 10:27:03 0 d-------- C:\Program Files\Windows NT
2008-03-05 10:26:59 0 d-------- C:\WINDOWS\system32\MsDtc
2008-03-05 10:26:57 0 d-------- C:\WINDOWS\system32\Com
-- Find3M Report ---------------------------------------------------------------
2008-03-05 19:20:19 62 --ahs---- C:\Documents and Settings\jerionmari\Application Data\desktop.ini
2008-03-05 11:05:19 56 --a------ C:\Program Files\Common Files\appop.log
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [10/15/2005 09:51 AM C:\WINDOWS\RTHDCPL.EXE]
"RestoreIT!"="C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.exe" [04/29/2005 08:39 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/05/2008 12:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
"amva"="C:\WINDOWS\system32\amvo.exe" [03/20/2008 12:26 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [3/6/2008 9:20:54 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C59 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S8A.tmp" /EF "HKLM"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
"C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a717d25-ea70-11dc-93d7-0016763c047e}]
AutoRun\command- F:\h6o0re.cmd
explore\Command- F:\h6o0re.cmd
open\Command- F:\h6o0re.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c68a622-f4d5-11dc-9409-0016763c047e}]
Auto\command- setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a8d04a0-ea8a-11dc-93dc-0016763c047e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
Explore\Command- Desktop.exe
Open\Command- Desktop.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a8d04a6-ea8a-11dc-93dc-0016763c047e}]
Autoplay\Command- F:\xmss.exe
AutoRun\command- F:\xmss.exe
Explore\Command- F:\xmss.exe
Open\Command- F:\xmss.exe
-- End of Deckard's System Scanner: finished at 2008-03-20 14:31:03 ------------