Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another Onlinegames virus [CLOSED]

Started by cirej , Apr 04 2008 06:31 AM

  • This topic is locked This topic is locked

#1
cirej
Posted 04 April 2008 - 06:31 AM

cirej

    Member

  • Member
  • PipPip
  • 18 posts
Good day,

This is my second time posting here and it seems the first one i posted was not been answer..
Anyway, I have this great problem on this virus that keeps coming back... I think this virus was still on my D: directory of the hard disk.. cause when I open this partition AVG alert me with onlinegames virus...

Thank you very much for any answer.... Im desperately want to remove this virus and I dont want to format my HD to 0..

Below is y Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:43 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\vbptask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\660425732726e9b33577f4657b36117d\update\update.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 3941 bytes
  • 0

Advertisements

#2
koko_crunch
Posted 09 April 2008 - 03:46 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello cirej and Welcome to Geeks to Go!

Sorry for the delay in response time, rough week.

Let's start.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#3
cirej
Posted 14 April 2008 - 03:17 AM

cirej

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thankyou for the welcome koko_crunch.. here is the result of the scan... unfortunately no virus or malware was found... but right now my system is slow than usual and everytime i log-in on a online game my keyboard was been disconnected by the system.. please help me more with this problem... thank you in advance

Malwarebytes' Anti-Malware 1.11
Database version: 623

Scan type: Full Scan (B:\|C:\|D:\|)
Objects scanned: 116214
Time elapsed: 27 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
koko_crunch
Posted 14 April 2008 - 08:51 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
No biggie. :)

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Then,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
cirej
Posted 15 April 2008 - 07:15 PM

cirej

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry for the late reply and posting... due to a busy week

Anyway as result to the two computer scan the result is as follow:
SuperAntiSpyware --> no malware was found and no report generated
and for the Deckard's System Scanner here is the report...

Deckard's System Scanner v20071014.68
Run by jerion on 2008-04-16 00:48:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
37: 2008-04-16 07:48:41 UTC - RP37 - Deckard's System Scanner Restore Point
36: 2008-04-15 03:05:58 UTC - RP36 - System Checkpoint
35: 2008-04-12 19:36:39 UTC - RP35 - Installed Garena
34: 2008-04-11 07:44:20 UTC - RP34 - Software Distribution Service 3.0
33: 2008-04-10 03:03:05 UTC - RP33 - System Checkpoint


-- First Restore Point --
1: 2008-03-30 21:46:03 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as jerion.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:19 AM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Autorun Eater\billy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\jerion\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jerion.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 5522 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ivicd (Ivi CDVD Filter Driver) - c:\windows\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
R0 RITFSD - c:\windows\system32\drivers\ritfsd.sys
R0 VVBackd5 - c:\windows\system32\drivers\vvbackd5.sys
R2 Rcfilter - c:\windows\system32\drivers\rcfilter.sys <Not Verified; FarStone Technology Inc.,; Restore IT!>
R3 exdisk (Express Disk Service) - c:\windows\system32\drivers\exdisk.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 iviudf - c:\windows\system32\drivers\iviudf.sys <Not Verified; InterVideo; UDF File System Driver>
S3 npkcrypt - c:\program files\gravity\ragnarokonline\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-16 and 2008-04-16 -----------------------------

2008-04-14 19:43:00 0 d-------- C:\Documents and Settings\jerion\Application Data\Malwarebytes
2008-04-14 19:42:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-14 19:42:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 12:36:40 53248 --a------ C:\WINDOWS\system32\ImageOle.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-04-12 12:36:39 0 d-------- C:\Program Files\Garena
2008-04-12 12:36:29 0 d-------- C:\Documents and Settings\jerion\Application Data\InstallShield
2008-04-11 21:03:21 0 d-------- C:\Documents and Settings\jerion\Application Data\Yahoo!
2008-04-11 21:03:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-11 20:59:39 0 d-------- C:\Documents and Settings\jerion\Application Data\Macromedia
2008-04-11 20:58:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-11 20:57:13 0 d-------- C:\Program Files\Yahoo!
2008-04-10 15:19:05 0 d-------- C:\Program Files\uTorrent
2008-04-10 15:19:01 0 d-------- C:\Documents and Settings\jerion\Application Data\uTorrent
2008-04-07 13:59:25 0 d-------- C:\WINDOWS\ShellNew
2008-04-07 13:58:38 0 d-------- C:\Documents and Settings\jerion\Application Data\Microsoft Web Folders
2008-04-07 13:41:42 60928 --a------ C:\WINDOWS\system32\drivers\Smplscsi.sys <Not Verified; OnSpec Electronic, Inc.; Microsoft® Windows™ Operating System>
2008-04-07 13:41:42 7680 --a------ C:\WINDOWS\system32\drivers\Onsreged.sys
2008-04-07 13:41:41 285216 --a------ C:\WINDOWS\system32\drivers\Onsio.sys
2008-04-07 13:41:39 0 d-------- C:\Kpcms
2008-04-07 13:41:36 13962 --a------ C:\WINDOWS\system32\Msmusd6.dll <Not Verified; Microtek International Inc.; ScanMaker 4600>
2008-04-07 13:41:36 0 d-------- C:\Program Files\Microtek
2008-04-06 17:08:46 0 d-------- C:\WINDOWS\system32\ctfmon.exe
2008-04-06 16:57:02 0 d-------- C:\New Folder
2008-04-05 14:00:00 0 d-------- C:\AUTORUN.INF
2008-04-05 03:10:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-05 03:05:04 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-05 03:05:04 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-05 03:05:04 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-05 03:05:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-05 03:05:04 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-05 03:05:03 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-05 03:05:03 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-05 03:05:03 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-05 03:05:03 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-05 03:05:03 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-05 03:05:03 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-05 03:05:03 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-05 03:05:03 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-05 03:05:03 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-04 23:48:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-04 23:48:58 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-04 23:20:56 0 d-------- C:\Program Files\Trend Micro
2008-04-04 23:16:41 0 d-------- C:\WINDOWS\network diagnostic
2008-04-04 22:30:57 0 d-------- C:\Documents and Settings\jerion\Application Data\Talkback
2008-04-04 22:30:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-04 22:30:40 0 d-------- C:\Documents and Settings\jerion\Application Data\Mozilla
2008-04-04 17:43:25 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-04 17:43:23 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-04 16:10:52 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-04-04 16:10:34 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-31 23:10:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-31 17:48:40 0 d-------- C:\Documents and Settings\jerion\Application Data\Ahead
2008-03-31 17:45:14 0 dr-h----- C:\$VAULT$.AVG
2008-03-30 18:45:19 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-30 18:45:19 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-03-30 18:45:19 66005 --a------ C:\WINDOWS\War3Unin.dat
2008-03-30 18:38:57 0 d-------- C:\Program Files\Warcraft III
2008-03-30 18:28:59 394240 --a------ C:\WINDOWS\system32\Smab.dll
2008-03-30 18:28:59 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-03-30 18:28:59 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-03-30 18:28:58 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-03-30 18:28:58 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-03-30 18:28:58 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-03-30 18:28:58 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-03-30 18:28:58 217073 --a------ C:\WINDOWS\meta4.exe
2008-03-30 18:28:57 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-30 18:28:47 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-03-30 18:28:47 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-03-30 18:28:43 0 d-------- C:\Program Files\eRightSoft
2008-03-30 18:26:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-30 18:26:32 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-30 18:26:32 0 d-------- C:\Documents and Settings\jerion\Application Data\SUPERAntiSpyware.com
2008-03-30 18:26:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 18:25:47 0 d-------- C:\Documents and Settings\jerion\Application Data\AVG7
2008-03-30 18:25:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-30 18:25:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 18:25:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-30 18:09:34 0 d-------- C:\Program Files\AC3Filter
2008-03-30 18:09:14 0 d-------- C:\Program Files\DivX
2008-03-30 18:05:41 0 d-------- C:\Program Files\NetGames
2008-03-30 18:05:00 0 d-------- C:\Program Files\Autorun Eater
2008-03-30 17:55:51 0 d-------- C:\Program Files\Tales of Pirates Online
2008-03-30 17:53:54 0 d-------- C:\Program Files\Softnyx
2008-03-30 17:45:39 0 d-------- C:\WINDOWS\pss
2008-03-30 16:51:33 0 d-------- C:\Program Files\RF Online Crimson Dawn
2008-03-30 16:24:22 0 d-------- C:\WINDOWS\Perfect World
2008-03-30 16:24:22 0 d-------- C:\Program Files\Perfect World
2008-03-30 16:20:25 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-03-30 16:20:03 0 d-------- C:\Program Files\Common Files\Nero
2008-03-30 16:18:35 2932736 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine>
2008-03-30 16:17:55 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-03-30 16:17:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-30 16:17:54 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-03-30 16:17:54 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-03-30 16:17:54 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-30 16:17:54 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-30 16:17:54 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-30 16:17:46 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-30 16:17:45 0 d-------- C:\Program Files\Ahead
2008-03-30 16:05:05 0 d-------- C:\Program Files\e-Games
2008-03-30 15:58:58 0 d-------- C:\Program Files\FreeStyle Philippines
2008-03-30 15:44:28 0 d-------- C:\Program Files\Gravity
2008-03-30 15:39:00 0 d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-03-30 15:36:16 495616 --a------ C:\WINDOWS\system32\PICSDK2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-30 15:36:16 73728 --a------ C:\WINDOWS\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-30 15:36:16 77824 --a------ C:\WINDOWS\system32\PICEntry.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-30 15:36:16 114688 --a------ C:\WINDOWS\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-30 15:36:16 111932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-30 15:36:16 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-30 15:36:16 1120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-30 15:36:16 1107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-30 15:36:16 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-30 15:36:16 1136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-30 15:36:16 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-30 15:36:16 1146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-30 15:36:16 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-30 15:36:16 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-30 15:36:16 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-30 15:36:16 21390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-30 15:36:16 11811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-30 15:36:16 24903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-30 15:36:16 20148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-30 15:36:16 31053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-30 15:36:16 27417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-30 15:36:16 26154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-30 15:36:16 65536 --a------ C:\WINDOWS\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-30 15:34:51 0 d-------- C:\Program Files\EPSON
2008-03-30 15:06:26 0 d-------- C:\Documents and Settings\jerion\Application Data\Symantec
2008-03-30 15:05:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-30 15:04:49 183987 --a------ C:\WINDOWS\system32\drivers\VVBackd5.sys
2008-03-30 15:04:46 33249 -ra------ C:\WINDOWS\system32\drivers\RITFSD.sys
2008-03-30 15:04:46 31872 -ra------ C:\WINDOWS\system32\drivers\Rcfilter.sys <Not Verified; FarStone Technology Inc.,; Restore IT!>
2008-03-30 15:04:46 14074 -ra------ C:\WINDOWS\system32\drivers\exdisk.sys
2008-03-30 15:04:46 45056 -ra------ C:\WINDOWS\DxpAppEx.exe
2008-03-30 15:04:44 49152 -ra------ C:\WINDOWS\system32\HookAPI.dll
2008-03-30 15:04:40 32768 -ra------ C:\WINDOWS\system32\RitShell.dll <Not Verified; ; RitShell Module>
2008-03-30 15:04:31 0 d-------- C:\Program Files\FarStone
2008-03-30 15:02:43 10368 -----n--- C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-03-30 15:02:36 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-30 15:02:36 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-30 15:02:36 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-30 15:02:36 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-30 15:02:36 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-30 15:02:36 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-30 15:01:56 5248 -----n--- C:\WINDOWS\system32\drivers\udffsrec.sys
2008-03-30 15:01:56 116224 -----n--- C:\WINDOWS\system32\drivers\IviUdf.sys <Not Verified; InterVideo; UDF File System Driver>
2008-03-30 15:01:56 38784 -----n--- C:\WINDOWS\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
2008-03-30 15:01:55 59392 --a------ C:\WINDOWS\system32\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-03-30 15:01:47 10752 -----n--- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-03-30 15:01:39 26694 --a------ C:\WINDOWS\HWS.exe
2008-03-30 15:01:39 26694 --a------ C:\WINDOWS\HMD.exe
2008-03-30 15:01:39 0 d-------- C:\Program Files\InterVideo
2008-03-30 15:01:38 0 d-------- C:\Documents and Settings\jerion\Application Data\InterVideo
2008-03-30 15:01:16 0 d-------- C:\WINDOWS\Profiles
2008-03-30 15:01:00 0 d-------- C:\WINDOWS\system32\Adobe
2008-03-30 15:01:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-30 15:01:00 0 d-------- C:\Documents and Settings\jerion\Application Data\InterTrust
2008-03-30 15:01:00 0 d-------- C:\Documents and Settings\jerion\Application Data\Adobe
2008-03-30 15:00:58 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-30 14:59:05 74752 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys <Not Verified; Realtek Semiconductor Corporation; Realtek 10/100/1000 NIC Family all in one NDIS Driver>
2008-03-30 14:59:04 0 d-------- C:\WINDOWS\OPTIONS
2008-03-30 14:58:38 0 d-------- C:\WINDOWS\system32\Lang
2008-03-30 14:55:48 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-03-30 14:55:26 0 d-------- C:\WINDOWS\system32\RTCOM
2008-03-30 14:54:36 0 d-------- C:\Program Files\Realtek
2008-03-30 14:54:33 487424 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-03-30 14:52:48 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-03-30 14:49:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-30 14:49:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-30 14:49:00 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-30 14:48:10 0 d-------- C:\Program Files\MSXML 4.0
2008-03-30 14:47:42 0 d-------- C:\TempEI4
2008-03-30 14:45:51 0 d-------- C:\Documents and Settings\jerion\Application Data\Identities
2008-03-30 14:45:43 0 d--h----- C:\Documents and Settings\jerion\Templates
2008-03-30 14:45:43 0 dr------- C:\Documents and Settings\jerion\Start Menu
2008-03-30 14:45:43 0 dr-h----- C:\Documents and Settings\jerion\SendTo
2008-03-30 14:45:43 0 dr-h----- C:\Documents and Settings\jerion\Recent
2008-03-30 14:45:43 0 d--h----- C:\Documents and Settings\jerion\PrintHood
2008-03-30 14:45:43 3670016 --ah----- C:\Documents and Settings\jerion\NTUSER.DAT
2008-03-30 14:45:43 0 d--h----- C:\Documents and Settings\jerion\NetHood
2008-03-30 14:45:43 0 dr------- C:\Documents and Settings\jerion\My Documents
2008-03-30 14:45:43 0 d--h----- C:\Documents and Settings\jerion\Local Settings
2008-03-30 14:45:43 0 dr------- C:\Documents and Settings\jerion\Favorites
2008-03-30 14:45:43 0 d-------- C:\Documents and Settings\jerion\Desktop
2008-03-30 14:45:43 0 d--hs---- C:\Documents and Settings\jerion\Cookies
2008-03-30 14:45:43 0 dr-h----- C:\Documents and Settings\jerion\Application Data
2008-03-30 14:44:39 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-03-30 14:44:27 0 d-------- C:\WINDOWS\Prefetch
2008-03-30 14:44:26 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-03-30 14:44:25 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-03-30 14:44:25 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-03-30 14:44:25 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-03-30 14:44:25 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-03-30 14:44:25 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-03-30 14:44:11 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-03-30 14:44:11 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-03-30 14:44:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-03-30 14:44:11 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-03-30 14:44:10 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-03-30 14:41:22 0 d-------- C:\WINDOWS\system32\xircom
2008-03-30 14:41:22 0 d-------- C:\Program Files\microsoft frontpage
2008-03-30 14:41:20 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-03-30 14:41:14 0 -rahs---- C:\MSDOS.SYS
2008-03-30 14:41:14 0 -rahs---- C:\IO.SYS
2008-03-30 14:41:14 0 --a------ C:\CONFIG.SYS
2008-03-30 14:41:14 0 --a------ C:\AUTOEXEC.BAT
2008-03-30 14:40:09 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-03-30 14:40:00 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-30 14:40:00 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-03-30 14:39:50 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-30 14:39:29 0 d-------- C:\WINDOWS\system32\DirectX
2008-03-30 14:38:54 0 d---s---- C:\WINDOWS\Tasks
2008-03-30 14:38:53 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-30 14:38:49 0 d-------- C:\WINDOWS\srchasst
2008-03-30 14:38:48 0 d-------- C:\WINDOWS\system32\Macromed
2008-03-30 14:38:38 0 d-------- C:\Program Files\Movie Maker
2008-03-30 14:38:30 0 d-------- C:\WINDOWS\system32\Restore
2008-03-30 14:38:11 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-30 14:37:57 0 d-------- C:\WINDOWS\Registration
2008-03-30 14:37:29 0 d-------- C:\Program Files\Online Services
2008-03-30 14:37:23 0 d-------- C:\Program Files\Messenger
2008-03-30 14:37:19 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-30 14:36:35 0 d-------- C:\Program Files\Windows NT
2008-03-30 14:36:32 0 d-------- C:\WINDOWS\system32\MsDtc
2008-03-30 14:36:30 0 d-------- C:\WINDOWS\system32\Com
2008-03-30 06:29:41 0 d--hs---- C:\WINDOWS\Installer
2008-03-30 06:29:40 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-30 06:29:36 0 dr------- C:\Program Files
2008-03-30 06:29:36 0 d-------- C:\Program Files\Common Files
2008-03-30 06:29:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-30 06:29:12 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-03-30 06:29:12 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-03-30 06:29:12 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-03-30 06:29:12 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-03-30 06:29:12 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-03-30 06:29:12 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-03-30 06:29:12 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-03-30 06:29:12 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-03-30 06:29:12 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-03-30 06:29:12 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-03-30 06:29:12 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-03-30 06:29:12 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-03-30 06:29:12 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-03-30 06:29:12 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-03-30 06:29:12 0 dr------- C:\Documents and Settings\All Users\Documents
2008-03-30 06:29:12 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-03-30 06:28:59 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-03-30 06:28:59 0 d-------- C:\WINDOWS\system32\CatRoot
2008-03-30 06:28:54 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-03-30 06:28:54 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-03-30 06:28:54 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-03-30 06:28:54 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-03-30 06:28:30 0 d--hs---- C:\System Volume Information
2008-03-30 06:28:30 0 d-------- C:\Documents and Settings
2008-03-30 06:20:10 0 d-------- C:\WINDOWS
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\WinSxS
2008-03-30 06:20:10 0 dr------- C:\WINDOWS\Web
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\twain_32
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\wins
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\wbem
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\usmt
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\spool
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\ShellExt
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\Setup
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\ras
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\oobe
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\npp
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\mui
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\inetsrv
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\IME
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\icsxml
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\ias
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\export
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\drivers
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-03-30 06:20:10 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\dhcp
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\config
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\3076
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\2052
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1054
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1042
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1041
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1037
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1033
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1031
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1028
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1025
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\security
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Resources
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\repair
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Provisioning
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\PeerNet
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\pchealth
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\mui
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\msapps
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\msagent
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Media
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\java
2008-03-30 06:20:10 0 d--h----- C:\WINDOWS\inf
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\ime
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Help
2008-03-30 06:20:10 0 dr--s---- C:\WINDOWS\Fonts
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Driver Cache
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Debug
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Cursors
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Connection Wizard
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Config
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\AppPatch
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-03-30 15:03:01 56 --a------ C:\Program Files\Common Files\appop.log
2008-03-30 06:29:12 62 --ahs---- C:\Documents and Settings\jerion\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [10/14/2005 06:51 PM C:\WINDOWS\RTHDCPL.exe]
"Autorun Eater"="C:\Program Files\Autorun Eater\oldmcdonald.exe" [01/31/2008 03:48 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/30/2008 06:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 05:03 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [4/7/2008 1:41:36 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C59 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S162.tmp" /EF "HKLM"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreIT!]
"C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
"C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"




-- End of Deckard's System Scanner: finished at 2008-04-16 00:50:28 ------------

and may I also include the online scan I made last Apr. 5, 2008 with Kaspersky Online Scan

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 05, 2008 2:58:35 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/04/2008
Kaspersky Anti-Virus database records: 681538
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
B:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 81668
Number of viruses found: 6
Number of infected objects: 43
Number of suspicious objects: 0
Duration of the scan process: 01:29:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\jerion\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-4-2008( 23-34-18 ).LOG Object is locked skipped
C:\Documents and Settings\jerion\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jerion\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jerion\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jerion\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jerion\Local Settings\Temp\~DF4F08.tmp Object is locked skipped
C:\Documents and Settings\jerion\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jerion\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jerion\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jerion\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{012C3B24-DC0E-4065-99A8-BEDFC24A123F}\RP30\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{560E43A8-0E4B-412A-B0D3-68905CE1D020}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso ISOimage: infected - 3 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP18\A0001801.cmd Object is locked skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP18\A0001802.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP18\A0001938.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP18\A0001948.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP19\A0001952.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP22\A0002420.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP34\A0003561.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP35\A0003567.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP36\A0003571.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP36\A0003700.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP36\A0003718.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP36\A0003740.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP36\A0003753.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0003791.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004804.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004827.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004847.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004862.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004884.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004901.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004914.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004925.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004938.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004949.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004964.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004982.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0005982.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0005994.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0006994.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0007021.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0007032.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0007048.inf Infected: Trojan-PSW.Win32.OnLineGames.upg skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0007070.inf Infected: Trojan-PSW.Win32.OnLineGames.uyx skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP38\A0007094.inf Infected: Trojan-PSW.Win32.OnLineGames.uyx skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP38\A0007167.inf Infected: Trojan-PSW.Win32.OnLineGames.uyx skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP38\A0007190.inf Infected: Worm.Win32.AutoRun.dao skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP39\A0007196.inf Infected: Worm.Win32.AutoRun.dao skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP40\A0007200.inf Infected: Worm.Win32.AutoRun.dao skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP40\A0007214.inf Infected: Worm.Win32.AutoRun.dao skipped
D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP40\A0008214.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped

Scan process completed.


--------------------------------------------------------------------------------------

As report show viruses resides on my partition D: of the hard drive... when I use the system restore using RestoreIt application my system will go fast like before but when I start using or open my files at the D: partition my system will become slow again and a ctfmon.exe runs on my system and an Autorun.inf infected my C: drive also...

However last April 8.. using safemode with command prompt..and manually deleted the ctfmon.exe and autorun.inf and created a folder named ctfmon.exe to my system32 and a folder autorun.inf on my root directories C:& D:... now the ctfmon.exe is not running but still my system turns slow when I use my D: partition...

I hope this my help to solve my problem and did not bring you to confusion... thank you very much
  • 0

#6
koko_crunch
Posted 16 April 2008 - 09:15 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
No problem. Just don't do system restore, you could be restoring the source of the infection.

Next,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    D:\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe
D:\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso/Toolbar.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Then,

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please post back with
-Otmoveit log
-Panda active scan log
- New DSS main.txt
  • 0

#7
cirej
Posted 16 April 2008 - 12:06 PM

cirej

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
AS instructed here are the result of the scan...

OTMoveIt2 encountered an error during the Moveit process "Invalid time flag (nero_photoshow_5_setup.exe) Must be numerical"

For the Panda Active Scan here is the report:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-17 04:52:54
PROTECTIONS: 1
MALWARE: 18
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.519 7.5.519 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.mediaplex.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.burstnet.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.overture.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\jerion\Application Data\Mozilla\Firefox\Profiles\14pximjj.default\cookies.txt[.zedo.com/]
02883794 Application/DiskKnight HackTools No 0 Yes No C:\Program Files\Autorun Eater\Autorun Backup\autorun2.inf
02906495 W32/Legmir.AVU.worm Virus/Worm No 1 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP33\A0002398.inf
02906495 W32/Legmir.AVU.worm Virus/Worm No 1 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP34\A0003507.inf
02906495 W32/Legmir.AVU.worm Virus/Worm No 1 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP34\A0003473.inf
02906495 W32/Legmir.AVU.worm Virus/Worm No 1 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP34\A0003457.inf
02906495 W32/Legmir.AVU.worm Virus/Worm No 1 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP32\A0002393.inf
02906495 W32/Legmir.AVU.worm Virus/Worm No 1 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP34\A0003434.inf
02906495 W32/Legmir.AVU.worm Virus/Worm No 1 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP34\A0003415.inf
02906671 W32/Lineage.HUD.worm Virus/Worm No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP34\A0003530.inf
02906671 W32/Lineage.HUD.worm Virus/Worm No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP34\A0003544.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0006994.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0007021.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0007032.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0007048.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0005994.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0005982.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004804.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004827.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004847.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004862.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004884.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004901.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004914.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004925.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004938.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004949.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004964.inf
02907228 W32/Lineage.HVS.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP37\A0004982.inf
02908163 W32/Lineage.HXI.drp Virus No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP18\A0001801.cmd
02908201 W32/Lineage.HXI.worm Virus/Worm No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP18\A0001948.inf
02908201 W32/Lineage.HXI.worm Virus/Worm No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP18\A0001938.inf
02908201 W32/Lineage.HXI.worm Virus/Worm No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP18\A0001802.inf
02908201 W32/Lineage.HXI.worm Virus/Worm No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP19\A0001952.inf
02908201 W32/Lineage.HXI.worm Virus/Worm No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP22\A0002420.inf
02908201 W32/Lineage.HXI.worm Virus/Worm No 0 Yes No D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP40\A0008214.inf
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location '
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description '
;===============================================================================
=================================================================================
===================
170904 HIGH MS07-043 '
;===============================================================================
=================================================================================
===================


And the new DSS main.txt

Deckard's System Scanner v20071014.68
Run by jerion on 2008-04-17 04:55:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jerion.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:28 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Autorun Eater\billy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\jerion\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jerion.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 5554 bytes

-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-17 03:45:21 0 d-------- C:\WINDOWS\LastGood
2008-04-17 03:45:01 1847 --a------ C:\WINDOWS\mozver.dat
2008-04-17 03:45:01 0 d-------- C:\Program Files\Panda Security
2008-04-14 19:43:00 0 d-------- C:\Documents and Settings\jerion\Application Data\Malwarebytes
2008-04-14 19:42:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-14 19:42:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 12:36:40 53248 --a------ C:\WINDOWS\system32\ImageOle.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-04-12 12:36:39 0 d-------- C:\Program Files\Garena
2008-04-12 12:36:29 0 d-------- C:\Documents and Settings\jerion\Application Data\InstallShield
2008-04-11 21:03:21 0 d-------- C:\Documents and Settings\jerion\Application Data\Yahoo!
2008-04-11 21:03:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-11 20:59:39 0 d-------- C:\Documents and Settings\jerion\Application Data\Macromedia
2008-04-11 20:58:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-11 20:57:13 0 d-------- C:\Program Files\Yahoo!
2008-04-10 15:19:05 0 d-------- C:\Program Files\uTorrent
2008-04-10 15:19:01 0 d-------- C:\Documents and Settings\jerion\Application Data\uTorrent
2008-04-07 13:59:25 0 d-------- C:\WINDOWS\ShellNew
2008-04-07 13:58:38 0 d-------- C:\Documents and Settings\jerion\Application Data\Microsoft Web Folders
2008-04-07 13:41:42 60928 --a------ C:\WINDOWS\system32\drivers\Smplscsi.sys <Not Verified; OnSpec Electronic, Inc.; Microsoft® Windows™ Operating System>
2008-04-07 13:41:42 7680 --a------ C:\WINDOWS\system32\drivers\Onsreged.sys
2008-04-07 13:41:41 285216 --a------ C:\WINDOWS\system32\drivers\Onsio.sys
2008-04-07 13:41:39 0 d-------- C:\Kpcms
2008-04-07 13:41:36 13962 --a------ C:\WINDOWS\system32\Msmusd6.dll <Not Verified; Microtek International Inc.; ScanMaker 4600>
2008-04-07 13:41:36 0 d-------- C:\Program Files\Microtek
2008-04-06 17:08:46 0 d-------- C:\WINDOWS\system32\ctfmon.exe
2008-04-06 16:57:02 0 d-------- C:\New Folder
2008-04-05 14:00:00 0 d-------- C:\AUTORUN.INF
2008-04-05 03:10:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-05 03:05:04 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-05 03:05:04 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-05 03:05:04 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-05 03:05:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-05 03:05:04 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-05 03:05:03 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-05 03:05:03 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-05 03:05:03 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-05 03:05:03 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-05 03:05:03 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-05 03:05:03 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-05 03:05:03 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-05 03:05:03 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-05 03:05:03 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-04 23:48:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-04 23:48:58 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-04 23:20:56 0 d-------- C:\Program Files\Trend Micro
2008-04-04 23:16:41 0 d-------- C:\WINDOWS\network diagnostic
2008-04-04 22:30:57 0 d-------- C:\Documents and Settings\jerion\Application Data\Talkback
2008-04-04 22:30:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-04 22:30:40 0 d-------- C:\Documents and Settings\jerion\Application Data\Mozilla
2008-04-04 17:43:25 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-04 17:43:23 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-04 16:10:52 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-04-04 16:10:34 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-31 23:10:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-31 17:48:40 0 d-------- C:\Documents and Settings\jerion\Application Data\Ahead
2008-03-31 17:45:14 0 dr-h----- C:\$VAULT$.AVG
2008-03-30 18:45:19 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-30 18:45:19 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-03-30 18:45:19 66005 --a------ C:\WINDOWS\War3Unin.dat
2008-03-30 18:38:57 0 d-------- C:\Program Files\Warcraft III
2008-03-30 18:28:59 394240 --a------ C:\WINDOWS\system32\Smab.dll
2008-03-30 18:28:59 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-03-30 18:28:59 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-03-30 18:28:58 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-03-30 18:28:58 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-03-30 18:28:58 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-03-30 18:28:58 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-03-30 18:28:58 217073 --a------ C:\WINDOWS\meta4.exe
2008-03-30 18:28:57 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-30 18:28:47 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-03-30 18:28:47 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-03-30 18:28:43 0 d-------- C:\Program Files\eRightSoft
2008-03-30 18:26:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-30 18:26:32 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-30 18:26:32 0 d-------- C:\Documents and Settings\jerion\Application Data\SUPERAntiSpyware.com
2008-03-30 18:26:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 18:25:47 0 d-------- C:\Documents and Settings\jerion\Application Data\AVG7
2008-03-30 18:25:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-30 18:25:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 18:25:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-30 18:09:34 0 d-------- C:\Program Files\AC3Filter
2008-03-30 18:09:14 0 d-------- C:\Program Files\DivX
2008-03-30 18:05:41 0 d-------- C:\Program Files\NetGames
2008-03-30 18:05:00 0 d-------- C:\Program Files\Autorun Eater
2008-03-30 17:55:51 0 d-------- C:\Program Files\Tales of Pirates Online
2008-03-30 17:53:54 0 d-------- C:\Program Files\Softnyx
2008-03-30 17:45:39 0 d-------- C:\WINDOWS\pss
2008-03-30 16:51:33 0 d-------- C:\Program Files\RF Online Crimson Dawn
2008-03-30 16:24:22 0 d-------- C:\WINDOWS\Perfect World
2008-03-30 16:24:22 0 d-------- C:\Program Files\Perfect World
2008-03-30 16:20:25 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-03-30 16:20:03 0 d-------- C:\Program Files\Common Files\Nero
2008-03-30 16:18:35 2932736 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine>
2008-03-30 16:17:55 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-03-30 16:17:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-30 16:17:54 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-03-30 16:17:54 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-03-30 16:17:54 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-30 16:17:54 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-30 16:17:54 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-30 16:17:46 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-30 16:17:45 0 d-------- C:\Program Files\Ahead
2008-03-30 16:05:05 0 d-------- C:\Program Files\e-Games
2008-03-30 15:58:58 0 d-------- C:\Program Files\FreeStyle Philippines
2008-03-30 15:44:28 0 d-------- C:\Program Files\Gravity
2008-03-30 15:39:00 0 d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-03-30 15:36:16 495616 --a------ C:\WINDOWS\system32\PICSDK2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-30 15:36:16 73728 --a------ C:\WINDOWS\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-30 15:36:16 77824 --a------ C:\WINDOWS\system32\PICEntry.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-30 15:36:16 114688 --a------ C:\WINDOWS\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-30 15:36:16 111932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-30 15:36:16 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-30 15:36:16 1120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-30 15:36:16 1107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-30 15:36:16 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-30 15:36:16 1136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-30 15:36:16 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-30 15:36:16 1146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-30 15:36:16 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-30 15:36:16 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-30 15:36:16 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-30 15:36:16 21390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-30 15:36:16 11811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-30 15:36:16 24903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-30 15:36:16 20148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-30 15:36:16 31053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-30 15:36:16 27417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-30 15:36:16 26154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-30 15:36:16 65536 --a------ C:\WINDOWS\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-30 15:34:51 0 d-------- C:\Program Files\EPSON
2008-03-30 15:06:26 0 d-------- C:\Documents and Settings\jerion\Application Data\Symantec
2008-03-30 15:05:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-30 15:04:49 183987 --a------ C:\WINDOWS\system32\drivers\VVBackd5.sys
2008-03-30 15:04:46 33249 -ra------ C:\WINDOWS\system32\drivers\RITFSD.sys
2008-03-30 15:04:46 31872 -ra------ C:\WINDOWS\system32\drivers\Rcfilter.sys <Not Verified; FarStone Technology Inc.,; Restore IT!>
2008-03-30 15:04:46 14074 -ra------ C:\WINDOWS\system32\drivers\exdisk.sys
2008-03-30 15:04:46 45056 -ra------ C:\WINDOWS\DxpAppEx.exe
2008-03-30 15:04:44 49152 -ra------ C:\WINDOWS\system32\HookAPI.dll
2008-03-30 15:04:40 32768 -ra------ C:\WINDOWS\system32\RitShell.dll <Not Verified; ; RitShell Module>
2008-03-30 15:04:31 0 d-------- C:\Program Files\FarStone
2008-03-30 15:02:43 10368 -----n--- C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-03-30 15:02:36 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-30 15:02:36 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-30 15:02:36 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-30 15:02:36 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-30 15:02:36 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-30 15:02:36 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-30 15:01:56 5248 -----n--- C:\WINDOWS\system32\drivers\udffsrec.sys
2008-03-30 15:01:56 116224 -----n--- C:\WINDOWS\system32\drivers\IviUdf.sys <Not Verified; InterVideo; UDF File System Driver>
2008-03-30 15:01:56 38784 -----n--- C:\WINDOWS\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
2008-03-30 15:01:55 59392 --a------ C:\WINDOWS\system32\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-03-30 15:01:47 10752 -----n--- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-03-30 15:01:39 26694 --a------ C:\WINDOWS\HWS.exe
2008-03-30 15:01:39 26694 --a------ C:\WINDOWS\HMD.exe
2008-03-30 15:01:39 0 d-------- C:\Program Files\InterVideo
2008-03-30 15:01:38 0 d-------- C:\Documents and Settings\jerion\Application Data\InterVideo
2008-03-30 15:01:16 0 d-------- C:\WINDOWS\Profiles
2008-03-30 15:01:00 0 d-------- C:\WINDOWS\system32\Adobe
2008-03-30 15:01:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-30 15:01:00 0 d-------- C:\Documents and Settings\jerion\Application Data\InterTrust
2008-03-30 15:01:00 0 d-------- C:\Documents and Settings\jerion\Application Data\Adobe
2008-03-30 15:00:58 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-30 14:59:05 74752 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys <Not Verified; Realtek Semiconductor Corporation; Realtek 10/100/1000 NIC Family all in one NDIS Driver>
2008-03-30 14:59:04 0 d-------- C:\WINDOWS\OPTIONS
2008-03-30 14:58:38 0 d-------- C:\WINDOWS\system32\Lang
2008-03-30 14:55:48 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-03-30 14:55:26 0 d-------- C:\WINDOWS\system32\RTCOM
2008-03-30 14:54:36 0 d-------- C:\Program Files\Realtek
2008-03-30 14:54:33 487424 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-03-30 14:52:48 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-03-30 14:49:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-30 14:49:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-30 14:49:00 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-30 14:48:10 0 d-------- C:\Program Files\MSXML 4.0
2008-03-30 14:47:42 0 d-------- C:\TempEI4
2008-03-30 14:45:51 0 d-------- C:\Documents and Settings\jerion\Application Data\Identities
2008-03-30 14:45:43 0 d--h----- C:\Documents and Settings\jerion\Templates
2008-03-30 14:45:43 0 dr------- C:\Documents and Settings\jerion\Start Menu
2008-03-30 14:45:43 0 dr-h----- C:\Documents and Settings\jerion\SendTo
2008-03-30 14:45:43 0 dr-h----- C:\Documents and Settings\jerion\Recent
2008-03-30 14:45:43 0 d--h----- C:\Documents and Settings\jerion\PrintHood
2008-03-30 14:45:43 3670016 --ah----- C:\Documents and Settings\jerion\NTUSER.DAT
2008-03-30 14:45:43 0 d--h----- C:\Documents and Settings\jerion\NetHood
2008-03-30 14:45:43 0 dr------- C:\Documents and Settings\jerion\My Documents
2008-03-30 14:45:43 0 d--h----- C:\Documents and Settings\jerion\Local Settings
2008-03-30 14:45:43 0 dr------- C:\Documents and Settings\jerion\Favorites
2008-03-30 14:45:43 0 d-------- C:\Documents and Settings\jerion\Desktop
2008-03-30 14:45:43 0 d--hs---- C:\Documents and Settings\jerion\Cookies
2008-03-30 14:45:43 0 dr-h----- C:\Documents and Settings\jerion\Application Data
2008-03-30 14:44:39 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-03-30 14:44:27 0 d-------- C:\WINDOWS\Prefetch
2008-03-30 14:44:26 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-03-30 14:44:25 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-03-30 14:44:25 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-03-30 14:44:25 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-03-30 14:44:25 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-03-30 14:44:25 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-03-30 14:44:11 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-03-30 14:44:11 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-03-30 14:44:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-03-30 14:44:11 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-03-30 14:44:10 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-03-30 14:41:22 0 d-------- C:\WINDOWS\system32\xircom
2008-03-30 14:41:22 0 d-------- C:\Program Files\microsoft frontpage
2008-03-30 14:41:20 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-03-30 14:41:14 0 -rahs---- C:\MSDOS.SYS
2008-03-30 14:41:14 0 -rahs---- C:\IO.SYS
2008-03-30 14:41:14 0 --a------ C:\CONFIG.SYS
2008-03-30 14:41:14 0 --a------ C:\AUTOEXEC.BAT
2008-03-30 14:40:09 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-03-30 14:40:00 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-30 14:40:00 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-03-30 14:39:50 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-30 14:39:29 0 d-------- C:\WINDOWS\system32\DirectX
2008-03-30 14:38:54 0 d---s---- C:\WINDOWS\Tasks
2008-03-30 14:38:53 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-30 14:38:49 0 d-------- C:\WINDOWS\srchasst
2008-03-30 14:38:48 0 d-------- C:\WINDOWS\system32\Macromed
2008-03-30 14:38:38 0 d-------- C:\Program Files\Movie Maker
2008-03-30 14:38:30 0 d-------- C:\WINDOWS\system32\Restore
2008-03-30 14:38:11 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-30 14:37:57 0 d-------- C:\WINDOWS\Registration
2008-03-30 14:37:29 0 d-------- C:\Program Files\Online Services
2008-03-30 14:37:23 0 d-------- C:\Program Files\Messenger
2008-03-30 14:37:19 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-30 14:36:35 0 d-------- C:\Program Files\Windows NT
2008-03-30 14:36:32 0 d-------- C:\WINDOWS\system32\MsDtc
2008-03-30 14:36:30 0 d-------- C:\WINDOWS\system32\Com
2008-03-30 06:29:41 0 d--hs---- C:\WINDOWS\Installer
2008-03-30 06:29:40 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-30 06:29:36 0 dr------- C:\Program Files
2008-03-30 06:29:36 0 d-------- C:\Program Files\Common Files
2008-03-30 06:29:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-30 06:29:12 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-03-30 06:29:12 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-03-30 06:29:12 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-03-30 06:29:12 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-03-30 06:29:12 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-03-30 06:29:12 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-03-30 06:29:12 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-03-30 06:29:12 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-03-30 06:29:12 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-03-30 06:29:12 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-03-30 06:29:12 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-03-30 06:29:12 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-03-30 06:29:12 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-03-30 06:29:12 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-03-30 06:29:12 0 dr------- C:\Documents and Settings\All Users\Documents
2008-03-30 06:29:12 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-03-30 06:28:59 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-03-30 06:28:59 0 d-------- C:\WINDOWS\system32\CatRoot
2008-03-30 06:28:54 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-03-30 06:28:54 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-03-30 06:28:54 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-03-30 06:28:54 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-03-30 06:28:30 0 d--hs---- C:\System Volume Information
2008-03-30 06:28:30 0 d-------- C:\Documents and Settings
2008-03-30 06:20:10 0 d-------- C:\WINDOWS
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\WinSxS
2008-03-30 06:20:10 0 dr------- C:\WINDOWS\Web
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\twain_32
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\wins
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\wbem
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\usmt
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\spool
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\ShellExt
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\Setup
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\ras
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\oobe
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\npp
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\mui
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\inetsrv
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\IME
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\icsxml
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\ias
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\export
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\drivers
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-03-30 06:20:10 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\dhcp
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\config
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\3076
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\2052
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1054
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1042
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1041
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1037
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1033
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1031
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1028
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system32\1025
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\system
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\security
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Resources
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\repair
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Provisioning
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\PeerNet
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\pchealth
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\mui
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\msapps
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\msagent
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Media
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\java
2008-03-30 06:20:10 0 d--h----- C:\WINDOWS\inf
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\ime
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Help
2008-03-30 06:20:10 0 dr--s---- C:\WINDOWS\Fonts
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Driver Cache
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Debug
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Cursors
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Connection Wizard
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\Config
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\AppPatch
2008-03-30 06:20:10 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-03-30 15:03:01 56 --a------ C:\Program Files\Common Files\appop.log
2008-03-30 06:29:12 62 --ahs---- C:\Documents and Settings\jerion\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [10/14/2005 06:51 PM C:\WINDOWS\RTHDCPL.exe]
"Autorun Eater"="C:\Program Files\Autorun Eater\oldmcdonald.exe" [01/31/2008 03:48 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/30/2008 06:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 05:03 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [4/7/2008 1:41:36 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C59 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S162.tmp" /EF "HKLM"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

  • 0

#8
koko_crunch
Posted 17 April 2008 - 02:49 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Looks good. :)

We're almost done here. before we wrap it up. How's you're computer running. Are there other issues you wish to address?

Next for some minor clean up,

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

then,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
  • 0

#9
cirej
Posted 18 April 2008 - 04:41 AM

cirej

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi good day to you Koko_crunch,

After I done the OTMoveIt2 and AFTCleaner cleaning and deleting process.. How can I know that my system is already ok and running fine? and May I know what type of virus infected my system and how can I prevent it from showing again..
And onemore thing how can I clean my USB flash drive and other media because I suspected that the virus also infected this.. Thank you very much again
  • 0

#10
koko_crunch
Posted 18 April 2008 - 05:12 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

How can I know that my system is already ok and running fine?


Depends on how your system normally runs. Whether the performance somehow improved or not.

May I know what type of virus infected my system and how can I prevent it


You were infected with W32/Legmir.AVU.worm. Later during our close up speech. I would post some tips that'll help prevent possible reinfection.

how can I clean my USB flash drive and other media because I suspected that the virus also infected this..


  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

I need your feedback before we wrap things up. :)
  • 0

Advertisements

#11
cirej
Posted 18 April 2008 - 06:51 PM

cirej

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thank you very much Koko_crunch for your support I guess for now my problem is already solve and I will just be monitoring my pc performance for now. And can you show me the hijack file or the scan file where can i find the virus located? I want to learn how you guys solve the problem and I wanted to return that favor by helping others.

Again a big thanks to you.....

Edited by cirej, 18 April 2008 - 06:52 PM.

  • 0

#12
koko_crunch
Posted 18 April 2008 - 10:45 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Congratulations, your log is clean. :)


We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?



Have a nice day! :)
  • 0

#13
koko_crunch
Posted 18 April 2008 - 10:49 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

And can you show me the hijack file or the scan file where can i find the virus located?


In you case, System Restore was infected. When ever you did a system restore, you were restoring the source.

D:\System Volume Information\_restore{37860509-6D4B-4D19-8A18-1CEA5A76E211}\RP18\A0001938.inf


I want to learn how you guys solve the problem and I wanted to return that favor by helping others.


If you really are interested, you can join GeekU.
  • 0

#14
cirej
Posted 20 April 2008 - 08:45 PM

cirej

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Koko_crunch,

Sir, I already have the following antivirus and antispyware on my system... do I still need SpywareBlaster and IE-SpyAd?
- AVG Anti Virus
- SUPER AntiSyware
- Autorun Eater

and are the firewall you suggested is free to use?
  • 0

#15
koko_crunch
Posted 22 April 2008 - 04:35 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

Sir, I already have the following antivirus and antispyware on my system... do I still need SpywareBlaster and IE-SpyAd?


That is all up to you. We recommend these softwares to add more protection to your system. Since spyware and virus are becoming more and more prevalent and complicated, it wouldn't hurt having them installed.

firewall you suggested is free to use?


Yes they are. They are commercial softwares that has a free version available to the public.

Edited by koko_crunch, 22 April 2008 - 04:36 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP