Here they are
ComboFix 08-08-17.03 - Maoriz 2008-08-18 20:04:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1162 [GMT 8:00]
Running from: C:\Documents and Settings\Maoriz\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maoriz\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\WINDOWS\system32\dcbmjady.exe
C:\WINDOWS\system32\jgtorubk.exe
C:\WINDOWS\system32\mpcvqpqx.exe
C:\WINDOWS\system32\sfidedmv.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\WINDOWS\Tasks\RegCure Program Check.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\uzohqfet
C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Jeza\Application Data\rhcre9j0et99
C:\Documents and Settings\Maoriz\Application Data\rhcre9j0et99
C:\Program Files\RegCure
C:\Program Files\RegCure\
0_days.htm
C:\Program Files\RegCure\1_days.htm
C:\Program Files\RegCure\15_days.htm
C:\Program Files\RegCure\2_days.htm
C:\Program Files\RegCure\30_days.htm
C:\Program Files\RegCure\5_days.htm
C:\Program Files\RegCure\Animated-Bar.gif
C:\Program Files\RegCure\AutoUpdate.dll
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_15_34_50.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_15_34_50.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_15_34_59.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_19_45.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_19_45.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_19_50.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_19_50.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_30.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_30.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\1_922395709l.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\111 C drive.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\111.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\203_will_smith_-_switch-syndikat.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\AAAAAAAA.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\ALL MUSIC!!!.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Beyonce (Feat Shakira) - Beautiful Liar.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\CyberLink PowerDVD 8.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\droo.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Edwin McCain - I'll Be.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Get Connected Wizard.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Keith Whitley - When You Say Nothing At All.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\l_9b5da05ab20a5762ba4df51b26afe5cd.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\l_9fc4676f852d099798941a9602a222f1.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Learn How to Hip Hop Club Dance-Body Roll Part 1.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Lou Bega - Mambo Number 5.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Maroon5 - Sunday Morning.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Music (G).lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Music Manager.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Music.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\OneTouchAccess.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Online registration.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\PKBACK# 001 (G).lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\PowerDVD 8 Help file.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\QUESTIONS 3.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Sean Paul ft. Rhianna- Break it Off.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\SHIMMER.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\The Bangles - Eternal Flame.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Uninstall PowerDVD 8.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Unknown Album.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\VR_MANGR.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\VR_MOVIE.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_30_57.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_30_57.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_32_50.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_32_50.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_47_13.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_17_10_13.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_07_38.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_05.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_05.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36\1_106050075l_edited.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36\340x.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36\98197370_78f54a1f3d.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36\drlll.lnk
C:\Program Files\RegCure\buttonfill.jpg
C:\Program Files\RegCure\buttonfill_expire.jpg
C:\Program Files\RegCure\buttonfill_mo.jpg
C:\Program Files\RegCure\buttonfill_mo_expire.jpg
C:\Program Files\RegCure\config.xml
C:\Program Files\RegCure\contentwrapper.gif
C:\Program Files\RegCure\expire.css
C:\Program Files\RegCure\footerbar.gif
C:\Program Files\RegCure\help.chm
C:\Program Files\RegCure\info_bubble.jpg
C:\Program Files\RegCure\Logs\Regcure-17-08-08-15-35-13.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-15-35-18.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-15-37-53.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-20-04.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-29-52.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-29-57.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-31-24.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-33-14.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-49-25.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-17-11-06.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-22-07-58.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-22-58-41.zip
C:\Program Files\RegCure\Logs\SystemInfo.zip
C:\Program Files\RegCure\LogSettings.xml
C:\Program Files\RegCure\main.css
C:\Program Files\RegCure\process-animation.gif
C:\Program Files\RegCure\regcure.1.x.x.xx-patch.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\RegCure\RegCure.exe.BAK
C:\Program Files\RegCure\settings.xml
C:\Program Files\RegCure\subtitlebar.gif
C:\Program Files\RegCure\tile_titlebar.jpg
C:\Program Files\RegCure\uninst.exe
C:\Program Files\RegCure\Uninstall\IRIMG1.JPG
C:\Program Files\RegCure\Uninstall\IRIMG2.JPG
C:\Program Files\RegCure\Uninstall\IRIMG3.JPG
C:\Program Files\RegCure\Uninstall\uninstall.dat
C:\Program Files\RegCure\Uninstall\uninstall.xml
C:\Program Files\RegCure\whitelist.dat
C:\Program Files\RegCure\zlibwapi.dll
C:\Program Files\rhcre9j0et99
C:\Program Files\rhcre9j0et99\database.dat
C:\Program Files\rhcre9j0et99\license.txt
C:\Program Files\rhcre9j0et99\MFC71.dll
C:\Program Files\rhcre9j0et99\MFC71ENU.DLL
C:\Program Files\rhcre9j0et99\msvcp71.dll
C:\Program Files\rhcre9j0et99\msvcr71.dll
C:\Program Files\rhcre9j0et99\rhcre9j0et99.exe
C:\Program Files\rhcre9j0et99\rhcre9j0et99.exe.local
C:\Program Files\rhcre9j0et99\Uninstall.exe
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\blphcve9j0et99.scr
C:\WINDOWS\system32\dcbmjady.exe
C:\WINDOWS\system32\jgtorubk.exe
C:\WINDOWS\system32\lphcve9j0et99.exe
C:\WINDOWS\system32\mpcvqpqx.exe
C:\WINDOWS\system32\phcve9j0et99.bmp
C:\WINDOWS\system32\sfidedmv.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\WINDOWS\Tasks\RegCure Program Check.job
.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.
2008-08-18 13:09 . 2008-08-18 13:09 196,608 --a------ C:\WINDOWS\system32\pulqjynk.exe
2008-08-18 13:09 . 2008-08-18 13:09 86,016 --a------ C:\WINDOWS\system32\devofwrm.exe
2008-08-18 10:38 . 2008-08-18 10:39 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-08-18 00:05 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-17 23:55 . 2008-08-17 23:55 <DIR> d-------- C:\Deckard
2008-08-17 23:52 . 2008-08-17 23:52 <DIR> d-------- C:\Program Files\Panda Security
2008-08-17 23:31 . 2008-08-17 23:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 21:06 . 2008-08-17 21:08 <DIR> d-------- C:\SDFix
2008-08-17 17:38 . 2008-08-17 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\shgencom
2008-08-17 17:07 . 2008-08-17 17:07 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-17 16:52 . 2008-08-17 16:58 <DIR> d-------- C:\Program Files\Registry Clean Pro
2008-08-17 16:52 . 2000-12-08 20:59 122,880 --a------ C:\WINDOWS\UnGins.exe
2008-08-17 16:17 . 2008-08-17 16:17 <DIR> d-------- C:\WINDOWS\RegCure
2008-08-17 13:11 . 2008-08-17 13:11 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Malwarebytes
2008-08-17 06:41 . 2008-08-17 06:38 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-17 06:37 . 2008-08-17 06:53 <DIR> d-------- C:\Documents and Settings\Maoriz\.housecall6.6
2008-08-16 15:21 . 2008-08-16 15:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 15:21 . 2008-08-16 15:21 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Malwarebytes
2008-08-16 15:21 . 2008-08-16 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 15:21 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 15:21 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 14:43 . 2008-08-16 14:44 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-08-16 14:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-16 14:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-16 14:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-16 14:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-16 14:42 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-16 14:42 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-16 14:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-16 14:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-16 14:17 . 2008-08-16 14:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-16 13:57 . 2008-08-16 13:57 <DIR> d-------- C:\tools
2008-08-16 13:44 . 2008-08-16 13:44 <DIR> d-------- C:\Program Files\zwbdcl
2008-08-16 13:29 . 2008-08-16 13:29 <DIR> d-------- C:\New Folder
2008-08-16 10:36 . 2008-08-18 20:16 14,317 --a------ C:\WINDOWS\system32\Config.MPF
2008-08-16 10:35 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-08-16 10:34 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-08-16 09:45 . 2008-08-16 09:45 <DIR> d-------- C:\Program Files\XoftSpySE
2008-08-16 09:02 . 2008-08-16 09:02 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-08-16 09:02 . 2008-08-16 09:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-08-16 01:17 . 2008-08-16 09:02 <DIR> d-------- C:\Program Files\Sunbelt Software(2)
2008-08-16 01:17 . 2008-08-16 01:17 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Sunbelt
2008-08-16 01:17 . 2008-08-16 01:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-08-15 23:30 . 2008-08-16 14:42 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\IDM
2008-08-15 23:30 . 2008-08-18 12:42 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\DMCache
2008-08-15 17:11 . 2008-08-15 18:58 <DIR> d-------- C:\Documents and Settings\Maoriz\dwhelper
2008-08-12 19:47 . 2008-08-12 19:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-08-12 16:20 . 2008-08-12 16:20 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Reallusion
2008-08-12 15:38 . 2008-08-12 22:54 <DIR> d-------- C:\Documents and Settings\Jeza\Shared
2008-08-12 10:42 . 2008-08-12 10:42 <DIR> d-------- C:\Program Files\uTorrent
2008-08-12 10:42 . 2008-08-18 10:55 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\uTorrent
2008-08-11 20:40 . 2008-08-11 20:40 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\ESET
2008-08-11 19:51 . 2007-08-27 10:26 27,120 --a------ C:\WINDOWS\system32\SBBD.exe
2008-08-11 16:07 . 2008-08-11 16:07 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Sunbelt Software
2008-08-11 14:19 . 2008-08-11 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\logs
2008-08-11 13:08 . 2008-08-11 20:40 <DIR> d-------- C:\etax2008
2008-08-11 12:38 . 2008-08-11 12:38 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-08-11 12:38 . 2008-08-11 12:38 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-08-11 11:28 . 2008-08-11 11:28 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-08-11 11:27 . 2008-08-11 11:27 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Sunbelt Software
2008-08-10 18:13 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-08-10 18:12 . 2008-08-10 18:12 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\ESET
2008-08-10 06:22 . 2008-08-10 06:22 <DIR> d-------- C:\Program Files\ESET
2008-08-10 06:22 . 2008-08-10 06:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 18:02 . 2008-08-15 16:26 <DIR> d-------- C:\WINDOWS\ie8updates
2008-08-07 17:59 . 2008-08-07 18:01 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-08-06 21:21 . 2008-08-06 21:21 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-04 23:48 . 2008-08-11 00:37 <DIR> d-------- C:\Program Files\Online TV Player 4
2008-08-04 23:48 . 2008-08-04 23:48 10 --a------ C:\WINDOWS\system32\810429tv4-test.jun
2008-08-04 23:17 . 2008-08-04 23:21 <DIR> d-------- C:\Program Files\PowerDVD
2008-08-04 11:13 . 2008-08-04 11:13 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Symantec
2008-08-04 10:21 . 2008-08-10 18:09 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-04 10:18 . 2008-08-04 11:05 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Symantec
2008-07-30 22:02 . 2008-07-30 22:02 <DIR> d-------- C:\STUFF
2008-07-29 22:03 . 2008-07-09 22:34 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-07-26 23:56 . 2008-07-26 23:56 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Leadertech
2008-07-26 13:15 . 2008-07-26 13:15 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Yahoo!
2008-07-26 13:14 . 2008-07-26 13:53 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Babylon
2008-07-26 11:31 . 2008-07-26 11:31 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Nokia Multimedia Player
2008-07-26 10:54 . 2008-08-02 16:28 <DIR> d-------- C:\Program Files\myBabylon
2008-07-26 10:54 . 2008-08-02 16:28 <DIR> d-------- C:\Program Files\Conduit
2008-07-24 21:46 . 2008-07-24 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-23 18:01 . 2008-07-23 18:01 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-18 09:09 --------- d-----w C:\Documents and Settings\Jeza\Application Data\LimeWire
2008-08-18 01:59 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\LimeWire
2008-08-16 06:16 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-16 06:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 06:16 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\SUPERAntiSpyware.com
2008-08-16 05:43 --------- d-----w C:\Program Files\McAfee
2008-08-16 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-16 02:34 --------- d-----w C:\Program Files\Common Files\McAfee
2008-08-15 18:09 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\Vso
2008-08-15 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-12 23:12 --------- d-----w C:\Program Files\BitComet
2008-08-11 12:28 --------- d-----w C:\Program Files\Opera
2008-08-10 10:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 10:49 --------- d-----w C:\Program Files\CyberLink
2008-08-06 13:20 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-06 13:20 --------- d-----w C:\Program Files\Common Files\Real
2008-08-05 16:47 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\SiteAdvisor
2008-08-02 01:02 --------- d-----w C:\Program Files\SlySoft
2008-07-28 15:20 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-07-28 15:20 --------- d-----w C:\Program Files\AVS4YOU
2008-07-24 13:42 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 10:01 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-27 14:17 --------- d-----w C:\Program Files\EA GAMES
2008-06-27 14:17 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\My Battle for Middle-earth Files
2008-06-27 14:16 --------- d-----w C:\Program Files\Project64 1.6
2008-06-27 14:16 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-27 14:16 --------- d-----w C:\Program Files\Hamachi
2008-06-27 14:16 --------- d-----w C:\Program Files\Common Files\FotoWire
2008-06-27 14:16 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\Hamachi
2008-06-27 14:16 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\FotoWire
2008-06-27 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-06-27 14:15 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-06-27 14:15 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\AVSMedia
2008-06-27 14:14 --------- d-----w C:\Program Files\DVDFab 5
2008-06-27 14:14 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\CyberLink
2008-06-27 14:13 --------- d-----w C:\Program Files\Paint.NET
2008-06-27 14:13 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-06-27 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-27 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\{EEC20228-ECAF-4B82-B511-82D50253CF58}
2008-06-27 14:12 --------- d-----w C:\Program Files\EA GAMES(2)(2)
2008-06-27 14:12 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\My Battle for Middle-earth II Files
2008-06-26 06:56 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-26 03:58 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 11:25 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-24 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 10:33 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\AdobeAUM
2008-06-22 19:45 --------- d-----w C:\Program Files\VideoLAN
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 18:10 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-19 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-16 05:42 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-04-24 09:01 47,360 ----a-w C:\Documents and Settings\Maoriz\Application Data\pcouffin.sys
2008-03-25 17:54 65 ----a-w C:\Program Files\Common Files\appop.log
2008-03-25 08:11 7,363,312 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-18_12.57.30.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-18 04:09:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-18 10:19:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-18 04:09:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-18 10:19:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-18 04:09:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-18 10:19:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-03 21:59 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-06-16 13:42 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-26 02:52 385024]
"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 21:29 3165696]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 05:57 36640]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 08:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 20:12 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 20:10 46632]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 12:46 255528]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 13:51 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 14:58 65536]
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe" [2005-10-24 23:49 299008]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 01:47 270336]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44 3100672]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-06 21:20 185896]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-18 07:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\Maoriz\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Monitor.lnk - C:\Program Files\Registry Clean Pro\Monitor.exe [2006-12-11 15:58:14 536576]
Scheduler.lnk - C:\Program Files\Registry Clean Pro\Scheduler.exe [2006-12-11 16:03:28 485888]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2008-03-25 16:17:01 995328]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-03 21:59:31 124400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"genchk"= {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll [2008-08-16 13:44 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcve9j0et99
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcre9j0et99
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-06-19 16:48 851968 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth \\game.dat"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\My Music\\LimeWire\\LimeWire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11287:TCP"= 11287:TCP:BitComet 11287 TCP
"11287:UDP"= 11287:UDP:BitComet 11287 UDP
"86:TCP"= 86:TCP:BroadCam Web Server
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 05:29]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 16:50]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-03-08 12:03]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-06-23 10:35]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-06-23 01:09]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 22:08]
.
Contents of the 'Scheduled Tasks' folder
2008-08-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2008-08-17 C:\WINDOWS\Tasks\ccleaner.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-18 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2008-06-14 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-06-30 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-17 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe []
2008-08-18 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-08-14 01:29]
2008-08-16 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-08-14 01:29]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-18 20:16:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDHRemote.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-08-18 20:22:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 12:22:04
ComboFix2.txt 2008-08-18 04:57:45
Pre-Run: 20,337,618,944 bytes free
Post-Run: 15,999,643,648 bytes free
488 --- E O F --- 2008-08-15 08:29:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:25, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Registry Clean Pro\Monitor.exe
C:\Program Files\Registry Clean Pro\Scheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxO8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zon...kr.cab56986.cabO16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1206442671906O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1206447146109O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zon...ro.cab56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: genchk - {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261&