Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

plz help-fake windows pop trojan-clicker.win3.tiny.h


  • Please log in to reply

#1
Hunter101

Hunter101

    Member

  • Member
  • PipPip
  • 26 posts
I have Windows xp Sp2 and started to have this problem when a friend sent over a file.

I scanned my pc with Ccleaner, SuperantiSpyware, MalwareBytes, Regcure and ESET Security Suite.

They say the trojans have been removed but they seem to reappear when i reboot my pc

i've also scanned them in safe mode.

Here is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:44, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Registry Clean Pro\Monitor.exe
C:\Program Files\Registry Clean Pro\Scheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\GM1103~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\ABOUT_~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\K8R03DBY\MAIN_1~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\K8R03DBY\BLANK_~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\MOREGA~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\LOADAD~3.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\K8R03DBY\MSNGAM~2.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\HELP_2~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\BUDDYL~2.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\Z5JH6UAL\LOADAD~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\Z5JH6UAL\GAMEEN~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\KWQU7L1W\HELP_1~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\L35ZMHDH\BUDDYL~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\T
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IDMan] C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdmApi] C:\WINDOWS\system32\jgtorubk.exe
O4 - HKCU\..\Run: [enui] C:\WINDOWS\system32\ytkrkjwd.exe
O4 - HKCU\..\Run: [UiEn] C:\WINDOWS\system32\dcbmjady.exe
O4 - HKLM\..\Policies\Explorer\Run: [fL00c7MVZs] C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206442671906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206447146109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: genchk - {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 15264 bytes




Computer seems to be ok apart from these annoying fake pop-ups. Any help would be greatly appreciated. Thanks

Attached Files


  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Hunter101

Welcome to G2Go. :)
=====================
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.

(Note:If the Recovery Console fails to install then do not proceed rather alert me and post back here we will continue)
  • 0

#3
Hunter101

Hunter101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi I have Internet Download Manager enabled(don't know how to disable) but it wont let me download the Windows Xp file from the microsoft website. i do have my xp cd but not sure which file to copy onto combofix
  • 0

#4
Hunter101

Hunter101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
hi again, please ignore that reply about not being able to download windows xp file.

Here are the log reports:

ComboFix 08-08-17.03 - Maoriz 2008-08-18 12:46:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1456 [GMT 8:00]
Running from: C:\Documents and Settings\Maoriz\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maoriz\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jeza\Application Data\macromedia\Flash Player\#SharedObjects\2UVUTH5X\interclick.com
C:\Documents and Settings\Jeza\Application Data\macromedia\Flash Player\#SharedObjects\2UVUTH5X\interclick.com\ud.sol
C:\Documents and Settings\Jeza\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Jeza\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Jeza\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeza\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeza\Cookies\[email protected][2].txt
C:\Documents and Settings\Jeza\Cookies\[email protected][1].txt
C:\Documents and Settings\Jeza\Local Settings\Temporary Internet Files\ENCounterSpyConsumer.2.5.1043.0.exe
C:\Documents and Settings\Maoriz\Application Data\inst.exe
C:\Documents and Settings\Maoriz\Application Data\macromedia\Flash Player\#SharedObjects\YPGMNC9K\interclick.com
C:\Documents and Settings\Maoriz\Application Data\macromedia\Flash Player\#SharedObjects\YPGMNC9K\interclick.com\ud.sol
C:\Documents and Settings\Maoriz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Maoriz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Maoriz\UserData
C:\Documents and Settings\Maoriz\UserData\index.dat
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\cxpgpgrm.ini
C:\WINDOWS\system32\dolded.dll
C:\WINDOWS\system32\fasjltlw.dll
C:\WINDOWS\system32\ieupdates.exe.tmp
C:\WINDOWS\system32\igqnxftc.dll
C:\WINDOWS\system32\ixurfqtl.ini
C:\WINDOWS\system32\JTsCdMoq.ini
C:\WINDOWS\system32\JTsCdMoq.ini2
C:\WINDOWS\system32\khfGvtUK.dll
C:\WINDOWS\system32\khfGwWNE.dll
C:\WINDOWS\system32\ljJYOeBT.dll
C:\WINDOWS\system32\ltqfruxi.dll
C:\WINDOWS\system32\mrgpgpxc.dll
C:\WINDOWS\system32\ntvlqwar.dll
C:\WINDOWS\system32\qoMdCsTJ.dll
C:\WINDOWS\system32\qouohddn.dll
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\uznwol.dll
C:\WINDOWS\system32\wltljsaf.ini
C:\WINDOWS\system32\xnpzjg.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-18 12:15 . 2008-08-18 12:15 86,016 --a------ C:\WINDOWS\system32\sfidedmv.exe
2008-08-18 10:38 . 2008-08-18 10:39 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-08-18 00:05 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-17 23:55 . 2008-08-17 23:55 <DIR> d-------- C:\Deckard
2008-08-17 23:52 . 2008-08-17 23:52 <DIR> d-------- C:\Program Files\Panda Security
2008-08-17 23:31 . 2008-08-17 23:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 21:06 . 2008-08-17 21:08 <DIR> d-------- C:\SDFix
2008-08-17 17:38 . 2008-08-17 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\shgencom
2008-08-17 17:07 . 2008-08-17 17:07 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-17 16:52 . 2008-08-17 16:58 <DIR> d-------- C:\Program Files\Registry Clean Pro
2008-08-17 16:52 . 2000-12-08 20:59 122,880 --a------ C:\WINDOWS\UnGins.exe
2008-08-17 16:17 . 2008-08-17 16:17 <DIR> d-------- C:\WINDOWS\RegCure
2008-08-17 15:22 . 2008-08-17 16:28 <DIR> d-------- C:\Program Files\RegCure
2008-08-17 13:11 . 2008-08-17 13:11 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Malwarebytes
2008-08-17 06:41 . 2008-08-17 06:38 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-17 06:37 . 2008-08-17 06:53 <DIR> d-------- C:\Documents and Settings\Maoriz\.housecall6.6
2008-08-17 06:11 . 2008-08-17 06:11 77,824 --a------ C:\WINDOWS\system32\dcbmjady.exe
2008-08-16 15:21 . 2008-08-16 15:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 15:21 . 2008-08-16 15:21 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Malwarebytes
2008-08-16 15:21 . 2008-08-16 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 15:21 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 15:21 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 15:02 . 2008-08-16 15:02 77,824 --a------ C:\WINDOWS\system32\ytkrkjwd.exe
2008-08-16 14:43 . 2008-08-16 14:44 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-08-16 14:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-16 14:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-16 14:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-16 14:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-16 14:42 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-16 14:42 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-16 14:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-16 14:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-16 14:30 . 2008-08-16 14:30 77,824 --a------ C:\WINDOWS\system32\jgtorubk.exe
2008-08-16 14:17 . 2008-08-16 14:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-16 13:57 . 2008-08-16 13:57 <DIR> d-------- C:\tools
2008-08-16 13:44 . 2008-08-16 13:44 <DIR> d-------- C:\Program Files\zwbdcl
2008-08-16 13:29 . 2008-08-16 13:29 <DIR> d-------- C:\New Folder
2008-08-16 10:36 . 2008-08-18 12:51 13,881 --a------ C:\WINDOWS\system32\Config.MPF
2008-08-16 10:35 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-08-16 10:34 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-08-16 09:54 . 2008-08-16 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\uzohqfet
2008-08-16 09:45 . 2008-08-16 09:45 <DIR> d-------- C:\Program Files\XoftSpySE
2008-08-16 09:02 . 2008-08-16 09:02 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-08-16 09:02 . 2008-08-16 09:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-08-16 01:17 . 2008-08-16 09:02 <DIR> d-------- C:\Program Files\Sunbelt Software(2)
2008-08-16 01:17 . 2008-08-16 01:17 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Sunbelt
2008-08-16 01:17 . 2008-08-16 01:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-08-15 23:30 . 2008-08-16 14:42 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\IDM
2008-08-15 23:30 . 2008-08-18 12:42 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\DMCache
2008-08-15 17:11 . 2008-08-15 18:58 <DIR> d-------- C:\Documents and Settings\Maoriz\dwhelper
2008-08-12 19:47 . 2008-08-12 19:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-08-12 16:20 . 2008-08-12 16:20 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Reallusion
2008-08-12 15:38 . 2008-08-12 22:54 <DIR> d-------- C:\Documents and Settings\Jeza\Shared
2008-08-12 10:42 . 2008-08-12 10:42 <DIR> d-------- C:\Program Files\uTorrent
2008-08-12 10:42 . 2008-08-18 10:55 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\uTorrent
2008-08-11 20:40 . 2008-08-11 20:40 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\ESET
2008-08-11 19:51 . 2007-08-27 10:26 27,120 --a------ C:\WINDOWS\system32\SBBD.exe
2008-08-11 16:07 . 2008-08-11 16:07 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Sunbelt Software
2008-08-11 14:19 . 2008-08-11 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\logs
2008-08-11 13:08 . 2008-08-11 20:40 <DIR> d-------- C:\etax2008
2008-08-11 12:38 . 2008-08-11 12:38 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-08-11 12:38 . 2008-08-11 12:38 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-08-11 11:28 . 2008-08-11 11:28 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-08-11 11:27 . 2008-08-11 11:27 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Sunbelt Software
2008-08-10 18:13 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-08-10 18:12 . 2008-08-10 18:12 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\ESET
2008-08-10 06:22 . 2008-08-10 06:22 <DIR> d-------- C:\Program Files\ESET
2008-08-10 06:22 . 2008-08-10 06:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 18:02 . 2008-08-15 16:26 <DIR> d-------- C:\WINDOWS\ie8updates
2008-08-07 17:59 . 2008-08-07 18:01 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-08-06 21:21 . 2008-08-06 21:21 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-04 23:48 . 2008-08-11 00:37 <DIR> d-------- C:\Program Files\Online TV Player 4
2008-08-04 23:48 . 2008-08-04 23:48 10 --a------ C:\WINDOWS\system32\810429tv4-test.jun
2008-08-04 23:17 . 2008-08-04 23:21 <DIR> d-------- C:\Program Files\PowerDVD
2008-08-04 11:13 . 2008-08-04 11:13 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Symantec
2008-08-04 10:21 . 2008-08-10 18:09 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-04 10:18 . 2008-08-04 11:05 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Symantec
2008-07-30 22:02 . 2008-07-30 22:02 <DIR> d-------- C:\STUFF
2008-07-29 22:03 . 2008-07-09 22:34 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-07-26 23:56 . 2008-07-26 23:56 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Leadertech
2008-07-26 13:15 . 2008-07-26 13:15 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Yahoo!
2008-07-26 13:14 . 2008-07-26 13:53 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Babylon
2008-07-26 11:31 . 2008-07-26 11:31 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Nokia Multimedia Player
2008-07-26 10:54 . 2008-08-02 16:28 <DIR> d-------- C:\Program Files\myBabylon
2008-07-26 10:54 . 2008-08-02 16:28 <DIR> d-------- C:\Program Files\Conduit
2008-07-24 21:46 . 2008-07-24 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-23 18:01 . 2008-07-23 18:01 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 04:53 118,784 ----a-w C:\WINDOWS\system32\blphcve9j0et99.scr
2008-08-18 04:52 86,016 ----a-w C:\WINDOWS\system32\mpcvqpqx.exe
2008-08-18 04:52 196,608 ----a-w C:\WINDOWS\system32\lphcve9j0et99.exe
2008-08-18 01:59 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\LimeWire
2008-08-17 05:38 --------- d-----w C:\Documents and Settings\Jeza\Application Data\LimeWire
2008-08-16 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-16 06:16 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-16 06:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 06:16 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\SUPERAntiSpyware.com
2008-08-16 05:43 --------- d-----w C:\Program Files\McAfee
2008-08-16 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-16 02:34 --------- d-----w C:\Program Files\Common Files\McAfee
2008-08-15 18:09 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\Vso
2008-08-15 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-12 23:12 --------- d-----w C:\Program Files\BitComet
2008-08-11 12:28 --------- d-----w C:\Program Files\Opera
2008-08-10 10:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 10:49 --------- d-----w C:\Program Files\CyberLink
2008-08-06 13:20 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-06 13:20 --------- d-----w C:\Program Files\Common Files\Real
2008-08-05 16:47 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\SiteAdvisor
2008-08-02 01:02 --------- d-----w C:\Program Files\SlySoft
2008-07-28 15:20 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-07-28 15:20 --------- d-----w C:\Program Files\AVS4YOU
2008-07-24 13:42 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 10:01 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-27 14:17 --------- d-----w C:\Program Files\EA GAMES
2008-06-27 14:17 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\My Battle for Middle-earth Files
2008-06-27 14:16 --------- d-----w C:\Program Files\Project64 1.6
2008-06-27 14:16 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-27 14:16 --------- d-----w C:\Program Files\Hamachi
2008-06-27 14:16 --------- d-----w C:\Program Files\Common Files\FotoWire
2008-06-27 14:16 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\Hamachi
2008-06-27 14:16 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\FotoWire
2008-06-27 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-06-27 14:15 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-06-27 14:15 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\AVSMedia
2008-06-27 14:14 --------- d-----w C:\Program Files\DVDFab 5
2008-06-27 14:14 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\CyberLink
2008-06-27 14:13 --------- d-----w C:\Program Files\Paint.NET
2008-06-27 14:13 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-06-27 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-27 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\{EEC20228-ECAF-4B82-B511-82D50253CF58}
2008-06-27 14:12 --------- d-----w C:\Program Files\EA GAMES(2)(2)
2008-06-27 14:12 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\My Battle for Middle-earth™ II Files
2008-06-26 06:56 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-26 03:58 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 11:25 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-24 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 10:33 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\AdobeAUM
2008-06-22 19:45 --------- d-----w C:\Program Files\VideoLAN
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 18:10 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-19 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-16 05:42 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-04-24 09:01 47,360 ----a-w C:\Documents and Settings\Maoriz\Application Data\pcouffin.sys
2008-03-25 17:54 65 ----a-w C:\Program Files\Common Files\appop.log
2008-03-25 08:11 7,363,312 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-03 21:59 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-06-16 13:42 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"AdmApi"="C:\WINDOWS\system32\jgtorubk.exe" [2008-08-16 14:30 77824]
"enui"="C:\WINDOWS\system32\ytkrkjwd.exe" [2008-08-16 15:02 77824]
"UiEn"="C:\WINDOWS\system32\dcbmjady.exe" [2008-08-17 06:11 77824]
"infosrv"="C:\WINDOWS\system32\sfidedmv.exe" [2008-08-18 12:15 86016]
"monmsg"="C:\WINDOWS\system32\mpcvqpqx.exe" [2008-08-18 12:52 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-26 02:52 385024]
"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 21:29 3165696]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 05:57 36640]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 08:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 20:12 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 20:10 46632]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 12:46 255528]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 13:51 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 14:58 65536]
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe" [2005-10-24 23:49 299008]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 01:47 270336]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44 3100672]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-06 21:20 185896]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]
"lphcve9j0et99"="C:\WINDOWS\system32\lphcve9j0et99.exe" [2008-08-18 12:52 196608]
"SMrhcre9j0et99"="C:\Program Files\rhcre9j0et99\rhcre9j0et99.exe" [2008-08-17 23:10 790528]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-18 07:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"fL00c7MVZs"="C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe" [2008-08-16 09:54 61440]

C:\Documents and Settings\Maoriz\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Monitor.lnk - C:\Program Files\Registry Clean Pro\Monitor.exe [2006-12-11 15:58:14 536576]
Scheduler.lnk - C:\Program Files\Registry Clean Pro\Scheduler.exe [2006-12-11 16:03:28 485888]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2008-03-25 16:17:01 995328]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-03 21:59:31 124400]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"genchk"= {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll [2008-08-16 13:44 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=uznwol.dll dolded.dll xnpzjg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcve9j0et99
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcre9j0et99

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-06-19 16:48 851968 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11287:TCP"= 11287:TCP:BitComet 11287 TCP
"11287:UDP"= 11287:UDP:BitComet 11287 UDP
"86:TCP"= 86:TCP:BroadCam Web Server

R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 05:29]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 16:50]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-03-08 12:03]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-06-23 10:35]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-06-23 01:09]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 22:08]

*Newly Created Service* - SJYPKT
.
Contents of the 'Scheduled Tasks' folder

2008-08-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-08-17 C:\WINDOWS\Tasks\ccleaner.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-18 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-06-14 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-06-30 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-18 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-08-17 16:28]

2008-08-17 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-08-17 16:28]

2008-08-18 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-08-14 01:29]

2008-08-16 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-08-14 01:29]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-dbsrv - C:\WINDOWS\system32\tyrixgrk.exe
HKLM-Run-108e1041 - C:\WINDOWS\system32\ltqfruxi.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Maoriz\Application Data\Mozilla\Firefox\Profiles\17hkcybv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1172.2021\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 12:52:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\blphcve9j0et99.scr
C:\WINDOWS\system32\mpcvqpqx.exe
C:\WINDOWS\system32\phcve9j0et99.bmp 625208 bytes
C:\WINDOWS\system32\lphcve9j0et99.exe 196608 bytes executable

scan completed successfully
hidden files: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDHRemote.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\lphcve9j0et99.exeC:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-08-18 12:57:44 - machine was rebooted [Maoriz]
ComboFix-quarantined-files.txt 2008-08-18 04:57:42

Pre-Run: 20,043,898,880 bytes free
Post-Run: 20,366,356,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

421 --- E O F --- 2008-08-15 08:29:21


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:38, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Registry Clean Pro\Monitor.exe
C:\Program Files\Registry Clean Pro\Scheduler.exe
C:\WINDOWS\system32\ktezgrsn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\rhcre9j0et99\rhcre9j0et99.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [lphcve9j0et99] C:\WINDOWS\system32\lphcve9j0et99.exe
O4 - HKLM\..\Run: [SMrhcre9j0et99] C:\Program Files\rhcre9j0et99\rhcre9j0et99.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdmApi] C:\WINDOWS\system32\jgtorubk.exe
O4 - HKCU\..\Run: [enui] C:\WINDOWS\system32\ytkrkjwd.exe
O4 - HKCU\..\Run: [UiEn] C:\WINDOWS\system32\dcbmjady.exe
O4 - HKCU\..\Run: [infosrv] C:\WINDOWS\system32\sfidedmv.exe
O4 - HKCU\..\Run: [monmsg] C:\WINDOWS\system32\mpcvqpqx.exe
O4 - HKLM\..\Policies\Explorer\Run: [fL00c7MVZs] C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206442671906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206447146109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - AppInit_DLLs: uznwol.dll dolded.dll xnpzjg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: genchk - {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 14433 bytes


Also upon combofix completing, my wallpaper has automatically changed now displays a warning message that i have spyware on my computer and my computer also has Antivirus xp 2008 installed.
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
It is because you are still infected.
=======================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Rootkit::
C:\WINDOWS\system32\blphcve9j0et99.scr
C:\WINDOWS\system32\mpcvqpqx.exe
C:\WINDOWS\system32\phcve9j0et99.bmp 
C:\WINDOWS\system32\lphcve9j0et99.exe 

File::
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\system32\jgtorubk.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\WINDOWS\system32\dcbmjady.exe
C:\WINDOWS\system32\sfidedmv.exe
C:\WINDOWS\system32\mpcvqpqx.exe

Folder::
C:\Program Files\RegCure
C:\Documents and Settings\All Users\Application Data\uzohqfet
C:\Program Files\rhcre9j0et99

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
"NoDispScrSavPage"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"fL00c7MVZs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphcve9j0et99"=-
"SMrhcre9j0et99"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdmApi"=-
"enui"=-
"UiEn"=-
"infosrv"=-
"monmsg"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#6
Hunter101

Hunter101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here they are

ComboFix 08-08-17.03 - Maoriz 2008-08-18 20:04:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1162 [GMT 8:00]
Running from: C:\Documents and Settings\Maoriz\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maoriz\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\dcbmjady.exe
C:\WINDOWS\system32\jgtorubk.exe
C:\WINDOWS\system32\mpcvqpqx.exe
C:\WINDOWS\system32\sfidedmv.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\WINDOWS\Tasks\RegCure Program Check.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\uzohqfet
C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Jeza\Application Data\rhcre9j0et99
C:\Documents and Settings\Maoriz\Application Data\rhcre9j0et99
C:\Program Files\RegCure
C:\Program Files\RegCure\0_days.htm
C:\Program Files\RegCure\1_days.htm
C:\Program Files\RegCure\15_days.htm
C:\Program Files\RegCure\2_days.htm
C:\Program Files\RegCure\30_days.htm
C:\Program Files\RegCure\5_days.htm
C:\Program Files\RegCure\Animated-Bar.gif
C:\Program Files\RegCure\AutoUpdate.dll
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_15_34_50.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_15_34_50.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_15_34_59.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_19_45.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_19_45.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_19_50.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_19_50.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_30.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_30.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\1_922395709l.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\111 C drive.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\111.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\203_will_smith_-_switch-syndikat.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\AAAAAAAA.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\ALL MUSIC!!!.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Beyonce (Feat Shakira) - Beautiful Liar.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\CyberLink PowerDVD 8.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\droo.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Edwin McCain - I'll Be.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Get Connected Wizard.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Keith Whitley - When You Say Nothing At All.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\l_9b5da05ab20a5762ba4df51b26afe5cd.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\l_9fc4676f852d099798941a9602a222f1.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Learn How to Hip Hop Club Dance-Body Roll Part 1.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Lou Bega - Mambo Number 5.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Maroon5 - Sunday Morning.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Music (G).lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Music Manager.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Music.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\OneTouchAccess.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Online registration.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\PKBACK# 001 (G).lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\PowerDVD 8 Help file.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\QUESTIONS 3.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Sean Paul ft. Rhianna- Break it Off.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\SHIMMER.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\The Bangles - Eternal Flame.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Uninstall PowerDVD 8.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\Unknown Album.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\VR_MANGR.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_29_37\VR_MOVIE.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_30_57.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_30_57.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_32_50.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_32_50.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_16_47_13.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_17_10_13.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_07_38.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_05.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_05.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36.bak
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36.reg
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36\1_106050075l_edited.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36\340x.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36\98197370_78f54a1f3d.lnk
C:\Program Files\RegCure\Backup\RegCureBak_August_17_08_22_57_36\drlll.lnk
C:\Program Files\RegCure\buttonfill.jpg
C:\Program Files\RegCure\buttonfill_expire.jpg
C:\Program Files\RegCure\buttonfill_mo.jpg
C:\Program Files\RegCure\buttonfill_mo_expire.jpg
C:\Program Files\RegCure\config.xml
C:\Program Files\RegCure\contentwrapper.gif
C:\Program Files\RegCure\expire.css
C:\Program Files\RegCure\footerbar.gif
C:\Program Files\RegCure\help.chm
C:\Program Files\RegCure\info_bubble.jpg
C:\Program Files\RegCure\Logs\Regcure-17-08-08-15-35-13.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-15-35-18.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-15-37-53.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-20-04.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-29-52.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-29-57.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-31-24.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-33-14.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-16-49-25.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-17-11-06.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-22-07-58.zip
C:\Program Files\RegCure\Logs\Regcure-17-08-08-22-58-41.zip
C:\Program Files\RegCure\Logs\SystemInfo.zip
C:\Program Files\RegCure\LogSettings.xml
C:\Program Files\RegCure\main.css
C:\Program Files\RegCure\process-animation.gif
C:\Program Files\RegCure\regcure.1.x.x.xx-patch.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\RegCure\RegCure.exe.BAK
C:\Program Files\RegCure\settings.xml
C:\Program Files\RegCure\subtitlebar.gif
C:\Program Files\RegCure\tile_titlebar.jpg
C:\Program Files\RegCure\uninst.exe
C:\Program Files\RegCure\Uninstall\IRIMG1.JPG
C:\Program Files\RegCure\Uninstall\IRIMG2.JPG
C:\Program Files\RegCure\Uninstall\IRIMG3.JPG
C:\Program Files\RegCure\Uninstall\uninstall.dat
C:\Program Files\RegCure\Uninstall\uninstall.xml
C:\Program Files\RegCure\whitelist.dat
C:\Program Files\RegCure\zlibwapi.dll
C:\Program Files\rhcre9j0et99
C:\Program Files\rhcre9j0et99\database.dat
C:\Program Files\rhcre9j0et99\license.txt
C:\Program Files\rhcre9j0et99\MFC71.dll
C:\Program Files\rhcre9j0et99\MFC71ENU.DLL
C:\Program Files\rhcre9j0et99\msvcp71.dll
C:\Program Files\rhcre9j0et99\msvcr71.dll
C:\Program Files\rhcre9j0et99\rhcre9j0et99.exe
C:\Program Files\rhcre9j0et99\rhcre9j0et99.exe.local
C:\Program Files\rhcre9j0et99\Uninstall.exe
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\blphcve9j0et99.scr
C:\WINDOWS\system32\dcbmjady.exe
C:\WINDOWS\system32\jgtorubk.exe
C:\WINDOWS\system32\lphcve9j0et99.exe
C:\WINDOWS\system32\mpcvqpqx.exe
C:\WINDOWS\system32\phcve9j0et99.bmp
C:\WINDOWS\system32\sfidedmv.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\WINDOWS\Tasks\RegCure Program Check.job

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-18 13:09 . 2008-08-18 13:09 196,608 --a------ C:\WINDOWS\system32\pulqjynk.exe
2008-08-18 13:09 . 2008-08-18 13:09 86,016 --a------ C:\WINDOWS\system32\devofwrm.exe
2008-08-18 10:38 . 2008-08-18 10:39 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-08-18 00:05 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-17 23:55 . 2008-08-17 23:55 <DIR> d-------- C:\Deckard
2008-08-17 23:52 . 2008-08-17 23:52 <DIR> d-------- C:\Program Files\Panda Security
2008-08-17 23:31 . 2008-08-17 23:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 21:06 . 2008-08-17 21:08 <DIR> d-------- C:\SDFix
2008-08-17 17:38 . 2008-08-17 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\shgencom
2008-08-17 17:07 . 2008-08-17 17:07 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-17 16:52 . 2008-08-17 16:58 <DIR> d-------- C:\Program Files\Registry Clean Pro
2008-08-17 16:52 . 2000-12-08 20:59 122,880 --a------ C:\WINDOWS\UnGins.exe
2008-08-17 16:17 . 2008-08-17 16:17 <DIR> d-------- C:\WINDOWS\RegCure
2008-08-17 13:11 . 2008-08-17 13:11 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Malwarebytes
2008-08-17 06:41 . 2008-08-17 06:38 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-17 06:37 . 2008-08-17 06:53 <DIR> d-------- C:\Documents and Settings\Maoriz\.housecall6.6
2008-08-16 15:21 . 2008-08-16 15:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 15:21 . 2008-08-16 15:21 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Malwarebytes
2008-08-16 15:21 . 2008-08-16 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 15:21 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 15:21 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 14:43 . 2008-08-16 14:44 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-08-16 14:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-16 14:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-16 14:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-16 14:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-16 14:42 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-16 14:42 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-16 14:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-16 14:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-16 14:17 . 2008-08-16 14:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-16 13:57 . 2008-08-16 13:57 <DIR> d-------- C:\tools
2008-08-16 13:44 . 2008-08-16 13:44 <DIR> d-------- C:\Program Files\zwbdcl
2008-08-16 13:29 . 2008-08-16 13:29 <DIR> d-------- C:\New Folder
2008-08-16 10:36 . 2008-08-18 20:16 14,317 --a------ C:\WINDOWS\system32\Config.MPF
2008-08-16 10:35 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-08-16 10:34 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-08-16 09:45 . 2008-08-16 09:45 <DIR> d-------- C:\Program Files\XoftSpySE
2008-08-16 09:02 . 2008-08-16 09:02 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-08-16 09:02 . 2008-08-16 09:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-08-16 01:17 . 2008-08-16 09:02 <DIR> d-------- C:\Program Files\Sunbelt Software(2)
2008-08-16 01:17 . 2008-08-16 01:17 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Sunbelt
2008-08-16 01:17 . 2008-08-16 01:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-08-15 23:30 . 2008-08-16 14:42 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\IDM
2008-08-15 23:30 . 2008-08-18 12:42 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\DMCache
2008-08-15 17:11 . 2008-08-15 18:58 <DIR> d-------- C:\Documents and Settings\Maoriz\dwhelper
2008-08-12 19:47 . 2008-08-12 19:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-08-12 16:20 . 2008-08-12 16:20 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Reallusion
2008-08-12 15:38 . 2008-08-12 22:54 <DIR> d-------- C:\Documents and Settings\Jeza\Shared
2008-08-12 10:42 . 2008-08-12 10:42 <DIR> d-------- C:\Program Files\uTorrent
2008-08-12 10:42 . 2008-08-18 10:55 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\uTorrent
2008-08-11 20:40 . 2008-08-11 20:40 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\ESET
2008-08-11 19:51 . 2007-08-27 10:26 27,120 --a------ C:\WINDOWS\system32\SBBD.exe
2008-08-11 16:07 . 2008-08-11 16:07 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Sunbelt Software
2008-08-11 14:19 . 2008-08-11 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\logs
2008-08-11 13:08 . 2008-08-11 20:40 <DIR> d-------- C:\etax2008
2008-08-11 12:38 . 2008-08-11 12:38 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-08-11 12:38 . 2008-08-11 12:38 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-08-11 11:28 . 2008-08-11 11:28 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-08-11 11:27 . 2008-08-11 11:27 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Sunbelt Software
2008-08-10 18:13 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-08-10 18:12 . 2008-08-10 18:12 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\ESET
2008-08-10 06:22 . 2008-08-10 06:22 <DIR> d-------- C:\Program Files\ESET
2008-08-10 06:22 . 2008-08-10 06:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 18:02 . 2008-08-15 16:26 <DIR> d-------- C:\WINDOWS\ie8updates
2008-08-07 17:59 . 2008-08-07 18:01 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-08-06 21:21 . 2008-08-06 21:21 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-04 23:48 . 2008-08-11 00:37 <DIR> d-------- C:\Program Files\Online TV Player 4
2008-08-04 23:48 . 2008-08-04 23:48 10 --a------ C:\WINDOWS\system32\810429tv4-test.jun
2008-08-04 23:17 . 2008-08-04 23:21 <DIR> d-------- C:\Program Files\PowerDVD
2008-08-04 11:13 . 2008-08-04 11:13 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Symantec
2008-08-04 10:21 . 2008-08-10 18:09 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-04 10:18 . 2008-08-04 11:05 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Symantec
2008-07-30 22:02 . 2008-07-30 22:02 <DIR> d-------- C:\STUFF
2008-07-29 22:03 . 2008-07-09 22:34 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-07-26 23:56 . 2008-07-26 23:56 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Leadertech
2008-07-26 13:15 . 2008-07-26 13:15 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Yahoo!
2008-07-26 13:14 . 2008-07-26 13:53 <DIR> d-------- C:\Documents and Settings\Jeza\Application Data\Babylon
2008-07-26 11:31 . 2008-07-26 11:31 <DIR> d-------- C:\Documents and Settings\Maoriz\Application Data\Nokia Multimedia Player
2008-07-26 10:54 . 2008-08-02 16:28 <DIR> d-------- C:\Program Files\myBabylon
2008-07-26 10:54 . 2008-08-02 16:28 <DIR> d-------- C:\Program Files\Conduit
2008-07-24 21:46 . 2008-07-24 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-23 18:01 . 2008-07-23 18:01 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-18 09:09 --------- d-----w C:\Documents and Settings\Jeza\Application Data\LimeWire
2008-08-18 01:59 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\LimeWire
2008-08-16 06:16 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-16 06:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 06:16 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\SUPERAntiSpyware.com
2008-08-16 05:43 --------- d-----w C:\Program Files\McAfee
2008-08-16 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-16 02:34 --------- d-----w C:\Program Files\Common Files\McAfee
2008-08-15 18:09 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\Vso
2008-08-15 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-12 23:12 --------- d-----w C:\Program Files\BitComet
2008-08-11 12:28 --------- d-----w C:\Program Files\Opera
2008-08-10 10:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 10:49 --------- d-----w C:\Program Files\CyberLink
2008-08-06 13:20 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-06 13:20 --------- d-----w C:\Program Files\Common Files\Real
2008-08-05 16:47 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\SiteAdvisor
2008-08-02 01:02 --------- d-----w C:\Program Files\SlySoft
2008-07-28 15:20 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-07-28 15:20 --------- d-----w C:\Program Files\AVS4YOU
2008-07-24 13:42 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 10:01 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-27 14:17 --------- d-----w C:\Program Files\EA GAMES
2008-06-27 14:17 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\My Battle for Middle-earth Files
2008-06-27 14:16 --------- d-----w C:\Program Files\Project64 1.6
2008-06-27 14:16 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-27 14:16 --------- d-----w C:\Program Files\Hamachi
2008-06-27 14:16 --------- d-----w C:\Program Files\Common Files\FotoWire
2008-06-27 14:16 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\Hamachi
2008-06-27 14:16 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\FotoWire
2008-06-27 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-06-27 14:15 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-06-27 14:15 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\AVSMedia
2008-06-27 14:14 --------- d-----w C:\Program Files\DVDFab 5
2008-06-27 14:14 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\CyberLink
2008-06-27 14:13 --------- d-----w C:\Program Files\Paint.NET
2008-06-27 14:13 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-06-27 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-27 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\{EEC20228-ECAF-4B82-B511-82D50253CF58}
2008-06-27 14:12 --------- d-----w C:\Program Files\EA GAMES(2)(2)
2008-06-27 14:12 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\My Battle for Middle-earth™ II Files
2008-06-26 06:56 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-26 03:58 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 11:25 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-24 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 10:33 --------- d-----w C:\Documents and Settings\Maoriz\Application Data\AdobeAUM
2008-06-22 19:45 --------- d-----w C:\Program Files\VideoLAN
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 18:10 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-19 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-16 05:42 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-04-24 09:01 47,360 ----a-w C:\Documents and Settings\Maoriz\Application Data\pcouffin.sys
2008-03-25 17:54 65 ----a-w C:\Program Files\Common Files\appop.log
2008-03-25 08:11 7,363,312 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
.

((((((((((((((((((((((((((((( [email protected]_12.57.30.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-18 04:09:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-18 10:19:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-18 04:09:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-18 10:19:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-18 04:09:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-18 10:19:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-03 21:59 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-06-16 13:42 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-26 02:52 385024]
"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 21:29 3165696]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 05:57 36640]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 08:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 20:12 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 20:10 46632]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 12:46 255528]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 13:51 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 14:58 65536]
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe" [2005-10-24 23:49 299008]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 01:47 270336]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44 3100672]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-06 21:20 185896]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-18 07:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Maoriz\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Monitor.lnk - C:\Program Files\Registry Clean Pro\Monitor.exe [2006-12-11 15:58:14 536576]
Scheduler.lnk - C:\Program Files\Registry Clean Pro\Scheduler.exe [2006-12-11 16:03:28 485888]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2008-03-25 16:17:01 995328]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-03 21:59:31 124400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"genchk"= {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll [2008-08-16 13:44 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcve9j0et99
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcre9j0et99

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-06-19 16:48 851968 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\My Music\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11287:TCP"= 11287:TCP:BitComet 11287 TCP
"11287:UDP"= 11287:UDP:BitComet 11287 UDP
"86:TCP"= 86:TCP:BroadCam Web Server

R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 05:29]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 16:50]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-03-08 12:03]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-06-23 10:35]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-06-23 01:09]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 22:08]
.
Contents of the 'Scheduled Tasks' folder

2008-08-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-08-17 C:\WINDOWS\Tasks\ccleaner.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-18 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-06-14 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-06-30 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-17 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe []

2008-08-18 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-08-14 01:29]

2008-08-16 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-08-14 01:29]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 20:16:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDHRemote.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-08-18 20:22:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 12:22:04
ComboFix2.txt 2008-08-18 04:57:45

Pre-Run: 20,337,618,944 bytes free
Post-Run: 15,999,643,648 bytes free

488 --- E O F --- 2008-08-15 08:29:21





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:25, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Registry Clean Pro\Monitor.exe
C:\Program Files\Registry Clean Pro\Scheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206442671906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206447146109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: genchk - {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261&
  • 0

#7
Hunter101

Hunter101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the log of HijackThis again as a few lines were cut off of the previous post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:25, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Registry Clean Pro\Monitor.exe
C:\Program Files\Registry Clean Pro\Scheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206442671906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206447146109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: genchk - {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 13731 bytes
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\pulqjynk.exe
    C:\WINDOWS\system32\devofwrm.exe
    C:\WINDOWS\RegCure
    C:\Documents and Settings\All Users\Application Data\shgencom
    C:\Program Files\zwbdcl
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\genchk
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcve9j0et99
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcre9j0et99
    C:\WINDOWS\Tasks\RegCure.job
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========
AFter that please post the OT MOve it log and a new Hijackthis log and let me know if things are back to normal?
  • 0

#9
Hunter101

Hunter101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
here are the logs. two problems occured prior to these which are that my computer now freezes approx a minute after it starts up like 9 out of 10 times i restart it and everytime i click a link or try to surf the net the page get redirected to some other site. my computer no longer recognizes the antivirus xp 2008 anymore though. i had to download OT timer and post this topic from my brothers computer.





C:\WINDOWS\system32\pulqjynk.exe moved successfully.
C:\WINDOWS\system32\devofwrm.exe moved successfully.
C:\WINDOWS\RegCure moved successfully.
C:\Documents and Settings\All Users\Application Data\shgencom moved successfully.
C:\Program Files\zwbdcl moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\genchk >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\genchk deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcve9j0et99 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcve9j0et99\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcre9j0et99 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcre9j0et99\\ deleted successfully.
C:\WINDOWS\Tasks\RegCure.job moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08192008_164748



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:34, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMan.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Maoriz\Desktop\OTMoveIt2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IDMan] C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMan.exe /onboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206442671906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206447146109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 12331 bytes
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
It may be because you are running to much protection.
Try this and see if it helps.
Uninstall these bekow:
Counterspy
Superantispyware (unless you paid for it)
McAfee (anything but the Spam filter if you want to keep it)

Then reboot and let me know if that helps.
  • 0

Advertisements


#11
Hunter101

Hunter101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
i uninstalled those programs but access is denied when i try to delete their files from the C drive. but the computer seems to stop freezing now. but i cant go on the internet on it because it keeps redirecting me
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You cannot delete the folders until a reboot as they are still in use.

but i cant go on the internet on it because it keeps redirecting me

Redirecting you to what?
  • 0

#13
Hunter101

Hunter101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
My internet browsers (mozilla firefoxe 3 and internet explorer 7) keep redirecting me to other websites. like when i click on the geektogo site when the tab opens up it goes to searchshopbuy.com or booktopia.com.i am unable to access this site from my computer. i have to post these replys from my brother's computer.
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Save these to a cd or a flash drive and transfer it to the infcted computer.
=========================
Download the HostsXpert 4.2 - Hosts File Manager.
Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager.

*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
==========
After that Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

  • 0

#15
Hunter101

Hunter101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
here is the requested file

Attached Files

  • Attached File  Mao.run   145.88KB   46 downloads

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP