Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TROJAN: trojan-spy.win32.greenscreen.aa and others

Started by Hunter101 , Aug 17 2008 10:33 AM

  • Please log in to reply

#1
Hunter101
Posted 17 August 2008 - 10:33 AM

Hunter101

    Member

  • Member
  • PipPip
  • 26 posts
Hello,


I have Windows xp Sp2 and started to have this problem when a friend sent over a file.

I scanned my pc with Ccleaner, SuperantiSpyware, MalwareBytes, Regcure and ESET Security Suite.

They say the trojans have been removed but they seem to reappear when i reboot my pc

i've also scanned them in safe mode.

Here is my logfile and Deckards system scanner:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:54, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Registry Clean Pro\Scheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMan.exe
C:\DOCUME~1\Maoriz\LOCALS~1\Temp\installation_wizard.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\Documents and Settings\Maoriz\My Documents\Downloads\Programs\dss_2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\Maoriz\LOCALS~1\Temp\~enkiayd.tmp\swreg.exe
C:\DOCUME~1\Maoriz\LOCALS~1\Temp\~enkiayd.tmp\sed.exe
C:\DOCUME~1\Maoriz\LOCALS~1\Temp\~enkiayd.tmp\sed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\GM1103~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\ABOUT_~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\K8R03DBY\MAIN_1~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\K8R03DBY\BLANK_~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\MOREGA~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\LOADAD~3.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\K8R03DBY\MSNGAM~2.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\HELP_2~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\BUDDYL~2.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\Z5JH6UAL\LOADAD~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\Z5JH6UAL\GAMEEN~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\KWQU7L1W\HELP_1~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\L35ZMHDH\BUDDYL~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\T
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IDMan] C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdmApi] C:\WINDOWS\system32\jgtorubk.exe
O4 - HKCU\..\Run: [enui] C:\WINDOWS\system32\ytkrkjwd.exe
O4 - HKCU\..\Run: [UiEn] C:\WINDOWS\system32\dcbmjady.exe
O4 - HKCU\..\Run: [RegCom32] C:\DOCUME~1\Maoriz\LOCALS~1\Temp\installation_wizard.exe
O4 - HKLM\..\Policies\Explorer\Run: [fL00c7MVZs] C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206442671906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206447146109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: genchk - {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 15609 bytes


DECKARD"S SYSTTEM SCANNER:

Deckard's System Scanner v20071014.68
Run by Maoriz on 2008-08-18 00:31:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Maoriz.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:40, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Registry Clean Pro\Scheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMan.exe
C:\DOCUME~1\Maoriz\LOCALS~1\Temp\installation_wizard.exe
C:\WINDOWS\system32\ytkrkjwd.exe
C:\Documents and Settings\Maoriz\My Documents\Downloads\Programs\dss_2.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Maoriz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\GM1103~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\ABOUT_~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\K8R03DBY\MAIN_1~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\K8R03DBY\BLANK_~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\MOREGA~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\LOADAD~3.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\K8R03DBY\MSNGAM~2.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\HELP_2~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\U3L2YWCM\BUDDYL~2.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\Z5JH6UAL\LOADAD~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\Z5JH6UAL\GAMEEN~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\KWQU7L1W\HELP_1~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\TEMPOR~1\Content.IE5\L35ZMHDH\BUDDYL~1.SH! C:\DOCUME~1\Maoriz\LOCALS~1\T
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IDMan] C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdmApi] C:\WINDOWS\system32\jgtorubk.exe
O4 - HKCU\..\Run: [enui] C:\WINDOWS\system32\ytkrkjwd.exe
O4 - HKCU\..\Run: [UiEn] C:\WINDOWS\system32\dcbmjady.exe
O4 - HKCU\..\Run: [RegCom32] C:\DOCUME~1\Maoriz\LOCALS~1\Temp\installation_wizard.exe
O4 - HKLM\..\Policies\Explorer\Run: [fL00c7MVZs] C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206442671906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206447146109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: genchk - {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 15399 bytes

-- Files created between 2008-07-18 and 2008-08-18 -----------------------------

2008-08-17 23:57:55 0 d-------- C:\WINDOWS\LastGood
2008-08-17 23:52:25 0 d-------- C:\Program Files\Panda Security
2008-08-17 23:31:40 0 d-------- C:\Program Files\Trend Micro
2008-08-17 17:38:55 0 d-------- C:\Documents and Settings\All Users\Application Data\shgencom
2008-08-17 17:07:34 0 d-------- C:\Program Files\Enigma Software Group
2008-08-17 16:59:11 0 dr-h----- C:\Documents and Settings\Maoriz\Recent
2008-08-17 16:52:46 122880 --a------ C:\WINDOWS\UnGins.exe
2008-08-17 16:52:31 0 d-------- C:\Program Files\Registry Clean Pro
2008-08-17 16:17:37 0 d-------- C:\WINDOWS\RegCure
2008-08-17 15:22:32 0 d-------- C:\Program Files\RegCure
2008-08-17 13:11:04 0 d-------- C:\Documents and Settings\Jeza\Application Data\Malwarebytes
2008-08-17 06:37:48 0 d-------- C:\Documents and Settings\Maoriz\.housecall6.6
2008-08-17 06:11:16 77824 --a------ C:\WINDOWS\system32\dcbmjady.exe
2008-08-16 15:21:12 0 d-------- C:\Documents and Settings\Maoriz\Application Data\Malwarebytes
2008-08-16 15:21:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 15:21:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 15:09:38 0 d-------- C:\WINDOWS\pss
2008-08-16 15:02:59 77824 --a------ C:\WINDOWS\system32\ytkrkjwd.exe
2008-08-16 14:43:02 0 d-------- C:\Program Files\RogueRemover FREE
2008-08-16 14:42:09 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-16 14:42:09 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-08-16 14:42:09 82432 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-16 14:42:08 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-16 14:42:08 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-16 14:42:08 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-08-16 14:42:07 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-08-16 14:30:04 77824 --a------ C:\WINDOWS\system32\jgtorubk.exe
2008-08-16 14:17:14 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-16 13:57:00 0 d-------- C:\tools
2008-08-16 13:44:31 0 d-------- C:\Program Files\zwbdcl
2008-08-16 13:29:53 0 d-------- C:\New Folder
2008-08-16 10:35:14 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-08-16 09:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\uzohqfet
2008-08-16 09:45:15 0 d-------- C:\Program Files\XoftSpySE
2008-08-16 09:02:06 0 d-------- C:\Program Files\Sunbelt Software
2008-08-16 09:02:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-08-16 01:17:35 0 d-------- C:\Documents and Settings\Maoriz\Application Data\Sunbelt
2008-08-16 01:17:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-08-16 01:17:03 0 d-------- C:\Program Files\Sunbelt Software(2)
2008-08-16 00:04:54 6029312 --a------ C:\Documents and Settings\Maoriz\ntuser.dat
2008-08-16 00:04:54 3670016 --a------ C:\Documents and Settings\Jeza\ntuser.dat
2008-08-15 23:30:30 0 d-------- C:\Documents and Settings\Maoriz\Application Data\IDM
2008-08-15 23:30:30 0 d-------- C:\Documents and Settings\Maoriz\Application Data\DMCache
2008-08-15 17:11:08 0 d-------- C:\Documents and Settings\Maoriz\dwhelper
2008-08-12 19:47:07 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-08-12 16:20:05 0 d-------- C:\Documents and Settings\Jeza\Application Data\Reallusion
2008-08-12 15:38:20 0 d-------- C:\Documents and Settings\Jeza\Shared
2008-08-12 10:42:04 0 d-------- C:\Program Files\uTorrent
2008-08-12 10:42:03 0 d-------- C:\Documents and Settings\Maoriz\Application Data\uTorrent
2008-08-11 20:40:23 0 d-------- C:\Documents and Settings\Jeza\Application Data\ESET
2008-08-11 20:27:46 4456448 --a------ C:\Documents and Settings\Janis\ntuser.dat
2008-08-11 16:07:16 0 d-------- C:\Documents and Settings\Jeza\Application Data\Sunbelt Software
2008-08-11 14:19:47 0 d-------- C:\Documents and Settings\All Users\Application Data\logs
2008-08-11 13:08:32 0 d-------- C:\etax2008
2008-08-11 12:38:08 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-08-11 12:38:08 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-08-11 12:12:06 0 d-------- C:\Documents and Settings\Janis\Application Data\Sunbelt Software
2008-08-11 11:27:21 0 d-------- C:\Documents and Settings\Maoriz\Application Data\Sunbelt Software
2008-08-10 19:57:11 0 d-------- C:\Documents and Settings\Janis\Application Data\ESET
2008-08-10 18:13:11 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-08-10 18:12:33 0 d-------- C:\Documents and Settings\Maoriz\Application Data\ESET
2008-08-10 06:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-10 06:21:12 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-08-07 18:02:36 0 d-------- C:\WINDOWS\ie8updates
2008-08-07 17:59:56 0 d--h---c- C:\WINDOWS\ie8
2008-08-06 21:21:07 0 d-------- C:\Program Files\Common Files\xing shared
2008-08-04 23:48:37 0 d-------- C:\Program Files\Online TV Player 4
2008-08-04 23:17:16 0 d-------- C:\Program Files\PowerDVD
2008-08-04 12:36:35 0 d-------- C:\Documents and Settings\Janis\Application Data\Symantec
2008-08-04 11:13:45 0 d-------- C:\Documents and Settings\Jeza\Application Data\Symantec
2008-08-04 10:21:21 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-04 10:18:27 0 d-------- C:\Documents and Settings\Maoriz\Application Data\Symantec
2008-07-30 22:02:04 0 d-------- C:\STUFF
2008-07-28 20:20:51 0 d-------- C:\Documents and Settings\Janis\Application Data\Yahoo!
2008-07-26 23:56:07 0 d-------- C:\Documents and Settings\Jeza\Application Data\Leadertech
2008-07-26 13:15:07 0 d-------- C:\Documents and Settings\Jeza\Application Data\Yahoo!
2008-07-26 13:14:24 0 d-------- C:\Documents and Settings\Jeza\Application Data\Babylon
2008-07-26 11:33:25 0 d-------- C:\Documents and Settings\Janis\Application Data\Babylon
2008-07-26 11:31:05 0 d-------- C:\Documents and Settings\Maoriz\Application Data\Nokia Multimedia Player
2008-07-26 10:54:42 0 d-------- C:\Program Files\Conduit
2008-07-26 10:54:41 0 d-------- C:\Program Files\myBabylon
2008-07-24 22:43:27 0 d-------- C:\Documents and Settings\Janis\Application Data\AdobeUM
2008-07-24 21:46:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-23 18:01:23 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU


-- Find3M Report ---------------------------------------------------------------

2008-08-16 14:17:14 0 d-------- C:\Program Files\Common Files
2008-08-16 14:16:31 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-16 14:16:30 0 d-------- C:\Documents and Settings\Maoriz\Application Data\SUPERAntiSpyware.com
2008-08-16 14:16:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 13:43:48 0 d-------- C:\Program Files\McAfee
2008-08-16 10:34:54 0 d-------- C:\Program Files\Common Files\McAfee
2008-08-16 02:09:09 0 d-------- C:\Documents and Settings\Maoriz\Application Data\Vso
2008-08-15 17:49:14 109 --a------ C:\Documents and Settings\Maoriz\Application Data\AVSDVDPlayer.m3u
2008-08-15 16:29:13 0 d-------- C:\Program Files\Messenger
2008-08-13 14:36:19 0 d-------- C:\Documents and Settings\Maoriz\Application Data\LimeWire
2008-08-13 07:12:14 0 d-------- C:\Program Files\BitComet
2008-08-11 20:28:46 0 d-------- C:\Program Files\Opera
2008-08-10 18:49:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-10 18:49:28 0 d-------- C:\Program Files\CyberLink
2008-08-06 21:20:54 0 d-------- C:\Program Files\Common Files\Real
2008-08-06 00:47:51 0 d-------- C:\Documents and Settings\Maoriz\Application Data\SiteAdvisor
2008-08-02 09:02:44 0 d-------- C:\Program Files\SlySoft
2008-07-28 23:20:36 0 d-------- C:\Program Files\AVS4YOU
2008-07-28 23:20:33 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-07-24 21:42:22 0 d-------- C:\Program Files\Yahoo!
2008-07-23 18:01:36 0 d-------- C:\Program Files\Microsoft SQL Server
2008-06-28 02:19:07 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-27 22:17:22 0 d-------- C:\Documents and Settings\Maoriz\Application Data\My Battle for Middle-earth Files
2008-06-27 22:17:20 0 d-------- C:\Program Files\EA GAMES
2008-06-27 22:16:59 0 d-------- C:\Documents and Settings\Maoriz\Application Data\Hamachi
2008-06-27 22:16:58 0 d-------- C:\Program Files\Hamachi
2008-06-27 22:16:54 0 d-------- C:\Program Files\Project64 1.6
2008-06-27 22:16:43 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-27 22:16:39 0 d-------- C:\Documents and Settings\Maoriz\Application Data\Help
2008-06-27 22:16:34 0 d-------- C:\Documents and Settings\Maoriz\Application Data\FotoWire
2008-06-27 22:16:33 0 d-------- C:\Program Files\Common Files\FotoWire
2008-06-27 22:15:52 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-06-27 22:15:29 0 d-------- C:\Documents and Settings\Maoriz\Application Data\AVSMedia
2008-06-27 22:14:33 0 d-------- C:\Program Files\DVDFab 5
2008-06-27 22:14:32 0 d-------- C:\Documents and Settings\Maoriz\Application Data\CyberLink
2008-06-27 22:13:50 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-27 22:13:38 0 d-------- C:\Program Files\Paint.NET
2008-06-27 22:12:39 0 d-------- C:\Documents and Settings\Maoriz\Application Data\My Battle for Middle-earth™ II Files
2008-06-27 22:12:33 0 d-------- C:\Program Files\EA GAMES(2)(2)
2008-06-26 11:58:14 0 d-------- C:\Program Files\SiteAdvisor
2008-06-24 18:33:21 0 d-------- C:\Documents and Settings\Maoriz\Application Data\AdobeAUM
2008-06-23 03:45:34 0 d-------- C:\Program Files\VideoLAN
2008-06-20 14:31:58 199 --a------ C:\Documents and Settings\Maoriz\Application Data\Options.ini
2008-06-20 10:05:06 170 --a------ C:\Documents and Settings\Maoriz\Application Data\Network.ini
2008-06-16 19:25:50 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [04/18/2006 07:34 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/04/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41]
"nwiz"="nwiz.exe" [12/05/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [04/26/2006 02:52]
"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [11/09/2006 21:29]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 19:12]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/25/2007 05:57]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 08:03]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [01/29/2007 20:12]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [01/29/2007 20:10]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [02/01/2007 12:46]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [03/12/2007 13:51]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [01/26/2007 14:58]
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe" [10/24/2005 23:49]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [01/21/2005 01:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 21:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 03:25]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [09/07/2007 14:44]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [07/19/2005 17:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/06/2008 21:20]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [06/10/2008 18:52]
"@"="" []
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [11/28/2007 12:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 20:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/03/2008 21:59]
"DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.exe" [12/04/2007 13:32]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [06/16/2008 13:42]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/08/2005 14:44]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 17:43]
"IDMan"="C:\DOCUME~1\Maoriz\LOCALS~1\Temp\IDMan.exe" [08/18/2008 00:18]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33]
"AdmApi"="C:\WINDOWS\system32\jgtorubk.exe" [08/16/2008 14:30]
"enui"="C:\WINDOWS\system32\ytkrkjwd.exe" [08/16/2008 15:02]
"UiEn"="C:\WINDOWS\system32\dcbmjady.exe" [08/17/2008 06:11]
"RegCom32"="C:\DOCUME~1\Maoriz\LOCALS~1\Temp\installation_wizard.exe" [08/18/2008 00:18]

C:\Documents and Settings\Maoriz\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Monitor.lnk - C:\Program Files\Registry Clean Pro\Monitor.exe [12/11/2006 3:58:14 PM]
Scheduler.lnk - C:\Program Files\Registry Clean Pro\Scheduler.exe [12/11/2006 4:03:28 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [3/25/2008 4:17:01 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/3/2008 9:59:31 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"fL00c7MVZs"=C:\Documents and Settings\All Users\Application Data\uzohqfet\cjytcnkb.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=00000000
"NoActiveDesktop"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"genchk"= {74D7233D-BAAA-5E96-D1A7-081DEDAAEAA4} - C:\Program Files\zwbdcl\genchk.dll [08/16/2008 13:44 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documen
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP