Dear Friends. Since many days my pc not working properly, either virus or spyware?? i ran spyware doctor many times always its find some trojon virtumonde and cleaning it and again if i scan it finds it again. i ran vundofix. it too always finds some errors and cleans it (like awvvt.exe etc)but if i scan again it finds agan. also i noticed in my desktop two icons which leads to storageprotector.com. one more thing i noticed that in C drive i can a thousands of pos files also i get freequent fake error messages. Please guide me. Thaks in advance

Go to the this link: Disable Realtime Protection Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files. Run Vundofix again. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required. Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running, it may cause your system to hang.) Please post the log it produces.

Thaks a lot for help Please find the following logs Logs from Hijak this:- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:47:35, on 09/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe C:\WINDOWS\system32\lxczcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\VIP\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.62.97.21:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.2;<local> R3 - Default URLSearchHook is missing F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvt.exe O1 - Hosts: 62.189.6.83 _sip._tls.ijkl.winnerip.com O1 - Hosts: 62.189.6.83 _sip._ssl.ijkl.winnerip.com O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Nexus Radio Toolbar - {2462d2d8-b36e-44ab-84bf-c5a9383d2429} - C:\Program Files\Nexus_Radio\tbNex1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [4ce9994c] rundll32.exe "C:\WINDOWS\system32\tawepvpe.dll",b O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: &Search - ?p=ZBxdm210YYSA O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://sifyimg.speedera.net/sify.co... O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/2517... O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/asc... O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoin... O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 6613 bytes ======================================== and logs from Combofix is:- ComboFix 08-02.05.3 - VIP 2008-02-09 17:57:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.149 [GMT 3:00] Running from: C:\Documents and Settings\VIP\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Free Download Manager\FUM\fumoei.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Lexmark Fax Solutions\fm3032.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe C:\Program Files\Yahoo!\Messenger\YAHOOM~1.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\cookies.ini C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\ashloirs.ini C:\WINDOWS\system32\awvvt.dll C:\WINDOWS\system32\awvvt.exe C:\WINDOWS\system32\awwjnqgu.ini C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\cyratuad.ini C:\WINDOWS\system32\eagfddmy.ini C:\WINDOWS\system32\eigkjpvy.ini C:\WINDOWS\system32\hxqaneys.ini C:\WINDOWS\system32\lvouulek.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mlyrraqo.ini C:\WINDOWS\system32\MRT.exe C:\WINDOWS\system32\ojifjnxf.ini C:\WINDOWS\system32\pajejklg.ini C:\WINDOWS\system32\plahaxyu.ini C:\WINDOWS\system32\pmdskdxl.ini C:\WINDOWS\system32\qnnsxxcg.ini C:\WINDOWS\system32\RCX10.tmp C:\WINDOWS\system32\RCX11.tmp C:\WINDOWS\system32\RCX12.tmp C:\WINDOWS\system32\RCX13.tmp C:\WINDOWS\system32\RCX15.tmp C:\WINDOWS\system32\RCX16.tmp C:\WINDOWS\system32\RCX35.tmp C:\WINDOWS\system32\RCX67.tmp C:\WINDOWS\system32\RCX85.tmp C:\WINDOWS\system32\RCXA.tmp C:\WINDOWS\system32\RCXB.tmp C:\WINDOWS\system32\RCXC.tmp C:\WINDOWS\system32\RCXD.tmp C:\WINDOWS\system32\RCXE.tmp C:\WINDOWS\system32\RCXF.tmp C:\WINDOWS\system32\rirpmqgu.ini C:\WINDOWS\system32\systocz.dll C:\WINDOWS\system32\tvvwa.ini C:\WINDOWS\system32\tvvwa.ini2 C:\WINDOWS\system32\update.exe C:\WINDOWS\system32\windows C:\WINDOWS\system32\xplytvpj.ini C:\WINDOWS\system32\xpnlloac.ini C:\WINDOWS\system32\xyhmqixr.ini C:\WINDOWS\system32\yqywywso.ini ----- BITS: Possible infected sites ----- hxxp://www.download.windowsupdate.com . ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) . 2008-02-09 17:41 . 2008-02-09 17:41 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-02-07 23:42 . 2008-02-07 23:42 154,511 --a------ C:\[u]0[/u]130007WELLFIT AUTO CARE (WHOLESALE).fbk 2008-02-07 21:47 . 2008-02-07 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-02-07 21:42 . 2008-02-07 21:42 <DIR> d-------- C:\Program Files\IVT Corporation 2008-02-05 22:35 . 2008-02-05 22:35 90,688 --a------ C:\WINDOWS\system32\rxiqmhyx.dll 2008-02-04 18:03 . 2008-02-04 18:03 <DIR> d-------- C:\Program Files\FDRLab 2008-02-04 14:45 . 2008-02-04 14:51 13,824 ---hs---- C:\WINDOWS\system32\53341Rapid.Hacker.exe 2008-02-04 14:42 . 2008-02-04 14:40 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-02-04 14:25 . 2008-02-04 14:51 872,448 ---hs---- C:\WINDOWS\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe 2008-02-02 21:43 . 2004-08-04 01:56 388,608 --a------ C:\kmd.exe 2008-02-02 21:27 . 2008-02-02 21:25 1,593,209 --a------ C:\ComboFix.exe 2008-02-02 18:08 . 2008-02-02 18:09 <DIR> d-------- C:\WINDOWS\ERUNT 2008-02-02 16:40 . 2008-02-02 21:08 <DIR> d-------- C:\SDFix 2008-01-30 14:03 . 2006-10-20 15:21 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2008-01-28 14:31 . 2008-01-28 14:31 24 --a------ C:\WINDOWS\cdplayer.ini 2008-01-27 18:11 . 2008-01-27 21:38 <DIR> d-------- C:\Program Files\Panda Security 2008-01-27 17:17 . 2008-01-27 17:17 163,904 --a------ C:\WINDOWS\system32\eulucumj.dll.vir 2008-01-26 22:51 . 2008-01-26 22:51 <DIR> d-------- C:\Documents and Settings\VIP\Application Data\FaxCtr 2008-01-26 22:36 . 2008-01-26 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr 2008-01-26 22:36 . 2006-04-28 12:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL 2008-01-26 22:36 . 2006-04-28 12:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL 2008-01-26 22:36 . 2006-04-28 12:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL 2008-01-26 22:36 . 2006-04-28 12:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL 2008-01-26 22:36 . 2006-04-28 12:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL 2008-01-26 22:36 . 2006-11-22 16:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL 2008-01-26 22:36 . 2006-11-22 16:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL 2008-01-26 22:36 . 2006-11-22 17:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL 2008-01-26 22:35 . 2008-02-09 18:03 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions 2008-01-26 22:34 . 2008-01-26 22:35 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-01-26 22:32 . 2007-01-22 16:49 344,064 --a------ C:\WINDOWS\system32\lxczcoin.dll 2008-01-26 22:32 . 2006-03-27 19:19 40,960 --a------ C:\WINDOWS\system32\lxczvs.dll 2008-01-26 22:32 . 2008-02-02 11:46 274 --a------ C:\WINDOWS\Lexstat.ini 2008-01-26 22:31 . 2008-02-09 18:03 <DIR> d-------- C:\Program Files\Lexmark 1200 Series 2008-01-26 22:30 . 2007-02-09 01:44 1,851 --a------ C:\WINDOWS\system32\lxcz.loc 2008-01-26 21:41 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2008-01-26 21:41 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-01-26 21:41 . 2007-01-23 06:30 73,728 -ra------ C:\WINDOWS\system32\lxczcfg.dll 2008-01-26 21:41 . 2007-02-08 01:58 39,899 -ra------ C:\WINDOWS\system32\rtsicis.ini 2008-01-23 12:31 . 2008-01-23 12:31 <DIR> d-------- C:\Program Files\JustVoip.com 2008-01-23 12:27 . 2008-01-23 12:27 <DIR> d-------- C:\Program Files\Intuwave Ltd 2008-01-23 12:23 . 2007-12-11 14:04 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll 2008-01-21 22:51 . 2008-01-21 22:51 125,509 --a------ C:\[u]0[/u]130011WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-21 22:51 . 2008-01-31 23:03 65,866 --a------ C:\[u]0[/u]330011WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-21 12:32 . 2008-02-09 17:25 <DIR> d-------- C:\VundoFix Backups 2008-01-20 12:36 . 2008-01-20 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm 2008-01-20 12:35 . 2008-01-20 12:35 <DIR> d-------- C:\Program Files\Siber Systems 2008-01-19 23:10 . 2008-01-29 23:17 153,288 --a------ C:\[u]0[/u]130009WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-17 16:55 . 2008-02-09 18:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-17 16:54 . 2008-02-05 13:35 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-01-17 16:54 . 2008-01-17 16:54 <DIR> d-------- C:\Documents and Settings\VIP\Application Data\PC Tools 2008-01-17 16:54 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-17 16:54 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-01-17 16:54 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-01-17 16:54 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-01-17 11:44 . 2008-01-19 17:22 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-01-16 20:46 . 2008-01-16 20:46 342,528 --a------ C:\WINDOWS\system32\RCX259C.tmp 2008-01-16 19:08 . 2008-02-06 23:24 154,047 --a------ C:\[u]0[/u]130006WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-16 18:33 . 2008-01-16 18:33 17,642,616 --a------ C:\WINDOWS\system32\MRT .exe 2008-01-16 14:29 . 2008-01-16 14:29 118 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-16 11:27 . 2008-01-19 21:41 <DIR> d-------- C:\Program Files\Mightyfax 2008-01-16 11:27 . 2005-05-13 09:21 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL 2008-01-16 11:27 . 2001-07-16 02:06 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL 2008-01-16 11:27 . 2008-02-07 12:43 92 --a------ C:\WINDOWS\mfpd.ini 2008-01-16 11:20 . 2008-01-16 12:26 227 --a------ C:\WINDOWS\wininit.ini 2008-01-16 10:35 . 2008-01-16 11:24 <DIR> d-------- C:\Program Files\RegCure 2008-01-15 22:05 . 2008-01-15 22:05 59,312 --a------ C:\[u]0[/u]330005WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-14 23:12 . 2008-01-24 23:33 139,894 --a------ C:\[u]0[/u]130004WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-14 23:12 . 2008-02-04 23:38 68,124 --a------ C:\[u]0[/u]330004WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-13 22:18 . 2008-01-13 22:18 <DIR> d-------- C:\WINDOWS\Applian FLV Player 2008-01-13 22:18 . 2008-01-13 22:18 <DIR> d-------- C:\Program Files\FLV Player 2008-01-13 09:22 . 2008-02-09 12:23 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-12 23:30 . 2008-01-22 22:57 131,918 --a------ C:\[u]0[/u]130002WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-12 18:27 . 2008-01-21 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe 2008-01-12 18:08 . 2008-01-12 18:08 <DIR> d-------- C:\Program Files\Radio Dum Dum 2008-01-12 11:20 . 2008-01-12 11:20 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-12 11:20 . 2008-01-17 13:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-12 10:59 . 2008-01-12 18:08 <DIR> d-------- C:\Program Files\Registry Clean Pro 2008-01-10 13:42 . 2008-01-30 18:13 65,012 --a------ C:\[u]0[/u]330000WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-10 00:00 . 2008-01-30 18:13 153,404 --a------ C:\[u]0[/u]130000WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-09 23:59 . 2008-01-29 23:15 64,854 --a------ C:\[u]0[/u]330009WELLFIT AUTO CARE CENTER - JEDDAH.fbk . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-09 15:03 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2008-02-09 15:03 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-02-07 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-07 11:56 --------- d-----w C:\Program Files\MSN Messenger 2008-02-06 13:28 --------- d-----w C:\Documents and Settings\VIP\Application Data\LimeWire 2008-02-06 11:14 --------- d-----w C:\Program Files\LimeWire 2008-02-03 18:12 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe 2008-02-02 13:48 503,296 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp 2008-01-30 12:02 --------- d-----w C:\Program Files\Webroot 2008-01-30 12:02 --------- d-----w C:\Documents and Settings\VIP\Application Data\Webroot 2008-01-30 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot 2008-01-28 12:02 --------- d-----w C:\Documents and Settings\VIP\Application Data\Launchy 2008-01-23 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-19 14:42 --------- d-----w C:\Program Files\HTTP-Tunnel 2008-01-19 13:40 --------- d-----w C:\Program Files\Java 2008-01-19 12:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-01-19 12:15 --------- d-----w C:\Program Files\Quran_AR 2008-01-13 06:27 --------- d-----w C:\Program Files\Nexus Radio 2008-01-12 15:08 --------- d-----w C:\Program Files\Nexus_Radio 2008-01-10 14:21 --------- d-----w C:\Documents and Settings\VIP\Application Data\FrostWire 2008-01-05 09:27 --------- d-----w C:\Documents and Settings\VIP\Application Data\JustVoip 2007-12-12 15:12 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-12-11 10:57 --------- d-----w C:\Program Files\Morpheus 2007-12-10 08:37 --------- d-----w C:\Program Files\RKS Fax 2007-06-13 10:23 843,776 --sh--r C:\WINDOWS\system32\kssolc.exe . [code] ----a-w 39,792 2008-01-28 11:40:20 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ----a-w 1,450,096 2008-01-28 11:40:22 C:\Program Files\Ahead\InCD\InCD .exe ----a-w 106,496 2008-01-28 11:40:17 C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray .exe ----a-w 180,269 2008-02-09 14:44:37 C:\Program Files\Common Files\Real\Update_OB\realsched .exe ----a-w 847,872 2008-01-19 11:13:59 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe ----a-w 40,960 2008-01-28 11:40:52 C:\Program Files\Free Download Manager\FUM\fumoei .exe ----a-w 132,496 2008-01-19 12:00:16 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe ----a-w 132,496 2008-01-28 11:40:15 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ----a-w 74,672 2008-01-28 15:03:36 C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe ----a-w 295,856 2008-01-28 11:40:26 C:\Program Files\Lexmark Fax Solutions\fm3032 .exe ----a-w 600,896 2008-01-28 11:40:21 C:\Program Files\Microsoft IntelliPoint\ipoint .exe ----a-w 576,320 2008-01-28 11:40:20 C:\Program Files\Microsoft IntelliType Pro\itype .exe ----a-w 2,947,584 2008-01-13 06:22:13 C:\Program Files\Nexus Radio\Nexus Radio .exe ----a-w 335,872 2008-01-19 12:00:21 C:\Program Files\Quran_AR\Quran_AR .exe ----a-w 160,592 2008-01-21 08:50:28 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon .exe ----a-w 1,103,752 2008-01-30 11:57:30 C:\Program Files\Spyware Doctor\pctsTray .exe ----a-w 1,206,600 2008-02-06 20:11:54 C:\Program Files\Webroot\Washer\wwDisp .exe ----a-w 4,670,968 2008-01-28 11:40:42 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe ----a-w 158,208 2008-02-03 18:12:40 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe ----a-w 15,360 2008-02-09 09:23:51 C:\WINDOWS\system32\ctfmon .exe ----a-w 17,642,616 2008-01-16 15:33:35 C:\WINDOWS\system32\MRT .exe ----a-w 155,648 2008-01-21 08:50:20 C:\WINDOWS\system32\NeroCheck .exe [/code] ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}] 2007-12-11 20:19 1502232 --a------ C:\Program Files\Nexus_Radio\tbNex1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7111AEF-7F4B-42DA-80AD-9AD4BB969D8A}] C:\WINDOWS\system32\awvvt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c700f645-611c-4f5e-9489-c5ef81a78318}] C:\WINDOWS\system32\ovxsbbnv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BA52B914-B692-46C4-B683-905236F6F655} {E0E899AB-F487-11D5-8D29-0050BA6940E3} {2462D2D8-B36E-44AB-84BF-C5A9383D2429} [HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2462D2D8-B36E-44AB-84BF-C5A9383D2429}"= C:\Program Files\Nexus_Radio\tbNex1.dll [2007-12-11 20:19 1502232] [HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ] "4ce9994c"="C:\WINDOWS\system32\tawepvpe.dll" [ ] "combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 01:56 388608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajwzwgrb] ajwzwgrb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcyxv] khfcyxv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk] backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk] backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk] backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler.exe] backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-04 04:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip] C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\awvvt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -ra------ 2005-09-22 23:36 14854144 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2008-01-28 14:40 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wscsvc"=2 (0x2) R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 01:50] R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-10-03 09:33] S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32] S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 18:27] S3 GNDHVF;Genius VideoCAM Smart300 V2;C:\WINDOWS\system32\DRIVERS\gndhvf.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4A6147C6-1320-9C42-021B-C3ABFAE0E786}] C:\WINDOWS\system32\update.exe . Contents of the 'Scheduled Tasks' folder "2008-02-09 15:06:17 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-01-24 10:16:19 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-09 18:06:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . r Running Proce . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe . ************************************************************************** . Completion time: 2008-02-09 18:10:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-09 15:10:35 . 2008-01-19 11:27:52 --- E O F --- ================= Thankyou

Open Notepad and copy/paste everything between the X"s into it and make sure "RenV::" is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RenV:: ----a-w 39,792 2008-01-28 11:40:20 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ----a-w 1,450,096 2008-01-28 11:40:22 C:\Program Files\Ahead\InCD\InCD .exe ----a-w 106,496 2008-01-28 11:40:17 C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray .exe ----a-w 180,269 2008-02-09 14:44:37 C:\Program Files\Common Files\Real\Update_OB\realsched .exe ----a-w 847,872 2008-01-19 11:13:59 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe ----a-w 40,960 2008-01-28 11:40:52 C:\Program Files\Free Download Manager\FUM\fumoei .exe ----a-w 132,496 2008-01-19 12:00:16 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe ----a-w 132,496 2008-01-28 11:40:15 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ----a-w 74,672 2008-01-28 15:03:36 C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe ----a-w 295,856 2008-01-28 11:40:26 C:\Program Files\Lexmark Fax Solutions\fm3032 .exe ----a-w 600,896 2008-01-28 11:40:21 C:\Program Files\Microsoft IntelliPoint\ipoint .exe ----a-w 576,320 2008-01-28 11:40:20 C:\Program Files\Microsoft IntelliType Pro\itype .exe ----a-w 2,947,584 2008-01-13 06:22:13 C:\Program Files\Nexus Radio\Nexus Radio .exe ----a-w 335,872 2008-01-19 12:00:21 C:\Program Files\Quran_AR\Quran_AR .exe ----a-w 160,592 2008-01-21 08:50:28 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon .exe ----a-w 1,103,752 2008-01-30 11:57:30 C:\Program Files\Spyware Doctor\pctsTray .exe ----a-w 1,206,600 2008-02-06 20:11:54 C:\Program Files\Webroot\Washer\wwDisp .exe ----a-w 4,670,968 2008-01-28 11:40:42 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe ----a-w 158,208 2008-02-03 18:12:40 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe ----a-w 15,360 2008-02-09 09:23:51 C:\WINDOWS\system32\ctfmon .exe ----a-w 17,642,616 2008-01-16 15:33:35 C:\WINDOWS\system32\MRT .exe ----a-w 155,648 2008-01-21 08:50:20 C:\WINDOWS\system32\NeroCheck .exe File:: C:\WINDOWS\system32\rxiqmhyx.dll C:\WINDOWS\system32\eulucumj.dll.vir C:\WINDOWS\system32\RCX259C.tmp C:\WINDOWS\system32\tawepvpe.dll C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp C:\WINDOWS\system32\awvvt.dll C:\WINDOWS\system32\ovxsbbnv.dll Driver:: ajwzwgrb khfcyxv Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7111AEF-7F4B-42DA-80AD-9AD4BB969D8A}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c700f645-611c-4f5e-9489-c5ef81a78318}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "4ce9994c"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajwzwgrb] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcyxv] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop. Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run". Please go to Virus Total and upload the following file for analysis: C:\WINDOWS\system32\53341Rapid.Hacker.exe C:\WINDOWS\system32\kssolc.exe Post the results in your reply. Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Download ATF Cleaner from this link: ATF Cleaner Run ATF-Cleaner Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button Run an online scan with Kaspersky from the following link: Kaspersky Online Scanner Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component Click Yes, when prompted to install its ActiveX component. (Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.) The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Base Click OK and, under select a target to scan, select My Computer When the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As (above - red blinking arrow) Next, in the Save as prompt, Save in area, select: Desktop In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply. Post a new Combofix log.

Dear Sir, Thaks for your quick reply Please note that I COULD NOT FIND SYSTERM32 IN MY WINDOWS (but if i go in dos, it is there) like C:/windows/system32 but seen when try to upload) I Did the ARF cleaning Pls find the new combofix log ComboFix 08-02.05.3 - VIP 2008-02-10 16:46:43.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.118 [GMT 3:00] Running from: C:\Documents and Settings\VIP\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))) . 2008-02-10 14:36 . 2004-08-04 01:56 388,608 --a------ C:\kmd.exe 2008-02-09 17:41 . 2008-02-09 17:41 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-02-07 23:42 . 2008-02-07 23:42 154,511 --a------ C:\[u]0[/u]130007WELLFIT AUTO CARE (WHOLESALE).fbk 2008-02-07 21:47 . 2008-02-07 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-02-07 21:42 . 2008-02-07 21:42 <DIR> d-------- C:\Program Files\IVT Corporation 2008-02-04 18:03 . 2008-02-04 18:03 <DIR> d-------- C:\Program Files\FDRLab 2008-02-04 14:45 . 2008-02-04 14:51 13,824 ---hs---- C:\WINDOWS\system32\53341Rapid.Hacker.exe 2008-02-04 14:42 . 2008-02-04 14:40 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-02-04 14:25 . 2008-02-04 14:51 872,448 ---hs---- C:\WINDOWS\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe 2008-02-02 21:27 . 2008-02-02 21:25 1,593,209 --a------ C:\ComboFix.exe 2008-02-02 18:08 . 2008-02-02 18:09 <DIR> d-------- C:\WINDOWS\ERUNT 2008-02-02 16:40 . 2008-02-02 21:08 <DIR> d-------- C:\SDFix 2008-01-30 14:42 . 2008-02-03 21:12 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe 2008-01-30 14:03 . 2006-10-20 15:21 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2008-01-28 14:31 . 2008-01-28 14:31 24 --a------ C:\WINDOWS\cdplayer.ini 2008-01-27 18:11 . 2008-01-27 21:38 <DIR> d-------- C:\Program Files\Panda Security 2008-01-26 22:51 . 2008-01-26 22:51 <DIR> d-------- C:\Documents and Settings\VIP\Application Data\FaxCtr 2008-01-26 22:36 . 2008-01-26 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr 2008-01-26 22:36 . 2006-04-28 12:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL 2008-01-26 22:36 . 2006-04-28 12:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL 2008-01-26 22:36 . 2006-04-28 12:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL 2008-01-26 22:36 . 2006-04-28 12:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL 2008-01-26 22:36 . 2006-04-28 12:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL 2008-01-26 22:36 . 2006-11-22 16:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL 2008-01-26 22:36 . 2006-11-22 16:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL 2008-01-26 22:36 . 2006-11-22 17:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL 2008-01-26 22:35 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions 2008-01-26 22:34 . 2008-01-26 22:35 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-01-26 22:32 . 2007-01-22 16:49 344,064 --a------ C:\WINDOWS\system32\lxczcoin.dll 2008-01-26 22:32 . 2006-03-27 19:19 40,960 --a------ C:\WINDOWS\system32\lxczvs.dll 2008-01-26 22:32 . 2008-02-02 11:46 274 --a------ C:\WINDOWS\Lexstat.ini 2008-01-26 22:31 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\Lexmark 1200 Series 2008-01-26 22:30 . 2007-02-09 01:44 1,851 --a------ C:\WINDOWS\system32\lxcz.loc 2008-01-26 21:41 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2008-01-26 21:41 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-01-26 21:41 . 2007-01-23 06:30 73,728 -ra------ C:\WINDOWS\system32\lxczcfg.dll 2008-01-26 21:41 . 2007-02-08 01:58 39,899 -ra------ C:\WINDOWS\system32\rtsicis.ini 2008-01-23 12:31 . 2008-01-23 12:31 <DIR> d-------- C:\Program Files\JustVoip.com 2008-01-23 12:27 . 2008-01-23 12:27 <DIR> d-------- C:\Program Files\Intuwave Ltd 2008-01-23 12:23 . 2007-12-11 14:04 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll 2008-01-21 22:51 . 2008-01-21 22:51 125,509 --a------ C:\[u]0[/u]130011WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-21 22:51 . 2008-01-31 23:03 65,866 --a------ C:\[u]0[/u]330011WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-21 12:32 . 2008-02-09 17:25 <DIR> d-------- C:\VundoFix Backups 2008-01-20 12:36 . 2008-01-20 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm 2008-01-20 12:35 . 2008-01-20 12:35 <DIR> d-------- C:\Program Files\Siber Systems 2008-01-19 23:10 . 2008-02-09 23:40 154,721 --a------ C:\[u]0[/u]130009WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-17 16:55 . 2008-02-10 16:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-17 16:54 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-01-17 16:54 . 2008-01-17 16:54 <DIR> d-------- C:\Documents and Settings\VIP\Application Data\PC Tools 2008-01-17 16:54 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-17 16:54 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-01-17 16:54 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-01-17 16:54 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-01-17 11:44 . 2008-01-19 17:22 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-01-16 19:08 . 2008-02-06 23:24 154,047 --a------ C:\[u]0[/u]130006WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-16 14:29 . 2008-01-16 14:29 118 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-16 11:27 . 2008-01-19 21:41 <DIR> d-------- C:\Program Files\Mightyfax 2008-01-16 11:27 . 2005-05-13 09:21 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL 2008-01-16 11:27 . 2001-07-16 02:06 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL 2008-01-16 11:27 . 2008-02-07 12:43 92 --a------ C:\WINDOWS\mfpd.ini 2008-01-16 11:20 . 2008-01-16 12:26 227 --a------ C:\WINDOWS\wininit.ini 2008-01-16 10:35 . 2008-01-16 11:24 <DIR> d-------- C:\Program Files\RegCure 2008-01-15 22:05 . 2008-01-15 22:05 59,312 --a------ C:\[u]0[/u]330005WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-14 23:12 . 2008-01-24 23:33 139,894 --a------ C:\[u]0[/u]130004WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-14 23:12 . 2008-02-04 23:38 68,124 --a------ C:\[u]0[/u]330004WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-13 22:18 . 2008-01-13 22:18 <DIR> d-------- C:\WINDOWS\Applian FLV Player 2008-01-13 22:18 . 2008-01-13 22:18 <DIR> d-------- C:\Program Files\FLV Player 2008-01-12 23:30 . 2008-01-22 22:57 131,918 --a------ C:\[u]0[/u]130002WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-12 18:27 . 2008-01-21 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-01-12 18:08 . 2008-01-12 18:08 <DIR> d-------- C:\Program Files\Radio Dum Dum 2008-01-12 11:20 . 2008-01-12 11:20 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-12 11:20 . 2008-01-17 13:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-12 10:59 . 2008-01-12 18:08 <DIR> d-------- C:\Program Files\Registry Clean Pro 2008-01-10 13:42 . 2008-01-30 18:13 65,012 --a------ C:\[u]0[/u]330000WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-10 00:00 . 2008-01-30 18:13 153,404 --a------ C:\[u]0[/u]130000WELLFIT AUTO CARE (WHOLESALE).fbk . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 12:17 --------- d-----w C:\Program Files\Quran_AR 2008-02-10 12:17 --------- d-----w C:\Program Files\Nexus Radio 2008-02-10 12:17 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2008-02-10 12:17 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-02-07 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-07 11:56 --------- d-----w C:\Program Files\MSN Messenger 2008-02-06 13:28 --------- d-----w C:\Documents and Settings\VIP\Application Data\LimeWire 2008-02-06 11:14 --------- d-----w C:\Program Files\LimeWire 2008-02-03 18:12 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe 2008-01-30 12:02 --------- d-----w C:\Program Files\Webroot 2008-01-30 12:02 --------- d-----w C:\Documents and Settings\VIP\Application Data\Webroot 2008-01-30 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot 2008-01-28 12:02 --------- d-----w C:\Documents and Settings\VIP\Application Data\Launchy 2008-01-23 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-19 14:42 --------- d-----w C:\Program Files\HTTP-Tunnel 2008-01-19 13:40 --------- d-----w C:\Program Files\Java 2008-01-19 12:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-01-12 15:08 --------- d-----w C:\Program Files\Nexus_Radio 2008-01-10 14:21 --------- d-----w C:\Documents and Settings\VIP\Application Data\FrostWire 2008-01-05 09:27 --------- d-----w C:\Documents and Settings\VIP\Application Data\JustVoip 2007-12-12 15:12 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-12-11 10:57 --------- d-----w C:\Program Files\Morpheus 2007-12-10 08:37 --------- d-----w C:\Program Files\RKS Fax 2007-06-13 10:23 843,776 --sh--r C:\WINDOWS\system32\kssolc.exe . [code] ----a-w 4,670,968 2008-01-28 11:40:42 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe [/code] ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}] 2007-12-11 20:19 1502232 --a------ C:\Program Files\Nexus_Radio\tbNex1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BA52B914-B692-46C4-B683-905236F6F655} {E0E899AB-F487-11D5-8D29-0050BA6940E3} {2462D2D8-B36E-44AB-84BF-C5A9383D2429} [HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2462D2D8-B36E-44AB-84BF-C5A9383D2429}"= C:\Program Files\Nexus_Radio\tbNex1.dll [2007-12-11 20:19 1502232] [HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 17:44 180269] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk] backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk] backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk] backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler.exe] backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-28 14:40 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-04 04:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] --a------ 2008-01-28 14:40 295856 C:\Program Files\Lexmark Fax Solutions\fm3032.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] --a------ 2008-01-28 14:40 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2008-01-28 14:40 1450096 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2008-01-28 14:40 600896 C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] --a------ 2008-01-28 14:40 576320 C:\Program Files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip] C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\awvvt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe] --a------ 2008-01-28 18:03 74672 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -ra------ 2005-09-22 23:36 14854144 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-01-28 14:40 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-02-09 17:44 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray] --a------ 2008-01-28 14:40 106496 C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer] --a------ 2008-02-06 23:11 1206600 C:\Program Files\Webroot\Washer\wwDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2008-01-28 14:40 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wscsvc"=2 (0x2) R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 01:50] R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-10-03 09:33] S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32] S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 18:27] S3 GNDHVF;Genius VideoCAM Smart300 V2;C:\WINDOWS\system32\DRIVERS\gndhvf.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4A6147C6-1320-9C42-021B-C3ABFAE0E786}] C:\WINDOWS\system32\update.exe . Contents of the 'Scheduled Tasks' folder "2008-02-10 13:40:09 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-01-24 10:16:19 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-10 16:49:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-10 16:49:47 ComboFix-quarantined-files.txt 2008-02-10 13:49:43 ComboFix2.txt 2008-02-10 13:44:46 ComboFix3.txt 2008-02-09 15:10:46 . 2008-01-19 11:27:52 --- E O F --- =================================== Pls find Kaspersky log --------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, February 10, 2008 7:10:18 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 10/02/2008 Kaspersky Anti-Virus database records: 555987 --------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 46599 Number of viruses found: 21 Number of infected objects: 218 Number of suspicious objects: 4 Duration of the scan process: 00:44:54 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger15.zip/ctfmon.exe Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.283 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger15.zip ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger2.zip/ctfs.dll Infected: not-a-virus:Monitor.Win32.GoldenKeylogger.130 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger2.zip ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger3.zip/ctfmon.dll Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger3.zip ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip/awvvt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde16.zip/awvvt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde16.zip ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip/txpdjgmr.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc1.zip/ewlrlpda.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc1.zip ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip ZIP: infected - 6 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip/windows Infected: Trojan.Win32.Zapchast.dt skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip ZIP: infected - 1 skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Asset.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Asset.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Asset.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetExif.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetExif.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetExif.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetMedia.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetMedia.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetMedia.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetType.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetType.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupRoot.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupRoot.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupRoot.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupUnit.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupUnit.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupUnit.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Category.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Category.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\CategoryRoot.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\CategoryRoot.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Config.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Config.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifGPS.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifGPS.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifGPS.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifImage.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifImage.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifImage.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetDefn.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetDefn.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetField.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetField.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetTable.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetTable.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FileType.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FileType.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Folder.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Folder.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FolderRoot.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FolderRoot.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinAssetTypeFileType.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinAssetTypeFileType.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinBackupAsset.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinBackupAsset.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinBackupAsset.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinCategoryAsset.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinCategoryAsset.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinFieldDefn.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinFieldDefn.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinFieldSetFileType.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinFieldSetFileType.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinSyncDeviceAsset.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinSyncDeviceAsset.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinSyncDeviceAsset.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupList.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupList.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupListItem.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupListItem.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupValueItem.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupValueItem.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCanon.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCanon.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCanon.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCasio.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCasio.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCasio.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerFuji.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerFuji.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerFuji.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerNikon.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerNikon.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerNikon.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerOlympus.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerOlympus.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerOlympus.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ShareDefinition.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ShareDefinition.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\SyncDevice.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\SyncDevice.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\SyncDevice.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb1.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb1.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb1.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb2.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb2.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb2.fpt Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ThumbDefn.cdx Object is locked skipped C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ThumbDefn.dbf Object is locked skipped C:\Documents and Settings\VIP\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped C:\Documents and Settings\VIP\Application Data\Opera\Opera\mail\indexer\indexer_64.dat Object is locked skipped C:\Documents and Settings\VIP\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped C:\Documents and Settings\VIP\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped C:\Documents and Settings\VIP\Cookies\index.dat Object is locked skipped C:\Documents and Settings\VIP\Desktop\Riyad-Stock-020208.xls Object is locked skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Agent.htu skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe/data.rar Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Agent.htu skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe/data.rar Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar Infected: Virus.Win32.Virut.av skipped C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar RAR: infected - 19 skipped C:\Documents and Settings\VIP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\VIP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\VIP\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\VIP\Local Settings\History\History.IE5\MSHist012008021020080211\index.dat Object is locked skipped C:\Documents and Settings\VIP\Local Settings\Temp\~DF12D8.tmp Object is locked skipped C:\Documents and Settings\VIP\Local Settings\Temp\~DF30A5.tmp Object is locked skipped C:\Documents and Settings\VIP\Local Settings\Temp\~DF4ADE.tmp Object is locked skipped C:\Documents and Settings\VIP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\VIP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\VIP\My Documents\Morpheus Shared\Downloads\New Folder\Morpheus full version +Crack _ serial.zip/Morpheus.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\VIP\My Documents\Morpheus Shared\Downloads\New Folder\Morpheus full version +Crack _ serial.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\VIP\My Documents\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped C:\Documents and Settings\VIP\My Documents\New Folder\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped C:\Documents and Settings\VIP\My Documents\New Folder\trace.zip/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped C:\Documents and Settings\VIP\My Documents\New Folder\trace.zip ZIP: infected - 1 skipped C:\Documents and Settings\VIP\My Documents\phone (version 1).xls Object is locked skipped C:\Documents and Settings\VIP\My Documents\phone.xls Object is locked skipped C:\Documents and Settings\VIP\ntuser.dat Object is locked skipped C:\Documents and Settings\VIP\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\VIP\Shared\Crack.exe Infected: Trojan.Win32.Agent.cmn skipped C:\Documents and Settings\VIP\Shared\New Folder\Crack.exe Infected: Trojan.Win32.Agent.cmn skipped C:\Documents and Settings\VIP\Shared\New Folder\WinFax Pro 10 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped C:\Documents and Settings\VIP\Shared\New Folder\WinFax Pro 10 Crack.zip ZIP: infected - 1 skipped C:\Documents and Settings\VIP\Shared\WinFax Pro 10 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped C:\Documents and Settings\VIP\Shared\WinFax Pro 10 Keygen.zip ZIP: infected - 1 skipped C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Ahead\InCD\InCD.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Free Download Manager\FUM\fumoei.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Java\jre1.6.0_02\bin\jusched.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Lexmark 1200 Series\lxczbmgr.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Lexmark Fax Solutions\fm3032.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Microsoft IntelliPoint\ipoint.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Microsoft IntelliType Pro\itype.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Webroot\Washer\wwDisp.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\awvvt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\awvvt.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\eulucumj.dll.vir.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\MRT.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCX10.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCX11.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCX12.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCX13.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCX15.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCX16.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCX259C.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCX35.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCX67.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCX85.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCXA.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCXB.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCXC.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCXD.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCXE.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\RCXF.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rxiqmhyx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\update.exe.vir Infected: Backdoor.Win32.PoisonIvy.ay skipped C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped C:\RapidshareDown\USDownloader\printip.exe Infected: Trojan-Downloader.Win32.Small.fuk skipped C:\RapidshareDown.rar.exe/data.rar/RapidshareDown/USDownloader/printip.exe Infected: Trojan-Downloader.Win32.Small.fuk skipped C:\RapidshareDown.rar.exe/data.rar Infected: Trojan-Downloader.Win32.Small.fuk skipped C:\RapidshareDown.rar.exe RarSFX: infected - 2 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{A924B86B-0510-4BEF-84A3-3E2AB7C4A71F}\RP759\change.log Object is locked skipped C:\VundoFix Backups\ajwzwgrb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\arjmsewt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\awgvcgxr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\awvvt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\awvvt.exe.bad Infected: Virus.Win32.Trats.d skipped C:\VundoFix Backups\ayvcnqnl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\bkybmeix.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\cfebjqdh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\ckptuuqc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\clbhstju.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\cudqrrdr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\ddgcbicn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\dllyhqit.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\ewkwjari.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\fejemoet.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\fpjllgyu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\gwdyvrln.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\hoiptcdp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\VundoFix Backups\hvjlftkw.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped C:\VundoFix Backups\hwjdyiyo.dll.bad Infected: not-a-virus:AdWare.Win32.Vir

Open Notepad and copy/paste everything between the X"s into it and make sure "RenV::" is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RenV:: ----a-w 4,670,968 2008-01-28 11:40:42 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe File:: C:\WINDOWS\system32\awvvt.exe Folder:: C:\VundoFix Backups C:\Qoobox Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop. Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run". Post a new Combofix log. Is this "70554Rapid Hacker v3.0 Final" something you downloaded?

Dear sir thank you again Yes, the rapid hacker is downloaded and i dont want that, please tell me how to delete completely (i can delete by searching, but i think it will not delete it completly) pls find combo fix log ========================== ComboFix 08-02.05.3 - VIP 2008-02-11 15:17:01.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.142 [GMT 3:00] Running from: C:\Documents and Settings\VIP\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\VIP\Desktop\CFscript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE C:\WINDOWS\system32\awvvt.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Qoobox C:\Qoobox\BackEnv\appdata.folder.dat C:\Qoobox\BackEnv\cache.folder.dat C:\Qoobox\BackEnv\desktop.folder.dat C:\Qoobox\BackEnv\favorites.folder.dat C:\Qoobox\BackEnv\local appdata.folder.dat C:\Qoobox\BackEnv\local settings.folder.dat C:\Qoobox\BackEnv\my pictures.folder.dat C:\Qoobox\BackEnv\personal.folder.dat C:\Qoobox\BackEnv\profiles.folder.dat C:\Qoobox\BackEnv\programs.folder.dat C:\Qoobox\BackEnv\setpath.bat C:\Qoobox\BackEnv\setpath.dat C:\Qoobox\BackEnv\start menu.folder.dat C:\Qoobox\BackEnv\startup.folder.dat C:\Qoobox\BackEnv\templates.folder.dat C:\Qoobox\CFScript_used_2008-02-10@15.17.txt C:\Qoobox\CFScript_used_2008-02-11@15.16.txt C:\Qoobox\ComboFix-quarantined-files.txt C:\Qoobox\ComboFix2.txt C:\Qoobox\ComboFix3.txt C:\Qoobox\ComboFix4.txt C:\Qoobox\snapshot@2008-02-09_18.09.33.60.dat C:\Qoobox\snapshot@2008-02-09_18.09.33.60_B.dat C:\VundoFix Backups C:\VundoFix Backups\addmorefiles.txt C:\VundoFix Backups\ajwzwgrb.dll.bad C:\VundoFix Backups\ajwzwgrb.dllbox.bad C:\VundoFix Backups\arjmsewt.dll.bad C:\VundoFix Backups\awgvcgxr.dll.bad C:\VundoFix Backups\awvvt.dll.bad C:\VundoFix Backups\awvvt.exe.bad C:\VundoFix Backups\ayvcnqnl.dll.bad C:\VundoFix Backups\bkybmeix.dll.bad C:\VundoFix Backups\cfebjqdh.dll.bad C:\VundoFix Backups\cfesjbev.dllbox.bad C:\VundoFix Backups\ckptuuqc.dll.bad C:\VundoFix Backups\ckptuuqc.dllbox.bad C:\VundoFix Backups\clbhstju.dll.bad C:\VundoFix Backups\cudqrrdr.dll.bad C:\VundoFix Backups\ddgcbicn.dll.bad C:\VundoFix Backups\dllyhqit.dll.bad C:\VundoFix Backups\dllyhqit.dllbox.bad C:\VundoFix Backups\dlqiuzvw.dllbox.bad C:\VundoFix Backups\dztjnznm.dllbox.bad C:\VundoFix Backups\epvpewat.ini.bad C:\VundoFix Backups\eulucumj.dllbox.bad C:\VundoFix Backups\ewkwjari.dll.bad C:\VundoFix Backups\feezkutr.dllbox.bad C:\VundoFix Backups\fejemoet.dll.bad C:\VundoFix Backups\fpjllgyu.dll.bad C:\VundoFix Backups\fxphaeze.dllbox.bad C:\VundoFix Backups\gwdyvrln.dll.bad C:\VundoFix Backups\hoiptcdp.dll.bad C:\VundoFix Backups\hvjlftkw.dll.bad C:\VundoFix Backups\hwjdyiyo.dll.bad C:\VundoFix Backups\iarckhww.dll.bad C:\VundoFix Backups\ibgvfadn.dll.bad C:\VundoFix Backups\ifezzlsz.dll.bad C:\VundoFix Backups\ifezzlsz.dllbox.bad C:\VundoFix Backups\iqenmubl.dll.bad C:\VundoFix Backups\jvgjiydt.dll.bad C:\VundoFix Backups\kevoungq.ini.bad C:\VundoFix Backups\kiyckepr.dll.bad C:\VundoFix Backups\kjgtkxhl.dll.bad C:\VundoFix Backups\lbumneqi.ini.bad C:\VundoFix Backups\ldktorod.dll.bad C:\VundoFix Backups\lgneyuog.dll.bad C:\VundoFix Backups\mromlhxt.dllbox.bad C:\VundoFix Backups\MSConfig .exe.bad C:\VundoFix Backups\MSConfig.exe.bad C:\VundoFix Backups\NeroCheck.exe.bad C:\VundoFix Backups\nlrvydwg.ini.bad C:\VundoFix Backups\nozjfvxr.dll.bad C:\VundoFix Backups\nozjfvxr.dllbox.bad C:\VundoFix Backups\ovxsbbnv.dll.bad C:\VundoFix Backups\oyiydjwh.ini.bad C:\VundoFix Backups\oyucmrap.dllbox.bad C:\VundoFix Backups\pcjfncja.dll.bad C:\VundoFix Backups\peypwmnr.dll.bad C:\VundoFix Backups\plmtouug.dll.bad C:\VundoFix Backups\ppdbyuwj.dllbox.bad C:\VundoFix Backups\purterjd.dll.bad C:\VundoFix Backups\pvjcjfdf.dll.bad C:\VundoFix Backups\pvjcjfdf.dllbox.bad C:\VundoFix Backups\pxphlycu.dllbox.bad C:\VundoFix Backups\pznpqums.dll.bad C:\VundoFix Backups\pznpqums.dllbox.bad C:\VundoFix Backups\qgnuovek.dll.bad C:\VundoFix Backups\qpqcptmj.dll.bad C:\VundoFix Backups\qpqcptmj.dllbox.bad C:\VundoFix Backups\sibjuqae.dll.bad C:\VundoFix Backups\spcewnou.dll.bad C:\VundoFix Backups\sriolhsa.dll.bad C:\VundoFix Backups\tawepvpe.dll.bad C:\VundoFix Backups\tkmftliy.dll.bad C:\VundoFix Backups\tvvwa.ini.bad C:\VundoFix Backups\tvvwa.ini2.bad C:\VundoFix Backups\ugqmprir.dll.bad C:\VundoFix Backups\ugqnjwwa.dll.bad C:\VundoFix Backups\uyglljpf.ini.bad C:\VundoFix Backups\uyxahalp.dll.bad C:\VundoFix Backups\vqrfpouk.dll.bad C:\VundoFix Backups\wrdweksl.dll.bad C:\VundoFix Backups\xcaaorkc.dll.bad C:\VundoFix Backups\xcaaorkc.dllbox.bad C:\VundoFix Backups\xlomebrv.exe.bad C:\VundoFix Backups\xmcxefeg.dll.bad C:\VundoFix Backups\zoaclpmx.dllbox.bad C:\VundoFix Backups\zqzzvjpt.dll.bad C:\VundoFix Backups\zqzzvjpt.dllbox.bad C:\WINDOWS\system32\systocz.dll . ((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))) . 2008-02-10 17:03 . 2008-02-10 17:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-10 17:03 . 2008-02-10 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-02-10 16:45 . 2004-08-04 01:56 388,608 --a------ C:\kmd.exe 2008-02-09 17:41 . 2008-02-09 17:41 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-02-07 23:42 . 2008-02-07 23:42 154,511 --a------ C:\[u]0[/u]130007WELLFIT AUTO CARE (WHOLESALE).fbk 2008-02-07 21:47 . 2008-02-07 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-02-07 21:42 . 2008-02-07 21:42 <DIR> d-------- C:\Program Files\IVT Corporation 2008-02-04 18:03 . 2008-02-04 18:03 <DIR> d-------- C:\Program Files\FDRLab 2008-02-04 14:45 . 2008-02-04 14:51 13,824 ---hs---- C:\WINDOWS\system32\53341Rapid.Hacker.exe 2008-02-04 14:42 . 2008-02-04 14:40 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-02-04 14:25 . 2008-02-04 14:51 872,448 ---hs---- C:\WINDOWS\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe 2008-02-02 21:27 . 2008-02-02 21:25 1,593,209 --a------ C:\ComboFix.exe 2008-02-02 18:08 . 2008-02-02 18:09 <DIR> d-------- C:\WINDOWS\ERUNT 2008-02-02 16:40 . 2008-02-02 21:08 <DIR> d-------- C:\SDFix 2008-01-30 14:42 . 2008-02-03 21:12 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe 2008-01-30 14:03 . 2006-10-20 15:21 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2008-01-28 14:31 . 2008-01-28 14:31 24 --a------ C:\WINDOWS\cdplayer.ini 2008-01-27 18:11 . 2008-01-27 21:38 <DIR> d-------- C:\Program Files\Panda Security 2008-01-26 22:51 . 2008-01-26 22:51 <DIR> d-------- C:\Documents and Settings\VIP\Application Data\FaxCtr 2008-01-26 22:36 . 2008-01-26 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr 2008-01-26 22:36 . 2006-04-28 12:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL 2008-01-26 22:36 . 2006-04-28 12:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL 2008-01-26 22:36 . 2006-04-28 12:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL 2008-01-26 22:36 . 2006-04-28 12:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL 2008-01-26 22:36 . 2006-04-28 12:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL 2008-01-26 22:36 . 2006-11-22 16:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL 2008-01-26 22:36 . 2006-11-22 16:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL 2008-01-26 22:36 . 2006-11-22 17:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL 2008-01-26 22:35 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions 2008-01-26 22:34 . 2008-01-26 22:35 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-01-26 22:32 . 2007-01-22 16:49 344,064 --a------ C:\WINDOWS\system32\lxczcoin.dll 2008-01-26 22:32 . 2006-03-27 19:19 40,960 --a------ C:\WINDOWS\system32\lxczvs.dll 2008-01-26 22:32 . 2008-02-10 18:16 278 --a------ C:\WINDOWS\Lexstat.ini 2008-01-26 22:31 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\Lexmark 1200 Series 2008-01-26 22:30 . 2007-02-09 01:44 1,851 --a------ C:\WINDOWS\system32\lxcz.loc 2008-01-26 21:41 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2008-01-26 21:41 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-01-26 21:41 . 2007-01-23 06:30 73,728 -ra------ C:\WINDOWS\system32\lxczcfg.dll 2008-01-26 21:41 . 2007-02-08 01:58 39,899 -ra------ C:\WINDOWS\system32\rtsicis.ini 2008-01-23 12:31 . 2008-01-23 12:31 <DIR> d-------- C:\Program Files\JustVoip.com 2008-01-23 12:27 . 2008-01-23 12:27 <DIR> d-------- C:\Program Files\Intuwave Ltd 2008-01-23 12:23 . 2007-12-11 14:04 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll 2008-01-21 22:51 . 2008-01-21 22:51 125,509 --a------ C:\[u]0[/u]130011WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-21 22:51 . 2008-01-31 23:03 65,866 --a------ C:\[u]0[/u]330011WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-20 12:36 . 2008-01-20 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm 2008-01-20 12:35 . 2008-01-20 12:35 <DIR> d-------- C:\Program Files\Siber Systems 2008-01-19 23:10 . 2008-02-09 23:40 154,721 --a------ C:\[u]0[/u]130009WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-17 16:55 . 2008-02-10 16:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-17 16:54 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-01-17 16:54 . 2008-01-17 16:54 <DIR> d-------- C:\Documents and Settings\VIP\Application Data\PC Tools 2008-01-17 16:54 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-17 16:54 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-01-17 16:54 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-01-17 16:54 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-01-17 11:44 . 2008-01-19 17:22 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-01-16 19:08 . 2008-02-06 23:24 154,047 --a------ C:\[u]0[/u]130006WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-16 14:29 . 2008-01-16 14:29 118 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-16 11:27 . 2008-01-19 21:41 <DIR> d-------- C:\Program Files\Mightyfax 2008-01-16 11:27 . 2005-05-13 09:21 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL 2008-01-16 11:27 . 2001-07-16 02:06 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL 2008-01-16 11:27 . 2008-02-07 12:43 92 --a------ C:\WINDOWS\mfpd.ini 2008-01-16 11:20 . 2008-01-16 12:26 227 --a------ C:\WINDOWS\wininit.ini 2008-01-16 10:35 . 2008-01-16 11:24 <DIR> d-------- C:\Program Files\RegCure 2008-01-15 22:05 . 2008-01-15 22:05 59,312 --a------ C:\[u]0[/u]330005WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-14 23:12 . 2008-01-24 23:33 139,894 --a------ C:\[u]0[/u]130004WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-14 23:12 . 2008-02-04 23:38 68,124 --a------ C:\[u]0[/u]330004WELLFIT AUTO CARE CENTER - JEDDAH.fbk 2008-01-13 22:18 . 2008-01-13 22:18 <DIR> d-------- C:\WINDOWS\Applian FLV Player 2008-01-13 22:18 . 2008-01-13 22:18 <DIR> d-------- C:\Program Files\FLV Player 2008-01-12 23:30 . 2008-01-22 22:57 131,918 --a------ C:\[u]0[/u]130002WELLFIT AUTO CARE (WHOLESALE).fbk 2008-01-12 18:27 . 2008-01-21 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-01-12 18:08 . 2008-01-12 18:08 <DIR> d-------- C:\Program Files\Radio Dum Dum 2008-01-12 11:20 . 2008-01-12 11:20 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-12 11:20 . 2008-01-17 13:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-12 10:59 . 2008-01-12 18:08 <DIR> d-------- C:\Program Files\Registry Clean Pro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 12:17 --------- d-----w C:\Program Files\Quran_AR 2008-02-10 12:17 --------- d-----w C:\Program Files\Nexus Radio 2008-02-10 12:17 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2008-02-10 12:17 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-02-07 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-07 11:56 --------- d-----w C:\Program Files\MSN Messenger 2008-02-06 13:28 --------- d-----w C:\Documents and Settings\VIP\Application Data\LimeWire 2008-02-06 11:14 --------- d-----w C:\Program Files\LimeWire 2008-02-03 18:12 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe 2008-01-30 12:02 --------- d-----w C:\Program Files\Webroot 2008-01-30 12:02 --------- d-----w C:\Documents and Settings\VIP\Application Data\Webroot 2008-01-30 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot 2008-01-28 12:02 --------- d-----w C:\Documents and Settings\VIP\Application Data\Launchy 2008-01-23 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-19 14:42 --------- d-----w C:\Program Files\HTTP-Tunnel 2008-01-19 13:40 --------- d-----w C:\Program Files\Java 2008-01-19 12:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-01-12 15:08 --------- d-----w C:\Program Files\Nexus_Radio 2008-01-10 14:21 --------- d-----w C:\Documents and Settings\VIP\Application Data\FrostWire 2008-01-05 09:27 --------- d-----w C:\Documents and Settings\VIP\Application Data\JustVoip 2007-12-12 15:12 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-12-11 10:57 --------- d-----w C:\Program Files\Morpheus 2007-06-13 10:23 843,776 --sh--r C:\WINDOWS\system32\kssolc.exe . [code] ----a-w 4,670,968 2008-01-28 11:40:42 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe [/code] ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}] 2007-12-11 20:19 1502232 --a------ C:\Program Files\Nexus_Radio\tbNex1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BA52B914-B692-46C4-B683-905236F6F655} {E0E899AB-F487-11D5-8D29-0050BA6940E3} {2462D2D8-B36E-44AB-84BF-C5A9383D2429} [HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2462D2D8-B36E-44AB-84BF-C5A9383D2429}"= C:\Program Files\Nexus_Radio\tbNex1.dll [2007-12-11 20:19 1502232] [HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 17:44 180269] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk] backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk] backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk] backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe] backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler.exe] backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-28 14:40 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-04 04:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] --a------ 2008-01-28 14:40 295856 C:\Program Files\Lexmark Fax Solutions\fm3032.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] --a------ 2008-01-28 14:40 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2008-01-28 14:40 1450096 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2008-01-28 14:40 600896 C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] --a------ 2008-01-28 14:40 576320 C:\Program Files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip] C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe] --a------ 2008-01-28 18:03 74672 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -ra------ 2005-09-22 23:36 14854144 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-01-28 14:40 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-02-09 17:44 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray] --a------ 2008-01-28 14:40 106496 C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer] --a------ 2008-02-06 23:11 1206600 C:\Program Files\Webroot\Washer\wwDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2008-01-28 14:40 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wscsvc"=2 (0x2) R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 01:50] R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-10-03 09:33] S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32] S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 18:27] S3 GNDHVF;Genius VideoCAM Smart300 V2;C:\WINDOWS\system32\DRIVERS\gndhvf.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4A6147C6-1320-9C42-021B-C3ABFAE0E786}] C:\WINDOWS\system32\update.exe . Contents of the 'Scheduled Tasks' folder "2008-02-11 10:24:13 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-01-24 10:16:19 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-11 15:19:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-11 15:19:44 . 2008-01-19 11:27:52 --- E O F --- ========================== thanks again