Computing.Net > Forums > Security and Virus > Problem from Trojon Virtumonde etc

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Problem from Trojon Virtumonde etc

Reply to Message Icon
Original Message
Name: abham
Date: February 7, 2008 at 03:34:45 Pacific
Subject: Problem from Trojon Virtumonde etc
OS: XP
CPU/Ram: 512
Comment:

Dear Friends. Since many days my pc not working properly, either virus or spyware?? i ran spyware doctor many times always its find some trojon virtumonde and cleaning it and again if i scan it finds it again. i ran vundofix. it too always finds some errors and cleans it (like awvvt.exe etc)but if i scan again it finds agan. also i noticed in my desktop two icons which leads to storageprotector.com. one more thing i noticed that in C drive i can a thousands of pos files also i get freequent fake error messages. Please guide me. Thaks in advance


Report Offensive Message For Removal


Response Number 1
Name: jabuck
Date: February 7, 2008 at 14:03:10 Pacific
Reply: (edit)

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Run Vundofix again.

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.


Report Offensive Follow Up For Removal

Response Number 2
Name: abham
Date: February 9, 2008 at 07:16:39 Pacific
Reply: (edit)

Thaks a lot for help
Please find the following logs
Logs from Hijak this:-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:35, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\VIP\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.62.97.21:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.2;<local>
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvt.exe
O1 - Hosts: 62.189.6.83 _sip._tls.ijkl.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._ssl.ijkl.winnerip.com
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Nexus Radio Toolbar - {2462d2d8-b36e-44ab-84bf-c5a9383d2429} - C:\Program Files\Nexus_Radio\tbNex1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [4ce9994c] rundll32.exe "C:\WINDOWS\system32\tawepvpe.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZBxdm210YYSA
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://sifyimg.speedera.net/sify.co...
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/2517...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/asc...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoin...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6613 bytes
========================================
and logs from Combofix is:-

ComboFix 08-02.05.3 - VIP 2008-02-09 17:57:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.149 [GMT 3:00]
Running from: C:\Documents and Settings\VIP\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark Fax Solutions\fm3032.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\ashloirs.ini
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\awvvt.exe
C:\WINDOWS\system32\awwjnqgu.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\cyratuad.ini
C:\WINDOWS\system32\eagfddmy.ini
C:\WINDOWS\system32\eigkjpvy.ini
C:\WINDOWS\system32\hxqaneys.ini
C:\WINDOWS\system32\lvouulek.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlyrraqo.ini
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\system32\ojifjnxf.ini
C:\WINDOWS\system32\pajejklg.ini
C:\WINDOWS\system32\plahaxyu.ini
C:\WINDOWS\system32\pmdskdxl.ini
C:\WINDOWS\system32\qnnsxxcg.ini
C:\WINDOWS\system32\RCX10.tmp
C:\WINDOWS\system32\RCX11.tmp
C:\WINDOWS\system32\RCX12.tmp
C:\WINDOWS\system32\RCX13.tmp
C:\WINDOWS\system32\RCX15.tmp
C:\WINDOWS\system32\RCX16.tmp
C:\WINDOWS\system32\RCX35.tmp
C:\WINDOWS\system32\RCX67.tmp
C:\WINDOWS\system32\RCX85.tmp
C:\WINDOWS\system32\RCXA.tmp
C:\WINDOWS\system32\RCXB.tmp
C:\WINDOWS\system32\RCXC.tmp
C:\WINDOWS\system32\RCXD.tmp
C:\WINDOWS\system32\RCXE.tmp
C:\WINDOWS\system32\RCXF.tmp
C:\WINDOWS\system32\rirpmqgu.ini
C:\WINDOWS\system32\systocz.dll
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\update.exe
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\xplytvpj.ini
C:\WINDOWS\system32\xpnlloac.ini
C:\WINDOWS\system32\xyhmqixr.ini
C:\WINDOWS\system32\yqywywso.ini

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-09 17:41 . 2008-02-09 17:41 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-07 23:42 . 2008-02-07 23:42 154,511 --a------ C:\[u]0[/u]130007WELLFIT AUTO CARE (WHOLESALE).fbk
2008-02-07 21:47 . 2008-02-07 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-07 21:42 . 2008-02-07 21:42 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-05 22:35 . 2008-02-05 22:35 90,688 --a------ C:\WINDOWS\system32\rxiqmhyx.dll
2008-02-04 18:03 . 2008-02-04 18:03 <DIR> d-------- C:\Program Files\FDRLab
2008-02-04 14:45 . 2008-02-04 14:51 13,824 ---hs---- C:\WINDOWS\system32\53341Rapid.Hacker.exe
2008-02-04 14:42 . 2008-02-04 14:40 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-02-04 14:25 . 2008-02-04 14:51 872,448 ---hs---- C:\WINDOWS\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe
2008-02-02 21:43 . 2004-08-04 01:56 388,608 --a------ C:\kmd.exe
2008-02-02 21:27 . 2008-02-02 21:25 1,593,209 --a------ C:\ComboFix.exe
2008-02-02 18:08 . 2008-02-02 18:09 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-02 16:40 . 2008-02-02 21:08 <DIR> d-------- C:\SDFix
2008-01-30 14:03 . 2006-10-20 15:21 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-28 14:31 . 2008-01-28 14:31 24 --a------ C:\WINDOWS\cdplayer.ini
2008-01-27 18:11 . 2008-01-27 21:38 <DIR> d-------- C:\Program Files\Panda Security
2008-01-27 17:17 . 2008-01-27 17:17 163,904 --a------ C:\WINDOWS\system32\eulucumj.dll.vir
2008-01-26 22:51 . 2008-01-26 22:51 <DIR> d-------- C:\Documents and Settings\VIP\Application Data\FaxCtr
2008-01-26 22:36 . 2008-01-26 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-01-26 22:36 . 2006-04-28 12:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-26 22:36 . 2006-04-28 12:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-01-26 22:36 . 2006-04-28 12:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-26 22:36 . 2006-04-28 12:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-26 22:36 . 2006-04-28 12:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-01-26 22:36 . 2006-11-22 16:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-01-26 22:36 . 2006-11-22 16:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-26 22:36 . 2006-11-22 17:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-26 22:35 . 2008-02-09 18:03 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-01-26 22:34 . 2008-01-26 22:35 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-26 22:32 . 2007-01-22 16:49 344,064 --a------ C:\WINDOWS\system32\lxczcoin.dll
2008-01-26 22:32 . 2006-03-27 19:19 40,960 --a------ C:\WINDOWS\system32\lxczvs.dll
2008-01-26 22:32 . 2008-02-02 11:46 274 --a------ C:\WINDOWS\Lexstat.ini
2008-01-26 22:31 . 2008-02-09 18:03 <DIR> d-------- C:\Program Files\Lexmark 1200 Series
2008-01-26 22:30 . 2007-02-09 01:44 1,851 --a------ C:\WINDOWS\system32\lxcz.loc
2008-01-26 21:41 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-26 21:41 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-26 21:41 . 2007-01-23 06:30 73,728 -ra------ C:\WINDOWS\system32\lxczcfg.dll
2008-01-26 21:41 . 2007-02-08 01:58 39,899 -ra------ C:\WINDOWS\system32\rtsicis.ini
2008-01-23 12:31 . 2008-01-23 12:31 <DIR> d-------- C:\Program Files\JustVoip.com
2008-01-23 12:27 . 2008-01-23 12:27 <DIR> d-------- C:\Program Files\Intuwave Ltd
2008-01-23 12:23 . 2007-12-11 14:04 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-01-21 22:51 . 2008-01-21 22:51 125,509 --a------ C:\[u]0[/u]130011WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-21 22:51 . 2008-01-31 23:03 65,866 --a------ C:\[u]0[/u]330011WELLFIT AUTO CARE CENTER - JEDDAH.fbk
2008-01-21 12:32 . 2008-02-09 17:25 <DIR> d-------- C:\VundoFix Backups
2008-01-20 12:36 . 2008-01-20 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-01-20 12:35 . 2008-01-20 12:35 <DIR> d-------- C:\Program Files\Siber Systems
2008-01-19 23:10 . 2008-01-29 23:17 153,288 --a------ C:\[u]0[/u]130009WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-17 16:55 . 2008-02-09 18:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-17 16:54 . 2008-02-05 13:35 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-17 16:54 . 2008-01-17 16:54 <DIR> d-------- C:\Documents and Settings\VIP\Application Data\PC Tools
2008-01-17 16:54 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-17 16:54 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-17 16:54 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-17 16:54 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-17 11:44 . 2008-01-19 17:22 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-16 20:46 . 2008-01-16 20:46 342,528 --a------ C:\WINDOWS\system32\RCX259C.tmp
2008-01-16 19:08 . 2008-02-06 23:24 154,047 --a------ C:\[u]0[/u]130006WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-16 18:33 . 2008-01-16 18:33 17,642,616 --a------ C:\WINDOWS\system32\MRT .exe
2008-01-16 14:29 . 2008-01-16 14:29 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-16 11:27 . 2008-01-19 21:41 <DIR> d-------- C:\Program Files\Mightyfax
2008-01-16 11:27 . 2005-05-13 09:21 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL
2008-01-16 11:27 . 2001-07-16 02:06 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL
2008-01-16 11:27 . 2008-02-07 12:43 92 --a------ C:\WINDOWS\mfpd.ini
2008-01-16 11:20 . 2008-01-16 12:26 227 --a------ C:\WINDOWS\wininit.ini
2008-01-16 10:35 . 2008-01-16 11:24 <DIR> d-------- C:\Program Files\RegCure
2008-01-15 22:05 . 2008-01-15 22:05 59,312 --a------ C:\[u]0[/u]330005WELLFIT AUTO CARE CENTER - JEDDAH.fbk
2008-01-14 23:12 . 2008-01-24 23:33 139,894 --a------ C:\[u]0[/u]130004WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-14 23:12 . 2008-02-04 23:38 68,124 --a------ C:\[u]0[/u]330004WELLFIT AUTO CARE CENTER - JEDDAH.fbk
2008-01-13 22:18 . 2008-01-13 22:18 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-01-13 22:18 . 2008-01-13 22:18 <DIR> d-------- C:\Program Files\FLV Player
2008-01-13 09:22 . 2008-02-09 12:23 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-12 23:30 . 2008-01-22 22:57 131,918 --a------ C:\[u]0[/u]130002WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-12 18:27 . 2008-01-21 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2008-01-12 18:08 . 2008-01-12 18:08 <DIR> d-------- C:\Program Files\Radio Dum Dum
2008-01-12 11:20 . 2008-01-12 11:20 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-12 11:20 . 2008-01-17 13:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-12 10:59 . 2008-01-12 18:08 <DIR> d-------- C:\Program Files\Registry Clean Pro
2008-01-10 13:42 . 2008-01-30 18:13 65,012 --a------ C:\[u]0[/u]330000WELLFIT AUTO CARE CENTER - JEDDAH.fbk
2008-01-10 00:00 . 2008-01-30 18:13 153,404 --a------ C:\[u]0[/u]130000WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-09 23:59 . 2008-01-29 23:15 64,854 --a------ C:\[u]0[/u]330009WELLFIT AUTO CARE CENTER - JEDDAH.fbk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 15:03 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-02-09 15:03 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-02-07 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 11:56 --------- d-----w C:\Program Files\MSN Messenger
2008-02-06 13:28 --------- d-----w C:\Documents and Settings\VIP\Application Data\LimeWire
2008-02-06 11:14 --------- d-----w C:\Program Files\LimeWire
2008-02-03 18:12 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-02-02 13:48 503,296 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
2008-01-30 12:02 --------- d-----w C:\Program Files\Webroot
2008-01-30 12:02 --------- d-----w C:\Documents and Settings\VIP\Application Data\Webroot
2008-01-30 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-28 12:02 --------- d-----w C:\Documents and Settings\VIP\Application Data\Launchy
2008-01-23 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-19 14:42 --------- d-----w C:\Program Files\HTTP-Tunnel
2008-01-19 13:40 --------- d-----w C:\Program Files\Java
2008-01-19 12:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-19 12:15 --------- d-----w C:\Program Files\Quran_AR
2008-01-13 06:27 --------- d-----w C:\Program Files\Nexus Radio
2008-01-12 15:08 --------- d-----w C:\Program Files\Nexus_Radio
2008-01-10 14:21 --------- d-----w C:\Documents and Settings\VIP\Application Data\FrostWire
2008-01-05 09:27 --------- d-----w C:\Documents and Settings\VIP\Application Data\JustVoip
2007-12-12 15:12 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-11 10:57 --------- d-----w C:\Program Files\Morpheus
2007-12-10 08:37 --------- d-----w C:\Program Files\RKS Fax
2007-06-13 10:23 843,776 --sh--r C:\WINDOWS\system32\kssolc.exe
.
[code]


----a-w            39,792 2008-01-28 11:40:20  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w         1,450,096 2008-01-28 11:40:22  C:\Program Files\Ahead\InCD\InCD .exe
----a-w           106,496 2008-01-28 11:40:17  C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray .exe
----a-w           180,269 2008-02-09 14:44:37  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           847,872 2008-01-19 11:13:59  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
----a-w            40,960 2008-01-28 11:40:52  C:\Program Files\Free Download Manager\FUM\fumoei .exe
----a-w           132,496 2008-01-19 12:00:16  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w           132,496 2008-01-28 11:40:15  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w            74,672 2008-01-28 15:03:36  C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe
----a-w           295,856 2008-01-28 11:40:26  C:\Program Files\Lexmark Fax Solutions\fm3032 .exe
----a-w           600,896 2008-01-28 11:40:21  C:\Program Files\Microsoft IntelliPoint\ipoint .exe
----a-w           576,320 2008-01-28 11:40:20  C:\Program Files\Microsoft IntelliType Pro\itype .exe
----a-w         2,947,584 2008-01-13 06:22:13  C:\Program Files\Nexus Radio\Nexus Radio .exe
----a-w           335,872 2008-01-19 12:00:21  C:\Program Files\Quran_AR\Quran_AR .exe
----a-w           160,592 2008-01-21 08:50:28  C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon .exe
----a-w         1,103,752 2008-01-30 11:57:30  C:\Program Files\Spyware Doctor\pctsTray .exe
----a-w         1,206,600 2008-02-06 20:11:54  C:\Program Files\Webroot\Washer\wwDisp .exe
----a-w         4,670,968 2008-01-28 11:40:42  C:\Program Files\Yahoo!\Messenger\YahooMessenger             .exe
----a-w           158,208 2008-02-03 18:12:40  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w            15,360 2008-02-09 09:23:51  C:\WINDOWS\system32\ctfmon .exe
----a-w        17,642,616 2008-01-16 15:33:35  C:\WINDOWS\system32\MRT .exe
----a-w           155,648 2008-01-21 08:50:20  C:\WINDOWS\system32\NeroCheck .exe
[/code]


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]
2007-12-11 20:19 1502232 --a------ C:\Program Files\Nexus_Radio\tbNex1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7111AEF-7F4B-42DA-80AD-9AD4BB969D8A}]
C:\WINDOWS\system32\awvvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c700f645-611c-4f5e-9489-c5ef81a78318}]
C:\WINDOWS\system32\ovxsbbnv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46C4-B683-905236F6F655}
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{2462D2D8-B36E-44AB-84BF-C5A9383D2429}

[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2462D2D8-B36E-44AB-84BF-C5A9383D2429}"= C:\Program Files\Nexus_Radio\tbNex1.dll [2007-12-11 20:19 1502232]

[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]
"4ce9994c"="C:\WINDOWS\system32\tawepvpe.dll" [ ]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 01:56 388608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajwzwgrb]
ajwzwgrb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcyxv]
khfcyxv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-04 04:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
C:\Program Files\Free Download Manager\FUM\fumoei.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
C:\Program Files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\awvvt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2005-09-22 23:36 14854144 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray]
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-01-28 14:40 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)

R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 01:50]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-10-03 09:33]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 18:27]
S3 GNDHVF;Genius VideoCAM Smart300 V2;C:\WINDOWS\system32\DRIVERS\gndhvf.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4A6147C6-1320-9C42-021B-C3ABFAE0E786}]
C:\WINDOWS\system32\update.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-09 15:06:17 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-24 10:16:19 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 18:06:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
r Running Proce
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
.
**************************************************************************
.
Completion time: 2008-02-09 18:10:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 15:10:35
.
2008-01-19 11:27:52 --- E O F ---
=================

Thankyou



Report Offensive Follow Up For Removal

Response Number 3
Name: jabuck
Date: February 9, 2008 at 15:29:29 Pacific
Reply: (edit)

Open Notepad and copy/paste everything between the X"s into it and make sure "RenV::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RenV::

----a-w 39,792 2008-01-28 11:40:20 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 1,450,096 2008-01-28 11:40:22 C:\Program Files\Ahead\InCD\InCD .exe
----a-w 106,496 2008-01-28 11:40:17 C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray .exe
----a-w 180,269 2008-02-09 14:44:37 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 847,872 2008-01-19 11:13:59 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
----a-w 40,960 2008-01-28 11:40:52 C:\Program Files\Free Download Manager\FUM\fumoei .exe
----a-w 132,496 2008-01-19 12:00:16 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w 132,496 2008-01-28 11:40:15 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 74,672 2008-01-28 15:03:36 C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe
----a-w 295,856 2008-01-28 11:40:26 C:\Program Files\Lexmark Fax Solutions\fm3032 .exe
----a-w 600,896 2008-01-28 11:40:21 C:\Program Files\Microsoft IntelliPoint\ipoint .exe
----a-w 576,320 2008-01-28 11:40:20 C:\Program Files\Microsoft IntelliType Pro\itype .exe
----a-w 2,947,584 2008-01-13 06:22:13 C:\Program Files\Nexus Radio\Nexus Radio .exe
----a-w 335,872 2008-01-19 12:00:21 C:\Program Files\Quran_AR\Quran_AR .exe
----a-w 160,592 2008-01-21 08:50:28 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon .exe
----a-w 1,103,752 2008-01-30 11:57:30 C:\Program Files\Spyware Doctor\pctsTray .exe
----a-w 1,206,600 2008-02-06 20:11:54 C:\Program Files\Webroot\Washer\wwDisp .exe
----a-w 4,670,968 2008-01-28 11:40:42 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w 158,208 2008-02-03 18:12:40 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-02-09 09:23:51 C:\WINDOWS\system32\ctfmon .exe
----a-w 17,642,616 2008-01-16 15:33:35 C:\WINDOWS\system32\MRT .exe
----a-w 155,648 2008-01-21 08:50:20 C:\WINDOWS\system32\NeroCheck .exe

File::
C:\WINDOWS\system32\rxiqmhyx.dll
C:\WINDOWS\system32\eulucumj.dll.vir
C:\WINDOWS\system32\RCX259C.tmp
C:\WINDOWS\system32\tawepvpe.dll
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\ovxsbbnv.dll

Driver::
ajwzwgrb
khfcyxv

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7111AEF-7F4B-42DA-80AD-9AD4BB969D8A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c700f645-611c-4f5e-9489-c5ef81a78318}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4ce9994c"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajwzwgrb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcyxv]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Please go to Virus Total and upload the following file for analysis:

C:\WINDOWS\system32\53341Rapid.Hacker.exe

C:\WINDOWS\system32\kssolc.exe


Post the results in your reply.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Post a new Combofix log.


Report Offensive Follow Up For Removal

Response Number 4
Name: abham
Date: February 10, 2008 at 08:21:01 Pacific
Reply: (edit)

Dear Sir,
Thaks for your quick reply
Please note that I COULD NOT FIND SYSTERM32 IN MY WINDOWS (but if i go in dos, it is there) like C:/windows/system32 but seen when try to upload)

I Did the ARF cleaning
Pls find the new combofix log
ComboFix 08-02.05.3 - VIP 2008-02-10 16:46:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.118 [GMT 3:00]
Running from: C:\Documents and Settings\VIP\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 14:36 . 2004-08-04 01:56 388,608 --a------ C:\kmd.exe
2008-02-09 17:41 . 2008-02-09 17:41 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-07 23:42 . 2008-02-07 23:42 154,511 --a------ C:\[u]0[/u]130007WELLFIT AUTO CARE (WHOLESALE).fbk
2008-02-07 21:47 . 2008-02-07 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-07 21:42 . 2008-02-07 21:42 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-04 18:03 . 2008-02-04 18:03 <DIR> d-------- C:\Program Files\FDRLab
2008-02-04 14:45 . 2008-02-04 14:51 13,824 ---hs---- C:\WINDOWS\system32\53341Rapid.Hacker.exe
2008-02-04 14:42 . 2008-02-04 14:40 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-02-04 14:25 . 2008-02-04 14:51 872,448 ---hs---- C:\WINDOWS\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe
2008-02-02 21:27 . 2008-02-02 21:25 1,593,209 --a------ C:\ComboFix.exe
2008-02-02 18:08 . 2008-02-02 18:09 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-02 16:40 . 2008-02-02 21:08 <DIR> d-------- C:\SDFix
2008-01-30 14:42 . 2008-02-03 21:12 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-30 14:03 . 2006-10-20 15:21 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-28 14:31 . 2008-01-28 14:31 24 --a------ C:\WINDOWS\cdplayer.ini
2008-01-27 18:11 . 2008-01-27 21:38 <DIR> d-------- C:\Program Files\Panda Security
2008-01-26 22:51 . 2008-01-26 22:51 <DIR> d-------- C:\Documents and Settings\VIP\Application Data\FaxCtr
2008-01-26 22:36 . 2008-01-26 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-01-26 22:36 . 2006-04-28 12:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-26 22:36 . 2006-04-28 12:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-01-26 22:36 . 2006-04-28 12:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-26 22:36 . 2006-04-28 12:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-26 22:36 . 2006-04-28 12:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-01-26 22:36 . 2006-11-22 16:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-01-26 22:36 . 2006-11-22 16:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-26 22:36 . 2006-11-22 17:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-26 22:35 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-01-26 22:34 . 2008-01-26 22:35 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-26 22:32 . 2007-01-22 16:49 344,064 --a------ C:\WINDOWS\system32\lxczcoin.dll
2008-01-26 22:32 . 2006-03-27 19:19 40,960 --a------ C:\WINDOWS\system32\lxczvs.dll
2008-01-26 22:32 . 2008-02-02 11:46 274 --a------ C:\WINDOWS\Lexstat.ini
2008-01-26 22:31 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\Lexmark 1200 Series
2008-01-26 22:30 . 2007-02-09 01:44 1,851 --a------ C:\WINDOWS\system32\lxcz.loc
2008-01-26 21:41 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-26 21:41 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-26 21:41 . 2007-01-23 06:30 73,728 -ra------ C:\WINDOWS\system32\lxczcfg.dll
2008-01-26 21:41 . 2007-02-08 01:58 39,899 -ra------ C:\WINDOWS\system32\rtsicis.ini
2008-01-23 12:31 . 2008-01-23 12:31 <DIR> d-------- C:\Program Files\JustVoip.com
2008-01-23 12:27 . 2008-01-23 12:27 <DIR> d-------- C:\Program Files\Intuwave Ltd
2008-01-23 12:23 . 2007-12-11 14:04 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-01-21 22:51 . 2008-01-21 22:51 125,509 --a------ C:\[u]0[/u]130011WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-21 22:51 . 2008-01-31 23:03 65,866 --a------ C:\[u]0[/u]330011WELLFIT AUTO CARE CENTER - JEDDAH.fbk
2008-01-21 12:32 . 2008-02-09 17:25 <DIR> d-------- C:\VundoFix Backups
2008-01-20 12:36 . 2008-01-20 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-01-20 12:35 . 2008-01-20 12:35 <DIR> d-------- C:\Program Files\Siber Systems
2008-01-19 23:10 . 2008-02-09 23:40 154,721 --a------ C:\[u]0[/u]130009WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-17 16:55 . 2008-02-10 16:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-17 16:54 . 2008-02-10 15:17 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-17 16:54 . 2008-01-17 16:54 <DIR> d-------- C:\Documents and Settings\VIP\Application Data\PC Tools
2008-01-17 16:54 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-17 16:54 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-17 16:54 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-17 16:54 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-17 11:44 . 2008-01-19 17:22 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-16 19:08 . 2008-02-06 23:24 154,047 --a------ C:\[u]0[/u]130006WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-16 14:29 . 2008-01-16 14:29 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-16 11:27 . 2008-01-19 21:41 <DIR> d-------- C:\Program Files\Mightyfax
2008-01-16 11:27 . 2005-05-13 09:21 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL
2008-01-16 11:27 . 2001-07-16 02:06 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL
2008-01-16 11:27 . 2008-02-07 12:43 92 --a------ C:\WINDOWS\mfpd.ini
2008-01-16 11:20 . 2008-01-16 12:26 227 --a------ C:\WINDOWS\wininit.ini
2008-01-16 10:35 . 2008-01-16 11:24 <DIR> d-------- C:\Program Files\RegCure
2008-01-15 22:05 . 2008-01-15 22:05 59,312 --a------ C:\[u]0[/u]330005WELLFIT AUTO CARE CENTER - JEDDAH.fbk
2008-01-14 23:12 . 2008-01-24 23:33 139,894 --a------ C:\[u]0[/u]130004WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-14 23:12 . 2008-02-04 23:38 68,124 --a------ C:\[u]0[/u]330004WELLFIT AUTO CARE CENTER - JEDDAH.fbk
2008-01-13 22:18 . 2008-01-13 22:18 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-01-13 22:18 . 2008-01-13 22:18 <DIR> d-------- C:\Program Files\FLV Player
2008-01-12 23:30 . 2008-01-22 22:57 131,918 --a------ C:\[u]0[/u]130002WELLFIT AUTO CARE (WHOLESALE).fbk
2008-01-12 18:27 . 2008-01-21 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-12 18:08 . 2008-01-12 18:08 <DIR> d-------- C:\Program Files\Radio Dum Dum
2008-01-12 11:20 . 2008-01-12 11:20 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-12 11:20 . 2008-01-17 13:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-12 10:59 . 2008-01-12 18:08 <DIR> d-------- C:\Program Files\Registry Clean Pro
2008-01-10 13:42 . 2008-01-30 18:13 65,012 --a------ C:\[u]0[/u]330000WELLFIT AUTO CARE CENTER - JEDDAH.fbk
2008-01-10 00:00 . 2008-01-30 18:13 153,404 --a------ C:\[u]0[/u]130000WELLFIT AUTO CARE (WHOLESALE).fbk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 12:17 --------- d-----w C:\Program Files\Quran_AR
2008-02-10 12:17 --------- d-----w C:\Program Files\Nexus Radio
2008-02-10 12:17 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-02-10 12:17 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-02-07 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 11:56 --------- d-----w C:\Program Files\MSN Messenger
2008-02-06 13:28 --------- d-----w C:\Documents and Settings\VIP\Application Data\LimeWire
2008-02-06 11:14 --------- d-----w C:\Program Files\LimeWire
2008-02-03 18:12 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2008-01-30 12:02 --------- d-----w C:\Program Files\Webroot
2008-01-30 12:02 --------- d-----w C:\Documents and Settings\VIP\Application Data\Webroot
2008-01-30 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-28 12:02 --------- d-----w C:\Documents and Settings\VIP\Application Data\Launchy
2008-01-23 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-19 14:42 --------- d-----w C:\Program Files\HTTP-Tunnel
2008-01-19 13:40 --------- d-----w C:\Program Files\Java
2008-01-19 12:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-12 15:08 --------- d-----w C:\Program Files\Nexus_Radio
2008-01-10 14:21 --------- d-----w C:\Documents and Settings\VIP\Application Data\FrostWire
2008-01-05 09:27 --------- d-----w C:\Documents and Settings\VIP\Application Data\JustVoip
2007-12-12 15:12 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-11 10:57 --------- d-----w C:\Program Files\Morpheus
2007-12-10 08:37 --------- d-----w C:\Program Files\RKS Fax
2007-06-13 10:23 843,776 --sh--r C:\WINDOWS\system32\kssolc.exe
.
[code]


----a-w         4,670,968 2008-01-28 11:40:42  C:\Program Files\Yahoo!\Messenger\YahooMessenger             .exe
[/code]


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]
2007-12-11 20:19 1502232 --a------ C:\Program Files\Nexus_Radio\tbNex1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46C4-B683-905236F6F655}
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{2462D2D8-B36E-44AB-84BF-C5A9383D2429}

[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2462D2D8-B36E-44AB-84BF-C5A9383D2429}"= C:\Program Files\Nexus_Radio\tbNex1.dll [2007-12-11 20:19 1502232]

[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 17:44 180269]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler .exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler .exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^VIP^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-28 14:40 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-04 04:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2008-01-28 14:40 295856 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
--a------ 2008-01-28 14:40 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2008-01-28 14:40 1450096 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2008-01-28 14:40 600896 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2008-01-28 14:40 576320 C:\Program Files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]
C:\Program Files\JustVoip.com\JustVoip\JustVoip .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\awvvt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]
--a------ 2008-01-28 18:03 74672 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2005-09-22 23:36 14854144 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-01-28 14:40 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-09 17:44 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray]
--a------ 2008-01-28 14:40 106496 C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 2008-02-06 23:11 1206600 C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-01-28 14:40 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)

R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 01:50]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-10-03 09:33]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 18:27]
S3 GNDHVF;Genius VideoCAM Smart300 V2;C:\WINDOWS\system32\DRIVERS\gndhvf.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4A6147C6-1320-9C42-021B-C3ABFAE0E786}]
C:\WINDOWS\system32\update.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 13:40:09 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-24 10:16:19 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 16:49:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-10 16:49:47
ComboFix-quarantined-files.txt 2008-02-10 13:49:43
ComboFix2.txt 2008-02-10 13:44:46
ComboFix3.txt 2008-02-09 15:10:46
.
2008-01-19 11:27:52 --- E O F ---
===================================
Pls find Kaspersky log

---------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 10, 2008 7:10:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/02/2008
Kaspersky Anti-Virus database records: 555987
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 46599
Number of viruses found: 21
Number of infected objects: 218
Number of suspicious objects: 4
Duration of the scan process: 00:44:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger15.zip/ctfmon.exe Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.283 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger2.zip/ctfs.dll Infected: not-a-virus:Monitor.Win32.GoldenKeylogger.130 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger3.zip/ctfmon.dll Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyArsenalFamilyKeylogger3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip/awvvt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde16.zip/awvvt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip/txpdjgmr.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc1.zip/ewlrlpda.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip/whAgent_update.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer1.zip ZIP: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip/windows Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Asset.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Asset.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Asset.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetExif.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetExif.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetExif.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetMedia.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetMedia.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetMedia.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetType.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\AssetType.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupRoot.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupRoot.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupRoot.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupUnit.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupUnit.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\BackupUnit.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Category.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Category.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\CategoryRoot.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\CategoryRoot.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Config.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Config.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifGPS.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifGPS.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifGPS.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifImage.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifImage.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ExifImage.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetDefn.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetDefn.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetField.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetField.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetTable.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FieldSetTable.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FileType.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FileType.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Folder.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Folder.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FolderRoot.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\FolderRoot.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinAssetTypeFileType.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinAssetTypeFileType.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinBackupAsset.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinBackupAsset.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinBackupAsset.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinCategoryAsset.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinCategoryAsset.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinFieldDefn.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinFieldDefn.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinFieldSetFileType.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinFieldSetFileType.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinSyncDeviceAsset.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinSyncDeviceAsset.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\JoinSyncDeviceAsset.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupList.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupList.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupListItem.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupListItem.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupValueItem.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\LookupValueItem.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCanon.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCanon.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCanon.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCasio.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCasio.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerCasio.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerFuji.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerFuji.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerFuji.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerNikon.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerNikon.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerNikon.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerOlympus.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerOlympus.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\MakerOlympus.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ShareDefinition.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ShareDefinition.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\SyncDevice.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\SyncDevice.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\SyncDevice.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb1.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb1.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb1.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb2.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb2.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\Thumb2.fpt Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ThumbDefn.cdx Object is locked skipped
C:\Documents and Settings\VIP\Application Data\ACD Systems\Catalogs\70\Default\ThumbDefn.dbf Object is locked skipped
C:\Documents and Settings\VIP\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\VIP\Application Data\Opera\Opera\mail\indexer\indexer_64.dat Object is locked skipped
C:\Documents and Settings\VIP\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\VIP\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\VIP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\VIP\Desktop\Riyad-Stock-020208.xls Object is locked skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Agent.htu skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe/data.rar Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS 10.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Agent.htu skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe/data.rar Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar/Keys/KEYS11.exe Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar/key applicator/Keys.rar Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar/keys/key applicator.rar Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar/keys/keys.rar Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar/keys/keys.rar Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar/Spyware DoctorR/keys.rar Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar/Spyware DoctorR with AntiVirus 5.5 key applicator/Spyware DoctorR.rar Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar/Spyware DoctorR with AntiVirus 5.5 for WindowsR - New Version!/Spyware DoctorR with AntiVirus 5.5 key applicator.rar Infected: Virus.Win32.Virut.av skipped
C:\Documents and Settings\VIP\Desktop\Spyware Doctor® with ANTIVIRUS 5.5 Build 178(with serial keys)\Spyware Doctor® with AntiVirus 5.5 for Windows® - New Version!.rar RAR: infected - 19 skipped
C:\Documents and Settings\VIP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\VIP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\VIP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\VIP\Local Settings\History\History.IE5\MSHist012008021020080211\index.dat Object is locked skipped
C:\Documents and Settings\VIP\Local Settings\Temp\~DF12D8.tmp Object is locked skipped
C:\Documents and Settings\VIP\Local Settings\Temp\~DF30A5.tmp Object is locked skipped
C:\Documents and Settings\VIP\Local Settings\Temp\~DF4ADE.tmp Object is locked skipped
C:\Documents and Settings\VIP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\VIP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\VIP\My Documents\Morpheus Shared\Downloads\New Folder\Morpheus full version +Crack _ serial.zip/Morpheus.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\VIP\My Documents\Morpheus Shared\Downloads\New Folder\Morpheus full version +Crack _ serial.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\VIP\My Documents\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
C:\Documents and Settings\VIP\My Documents\New Folder\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
C:\Documents and Settings\VIP\My Documents\New Folder\trace.zip/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
C:\Documents and Settings\VIP\My Documents\New Folder\trace.zip ZIP: infected - 1 skipped
C:\Documents and Settings\VIP\My Documents\phone (version 1).xls Object is locked skipped
C:\Documents and Settings\VIP\My Documents\phone.xls Object is locked skipped
C:\Documents and Settings\VIP\ntuser.dat Object is locked skipped
C:\Documents and Settings\VIP\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\VIP\Shared\Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Documents and Settings\VIP\Shared\New Folder\Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Documents and Settings\VIP\Shared\New Folder\WinFax Pro 10 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Documents and Settings\VIP\Shared\New Folder\WinFax Pro 10 Crack.zip ZIP: infected - 1 skipped
C:\Documents and Settings\VIP\Shared\WinFax Pro 10 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Documents and Settings\VIP\Shared\WinFax Pro 10 Keygen.zip ZIP: infected - 1 skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Ahead\InCD\InCD.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Free Download Manager\FUM\fumoei.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Java\jre1.6.0_02\bin\jusched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\JustVoip.com\JustVoip\JustVoip.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Lexmark 1200 Series\lxczbmgr.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Lexmark Fax Solutions\fm3032.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Microsoft IntelliPoint\ipoint.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Microsoft IntelliType Pro\itype.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Webroot\Washer\wwDisp.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awvvt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awvvt.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\eulucumj.dll.vir.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\MRT.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX10.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX11.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX12.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX13.tmp.vir Infected: Virus.Win32.Tra