Here my logs
ComboFixComboFix 08-10-19.04 - Mariam AL-Khamiri 2008-10-25 16:31:56.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.163 [GMT 4:00]
Running from: C:\Documents and Settings\Dr. Fatma Al Khamiri\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dr. Fatma Al Khamiri\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\gendel32.exe
C:\WINDOWS\lomxeqsn.exe
C:\WINDOWS\system32\Topdownloads Folder Protect_uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\gendel32.exe
C:\Program Files\NoAdware
C:\Program Files\NoAdware\logs\Date(18-1-2009) Time(9-45-26).txt
C:\Program Files\NoAdware\NoAdwareBackup\1,18,2009_9,45,18.zip
C:\WINDOWS\lomxeqsn.exe
C:\WINDOWS\system32\Topdownloads Folder Protect_uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
.
2009-01-19 20:21 . 2009-01-19 20:21 <DIR> d-------- C:\WINDOWS\system32\Service
2009-01-18 19:53 . 2008-10-25 01:14 <DIR> d-------- C:\Program Files\Panda Security
2009-01-17 04:04 . 2009-01-18 09:20 <DIR> d-------- C:\Program Files\Trend Micro
2009-01-17 01:31 . 2009-01-17 01:31 661,808 --a------ C:\WINDOWS\system32\UfWSC.cpl
2009-01-17 01:06 . 2009-01-17 20:37 <DIR> d-------- C:\Documents and Settings\Dr. Fatma Al Khamiri\.housecall6.6
2009-01-16 17:33 . 2008-10-25 01:53 <DIR> d-------- C:\Program Files\Yahoo!
2009-01-16 17:03 . 2009-01-16 17:04 <DIR> d-------- C:\Program Files\Safari
2009-01-14 10:48 . 2009-01-14 11:31 1,319 --ah----- C:\IPH.PH
2009-01-14 10:25 . 2008-10-25 01:13 <DIR> d-------- C:\Program Files\Opera
2009-01-09 13:28 . 2009-01-22 21:13 <DIR> dr------- C:\Documents and Settings\Dr. Fatma Al Khamiri\My Pictures
2009-01-08 23:51 . 2009-01-10 00:12 <DIR> d-------- C:\TEMP
2009-01-08 08:12 . 2009-01-08 08:12 0 --a------ C:\WINDOWS\nsreg.dat
2009-01-06 09:56 . 2007-08-13 18:45 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2009-01-06 09:29 . 2009-01-06 09:29 <DIR> d--hs---- C:\Documents and Settings\Dr. Fatma Al Khamiri\PrivacIE
2008-12-30 16:39 . 2009-01-16 16:56 <DIR> d-------- C:\Program Files\DivX
2008-12-30 16:39 . 2008-09-16 04:14 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-12-18 10:35 . 2008-12-18 10:35 <DIR> d-------- C:\WINDOWS\system32\Redist
2008-12-18 10:35 . 2008-09-18 05:28 290,304 --a------ C:\WINDOWS\system32\artEMFLib.dll
2008-12-18 10:35 . 2008-09-18 05:26 143,360 --a------ C:\WINDOWS\system32\vbuzip10.dll
2008-12-18 10:35 . 2008-09-18 05:15 90,112 --a------ C:\WINDOWS\system32\ccrpTmr6.dll
2008-12-17 09:56 . 2008-12-18 10:35 88,064 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-12-17 00:50 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-12-14 23:23 . 2008-12-14 23:23 <DIR> d-------- C:\Program Files\iPod
2008-12-14 22:27 . 2008-12-14 22:27 <DIR> d-------- C:\Program Files\topdownloads
2008-10-25 05:19 . 2008-10-25 05:27 <DIR> d-------- C:\Program Files\RegCure
2008-10-25 02:14 . 2008-10-25 02:14 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-25 02:01 . 2008-10-25 02:20 <DIR> d-------- C:\Program Files\Delicious Add-on for Internet Explorer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 15:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-17 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-01-16 21:30 80,400 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2009-01-16 21:30 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2009-01-16 21:30 334,352 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2009-01-16 21:30 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2009-01-16 21:30 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2009-01-16 13:26 --------- d-----w C:\Program Files\Save Flash
2009-01-16 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-01-13 04:03 --------- d-----w C:\Program Files\Dl_cats
2009-01-12 17:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2009-01-08 21:45 --------- d-----w C:\Program Files\Kaspersky Lab
2009-01-08 21:26 --------- d-----w C:\Program Files\LtUcx
2009-01-08 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-30 20:33 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\DivX
2008-12-27 18:24 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\dvdcss
2008-12-25 19:52 --------- d-----w C:\Program Files\Avanquest update
2008-12-18 06:34 --------- d-----w C:\Program Files\Articulate
2008-12-17 06:02 --------- d-----w C:\Program Files\Everstrike Software
2008-10-25 01:39 --------- d-----w C:\Program Files\Common Files\Ahead
2008-10-24 22:19 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Delicious IE Extension
2008-10-24 22:13 --------- d-----w C:\Program Files\Common Files\Real
2008-10-24 22:10 --------- d-----w C:\Program Files\Google
2008-10-24 21:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-18 01:22 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
2008-09-16 00:14 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-09-16 00:14 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-12 17:08 --------- d-----w C:\Program Files\eREAD
2008-09-11 16:26 --------- d-----w C:\Program Files\Nero
2008-09-11 16:01 --------- d-----w C:\Program Files\Windows Live
2008-09-11 16:01 --------- d-----w C:\Program Files\SWiSH Max2
2008-09-11 15:34 --------- d-----w C:\Program Files\Tracker Software
2008-09-11 15:02 --------- d-----w C:\Program Files\PDF-Convert
2008-09-11 13:54 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-09-11 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-09-11 12:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 12:37 --------- d-----w C:\Program Files\InterVideo
2008-09-11 12:35 --------- d-----w C:\Program Files\MagicISO
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-08 07:00 --------- d-----w C:\Program Files\TechSmith
2008-09-06 17:59 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-30 16:22 --------- d-----w C:\Program Files\Circle Developement
2008-08-30 13:39 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-29 20:47 --------- d-----w C:\Program Files\GiPo@Utilities
2008-08-29 15:15 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Apple Computer
2008-08-28 19:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-28 19:18 --------- d-----w C:\Program Files\Apple Software Update
2008-08-27 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 17:54 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-22 17:54 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-21 16:25 73,216 -c--a-w C:\WINDOWS\ST6UNST.EXE
2008-08-21 16:25 249,856 -c----w C:\WINDOWS\Setup1.exe
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 13:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-29 07:47 34,847,744 ----a-w C:\Program Files\kav.en.msi
2008-03-25 06:51 560 -c--a-w C:\Program Files\Global.sw
2007-05-30 17:17 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-05-30 17:16 25,990,392 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2003-04-17 13:43 416 -c--a-r C:\Program Files\start.ini
2002-12-23 06:01 126,976 -c--a-r C:\Program Files\start.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\WINDOWS\system32\Service ----
2009-01-19 20:21 928 --a------ C:\WINDOWS\system32\Service\19012009_TIS17_SfFniAU.log
((((((((((((((((((((((((((((( snapshot@2009-01-20_11.11.15.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-10-15 16:34:24 337,408 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-01-16 12:52:58 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-10-24 22:34:25 84,661 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-04-14 00:12:01 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2008-08-22 17:54:44 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-10-24 22:12:22 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2008-08-22 17:54:47 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-10-24 22:12:31 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2008-08-22 17:54:47 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-10-24 22:12:31 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-08-22 17:55:07 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-10-24 22:13:38 185,920 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{235A3ACD-EBE5-46b2-9BAE-B1960F9DC791}]
2008-07-23 10:09 344064 --a------ C:\Program Files\eREAD\eREAD\EasyRead.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-01-17 497008]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-01-17 970808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-01-17 497008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-09-11 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ExplorerSpeedDelay"= 0%
"DriveSpeedDelay"= %0
"MenuShowDelay"= 0%
"MenuSpeedDelay"= 0%
"BrowseForFolderDelay"= 0%
"BrowseForFileDelay"= 0%
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.HFYU"= huffyuv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Talk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Talk.lnk
backup=C:\WINDOWS\pss\Google Talk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Live Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Live Messenger.lnk
backup=C:\WINDOWS\pss\Windows Live Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dr. Fatma Al Khamiri^Start Menu^Programs^Startup^Shortcut to YahooMessenger.lnk]
path=C:\Documents and Settings\Dr. Fatma Al Khamiri\Start Menu\Programs\Startup\Shortcut to YahooMessenger.lnk
backup=C:\WINDOWS\pss\Shortcut to YahooMessenger.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
--a--c--- 2008-07-16 13:44 726272 C:\Program Files\TechSmith\Jing\Jing.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2007-04-26 21:28 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 17:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a--c--- 2008-02-20 16:19 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-25 02:12 185872 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dlcdcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcdPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"1925:UDP"= 1925:UDP:Windows Media Format SDK (iexplore.exe)
"1924:UDP"= 1924:UDP:Windows Media Format SDK (iexplore.exe)
"1927:UDP"= 1927:UDP:Windows Media Format SDK (iexplore.exe)
"1926:UDP"= 1926:UDP:Windows Media Format SDK (iexplore.exe)
"1930:UDP"= 1930:UDP:Windows Media Format SDK (iexplore.exe)
"1932:UDP"= 1932:UDP:Windows Media Format SDK (iexplore.exe)
"2066:UDP"= 2066:UDP:Windows Media Format SDK (iexplore.exe)
"2067:UDP"= 2067:UDP:Windows Media Format SDK (iexplore.exe)
"2068:UDP"= 2068:UDP:Windows Media Format SDK (iexplore.exe)
"2071:UDP"= 2071:UDP:Windows Media Format SDK (iexplore.exe)
"2070:UDP"= 2070:UDP:Windows Media Format SDK (iexplore.exe)
"2073:UDP"= 2073:UDP:Windows Media Format SDK (iexplore.exe)
"2749:UDP"= 2749:UDP:Windows Media Format SDK (iexplore.exe)
"2748:UDP"= 2748:UDP:Windows Media Format SDK (iexplore.exe)
"2753:UDP"= 2753:UDP:Windows Media Format SDK (iexplore.exe)
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-06-22 491520]
S2 P1100B_CT_CDI;Creative PD1100B HAL Service;C:\WINDOWS\system32\DRIVERS\P1100bCd.sys [ ]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2004-08-11 63104]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2004-08-11 63104]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-03-13 27136]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0828bcfe-c6eb-11db-bb25-0013cecb6bbb}]
\Shell\AutoRun\command - '.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ee1551d-8e88-11db-8414-0013cecb6bbb}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f525f6e-e6af-11db-8756-0013cecb6bbb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ae4071-1683-11dc-8806-0013cecb6bbb}]
\Shell\AutoRun\command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6405f33f-b8f9-11dc-89dc-000fb0d7d750}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64e567a0-f956-11dc-8a91-000fb0d7d750}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afa1761e-dc3c-11da-87ea-000fb0d7d750}]
\Shell\AutoRun\command - '.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc5287ec-8d9a-11db-840e-0013cecb6bbb}]
\Shell\AutoRun\command - '.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbfa3dfc-e606-11dd-8247-000fb0d7d750}]
\Shell\AutoRun\command - WD_Windows_Tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-25 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-04-22 01:21]
2008-10-25 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-04-22 01:21]
2006-04-27 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:12]
2008-10-25 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ISUSPM Startup - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-25 16:38:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-25 16:48:40
ComboFix-quarantined-files.txt 2008-10-25 12:48:31
ComboFix2.txt 2008-10-24 21:37:54
ComboFix3.txt 2009-01-20 07:22:03
ComboFix4.txt 2009-01-20 07:12:27
Pre-Run: 56,150,556,672 bytes free
Post-Run: 56,141,189,120 bytes free
355 --- E O F --- 2008-10-24 20:59:17
Hijack ThisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:59 PM, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ae/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Easy Read - {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} - C:\Program Files\eREAD\eREAD\EasyRead.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/microso ... 9460490500O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 9460074765O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{CC77A4D3-E4E9-40BA-B8E0-8B82EDC7A17E}: NameServer = 213.42.20.20,195.229.241.222
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: (no name) -
http://images.abunawaf.com/2007/09/11/ramandan5copy.jpg--
End of file - 10100 bytes
Malwarebytes' Anti-MalwareMalwarebytes' Anti-Malware 1.30
Database version: 1316
Windows 5.1.2600 Service Pack 3
10/25/2008 8:54:34 PM
mbam-log-2008-10-25 (20-54-34).txt
Scan type: Full Scan (C:\|)
Objects scanned: 202764
Time elapsed: 3 hour(s), 51 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\rosqxvmn.btsx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rosqxvmn.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0011903-00111) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Dr. Fatma Al Khamiri\Favorites\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr. Fatma Al Khamiri\Favorites\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr. Fatma Al Khamiri\Favorites\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.