XP Problems [RESOLVED]
Started by
syco26
, Sep 20 2008 06:53 PM
#16
Posted 23 September 2008 - 03:10 AM
#17
Posted 23 September 2008 - 03:25 AM
i would go down the panda route.
#18
Posted 23 September 2008 - 04:01 AM
Oh I nearly forgot here is the Javara log
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Sep 22 21:17:37 2008
Found and removed: C:\Program Files\Java\j2re1.4.1_02
Found and removed: C:\Program Files\Java\j2re1.4.2_05
Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28
Found and removed: C:\Program Files\Java Web Start
Found and removed: C:\Windows\System32\jpicpl32.cpl
Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142050}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.Exe
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Web Start
Found and removed: Software\JavaSoft\Java2D\1.5.0_06
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\JavaPlugin.150_06
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EFCE5837-FC21-11D6-9D24-00010240CE95}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142050}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410205
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410205
Found and removed: SOFTWARE\Classes\JavaPlugin.141_02
Found and removed: SOFTWARE\Classes\JavaPlugin.142_05
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.1_02
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_05
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.1_02
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_05
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_05
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
------------------------------------
Finished reporting.
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Sep 22 21:17:37 2008
Found and removed: C:\Program Files\Java\j2re1.4.1_02
Found and removed: C:\Program Files\Java\j2re1.4.2_05
Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28
Found and removed: C:\Program Files\Java Web Start
Found and removed: C:\Windows\System32\jpicpl32.cpl
Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142050}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.Exe
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Web Start
Found and removed: Software\JavaSoft\Java2D\1.5.0_06
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\JavaPlugin.150_06
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EFCE5837-FC21-11D6-9D24-00010240CE95}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142050}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410205
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410205
Found and removed: SOFTWARE\Classes\JavaPlugin.141_02
Found and removed: SOFTWARE\Classes\JavaPlugin.142_05
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.1_02
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_05
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.1_02
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_05
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_05
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
------------------------------------
Finished reporting.
#19
Posted 23 September 2008 - 04:02 AM
Here is the new HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:57, on 23/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://ninemsn.com.au/"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [W2acecad.Wtxpload] C:\WINDOWS\W2acecad\Wtxpload.exe acecad
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MorpheusToolbar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] "C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: http://www.airbrush.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160400379609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F6CD93-82B0-4D39-80CE-E9DD36A5DE4A}: Domain = sa.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Application Installer Cleanup (0231771222152088) (0231771222152088mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\023177~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 15526 bytes
The Panda scan is running now
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:57, on 23/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://ninemsn.com.au/"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [W2acecad.Wtxpload] C:\WINDOWS\W2acecad\Wtxpload.exe acecad
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MorpheusToolbar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] "C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: http://www.airbrush.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160400379609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F6CD93-82B0-4D39-80CE-E9DD36A5DE4A}: Domain = sa.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Application Installer Cleanup (0231771222152088) (0231771222152088mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\023177~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 15526 bytes
The Panda scan is running now
#20
Posted 23 September 2008 - 06:29 AM
And here is the Panda scan Log
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-09-23 21:59:02
PROTECTIONS: 2
MALWARE: 39
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029424 adware/cws.searchmeup Adware No 1 Yes No c:\documents and settings\carl\favorites\gambling
00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\carl\favorites\adult
00041446 application/myway HackTools No 0 Yes No hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
00041446 application/myway HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Application Data\Mozilla\Firefox\Profiles\khvsxubm.default\cookies.txt[.tucows.com/]
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Application Data\Mozilla\Firefox\Profiles\khvsxubm.default\cookies.txt[.tucows.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@toplist[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\[email protected][2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@overture[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@adultfriendfinder[1].txt
00241796 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020829.DLL
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020831.DLL
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020825.dll
00332270 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
00361463 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020830.DLL
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\Uninstall Morpheus Toolbar.dll
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\PROGRA~1\UNINST~1.DLL
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
00384294 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020118.exe
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][5.exe][5.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir[C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][5.exe][5.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020208.exe
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][5.exe][5.exe][MicroAV.exe]
00385800 Application/UltimateAntivirus2008 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020243.cpl
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][5.exe][5.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][5.exe][5.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][5.exe][5.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir[C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020116.cpl
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\3.exe.vir
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020086.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020120.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][3.exe]
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020090.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020202.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020191.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\YURB.exe.vir
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020128.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\x.vir
00386560 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][3.exe]
00386560 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][3.exe]
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP153\A0020527.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020394.exe
00386564 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\empa.exe.vir
00386564 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe
00386564 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\[4][email protected][YUR6C4.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][7.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020125.exe
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\7.exe.vir
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020397.exe
00386576 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][7.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][7.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020101.exe
00386577 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020389.exe
00386577 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][0.exe]
00386577 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][0.exe]
00386577 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020131.exe
00386577 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\0.exe.vir
00386577 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][0.exe]
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020084.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020119.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020395.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020192.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][4.exe]
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020127.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][4.exe]
00386581 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][4.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][2.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020392.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020201.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP153\A0020526.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][2.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020200.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020093.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\YURA.exe.vir
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020083.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020190.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020121.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020129.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir
00386584 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][2.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020092.exe
00386587 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe
00386587 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][5.exe]
00386587 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe
00386587 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir
00386587 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][5.exe]
00386587 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][5.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020189.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][1.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020082.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][1.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020193.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][1.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020130.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020122.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\1.exe.vir
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020390.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020094.exe
00386636 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020113.dll
00386636 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020246.dll
00386647 Adware/VideoAccessCodec Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\eflx.exe.vir
00386647 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020407.exe
00386647 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020111.exe
00386653 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020245.dll
00386653 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020115.dll
00386657 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020404.exe
00386657 Adware/VideoAccessCodec Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\mqgldfvo.exe.vir
00386657 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020114.exe
00386658 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020112.dll
00386658 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020406.dll
00386658 Adware/VideoAccessCodec Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\vmgspntbvlw.dll.vir
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020478.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01895148 Malicious Packer SecRisk No 0 No No C:\Documents and Settings\CARL\My Documents\Downloads\Symantec Norton Ghost 14.0\Norton Ghost v14_En.exe[C:\Documents and Settings\CARL\My Documents\Downloads\Symantec Norton Ghost 14.0\Norton Ghost v14_En.exe][is153548.exe]
01895148 Malicious Packer SecRisk No 0 No No C:\Documents and Settings\CARL\My Documents\Downloads\Kaspersky life time reset patch.rar[Kaspersky life time patch\KasperskyTrialReset.exe][Kaspersky life time patch\KasperskyTrialReset.exe][is202158.exe]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020421.sys
03021065 Trj/Downloader.TVR Virus/Trojan No 0 No No C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf[C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf][wr-1-2038.exe]
03438258 Bck/Radmin.AF Virus/Trojan No 0 Yes No C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html.3]
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\sc.html.vir
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][sc.html]
03690171 Adware/SecurityCenter Adware No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][sc.html]
03722943 Adware/UltimateDefender Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020105.dll
03722943 Adware/UltimateDefender Adware No 0 Yes No C:\QooBox\Quarantine\[4][email protected][TDSShpue.dll]
03723993 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020108.sys
03723993 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\[4][email protected][TDSSjcxe.sys]
03724011 Generic Trojan Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\[4][email protected][TDSSevri.dll]
03724011 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020106.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\Documents and Settings\CARL\Desktop\ComboFix.exe
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
120815 HIGH MS06-022
;===============================================================================
=================================================================================
===================
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-09-23 21:59:02
PROTECTIONS: 2
MALWARE: 39
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029424 adware/cws.searchmeup Adware No 1 Yes No c:\documents and settings\carl\favorites\gambling
00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\carl\favorites\adult
00041446 application/myway HackTools No 0 Yes No hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
00041446 application/myway HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Application Data\Mozilla\Firefox\Profiles\khvsxubm.default\cookies.txt[.tucows.com/]
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Application Data\Mozilla\Firefox\Profiles\khvsxubm.default\cookies.txt[.tucows.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@toplist[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\[email protected][2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@overture[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@adultfriendfinder[1].txt
00241796 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020829.DLL
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020831.DLL
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020825.dll
00332270 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
00361463 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020830.DLL
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\Uninstall Morpheus Toolbar.dll
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\PROGRA~1\UNINST~1.DLL
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
00384294 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020118.exe
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][5.exe][5.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir[C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][5.exe][5.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020208.exe
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][5.exe][5.exe][MicroAV.exe]
00385800 Application/UltimateAntivirus2008 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020243.cpl
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][5.exe][5.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][5.exe][5.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][5.exe][5.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir[C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020116.cpl
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\3.exe.vir
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020086.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020120.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][3.exe]
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020090.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020202.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020191.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\YURB.exe.vir
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020128.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\x.vir
00386560 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][3.exe]
00386560 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][3.exe]
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP153\A0020527.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020394.exe
00386564 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\empa.exe.vir
00386564 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe
00386564 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\[4][email protected][YUR6C4.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][7.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020125.exe
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\7.exe.vir
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020397.exe
00386576 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][7.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][7.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020101.exe
00386577 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020389.exe
00386577 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][0.exe]
00386577 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][0.exe]
00386577 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020131.exe
00386577 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\0.exe.vir
00386577 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][0.exe]
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020084.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020119.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020395.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020192.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][4.exe]
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020127.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][4.exe]
00386581 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][4.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][2.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020392.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020201.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP153\A0020526.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][2.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020200.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020093.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\YURA.exe.vir
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020083.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020190.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020121.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020129.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir
00386584 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][2.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020092.exe
00386587 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe
00386587 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][5.exe]
00386587 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe
00386587 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir
00386587 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][5.exe]
00386587 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][5.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020189.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][1.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020082.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][1.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020193.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][1.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020130.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020122.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\1.exe.vir
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020390.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020094.exe
00386636 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020113.dll
00386636 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020246.dll
00386647 Adware/VideoAccessCodec Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\eflx.exe.vir
00386647 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020407.exe
00386647 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020111.exe
00386653 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020245.dll
00386653 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020115.dll
00386657 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020404.exe
00386657 Adware/VideoAccessCodec Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\mqgldfvo.exe.vir
00386657 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020114.exe
00386658 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020112.dll
00386658 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020406.dll
00386658 Adware/VideoAccessCodec Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\vmgspntbvlw.dll.vir
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020478.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01895148 Malicious Packer SecRisk No 0 No No C:\Documents and Settings\CARL\My Documents\Downloads\Symantec Norton Ghost 14.0\Norton Ghost v14_En.exe[C:\Documents and Settings\CARL\My Documents\Downloads\Symantec Norton Ghost 14.0\Norton Ghost v14_En.exe][is153548.exe]
01895148 Malicious Packer SecRisk No 0 No No C:\Documents and Settings\CARL\My Documents\Downloads\Kaspersky life time reset patch.rar[Kaspersky life time patch\KasperskyTrialReset.exe][Kaspersky life time patch\KasperskyTrialReset.exe][is202158.exe]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020421.sys
03021065 Trj/Downloader.TVR Virus/Trojan No 0 No No C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf[C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf][wr-1-2038.exe]
03438258 Bck/Radmin.AF Virus/Trojan No 0 Yes No C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html.3]
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\sc.html.vir
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][sc.html]
03690171 Adware/SecurityCenter Adware No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][sc.html]
03722943 Adware/UltimateDefender Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020105.dll
03722943 Adware/UltimateDefender Adware No 0 Yes No C:\QooBox\Quarantine\[4][email protected][TDSShpue.dll]
03723993 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020108.sys
03723993 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\[4][email protected][TDSSjcxe.sys]
03724011 Generic Trojan Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\[4][email protected][TDSSevri.dll]
03724011 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020106.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\Documents and Settings\CARL\Desktop\ComboFix.exe
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
120815 HIGH MS06-022
;===============================================================================
=================================================================================
===================
#21
Posted 23 September 2008 - 12:52 PM
the scan found many infections already safely quarantined, some in the restore points which we will flush later and some files we need to remove now.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
and a final hijackthis log.
could you also let me know how your machine is running now.
andrewuk
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
File:: C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL C:\Program Files\Uninstall Morpheus Toolbar.dll C:\PROGRA~1\UNINST~1.DLL C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL C:\WINDOWS\PSEXESVC.EXE C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll Folder:: c:\documents and settings\carl\favorites\gambling c:\documents and settings\carl\favorites\adult Registry:: [-hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch] [-hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}] [-HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}]
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
and a final hijackthis log.
could you also let me know how your machine is running now.
andrewuk
Edited by andrewuk, 23 September 2008 - 12:59 PM.
#22
Posted 23 September 2008 - 09:02 PM
Here is the combo log
ComboFix 08-09-22.06 - CARL 2008-09-24 12:11:22.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.573 [GMT 9.5:30]
Running from: C:\Documents and Settings\CARL\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\CARL\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf
C:\PROGRA~1\UNINST~1.DLL
C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll
C:\Program Files\Uninstall Morpheus Toolbar.dll
C:\WINDOWS\PSEXESVC.EXE
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\carl\favorites\adult
c:\documents and settings\carl\favorites\gambling
C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf
C:\PROGRA~1\UNINST~1.DLL
C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll
C:\Program Files\Uninstall Morpheus Toolbar.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-23 19:28 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-22 21:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-22 21:26 . 2008-09-22 21:29 <DIR> d-------- C:\Documents and Settings\CARL\.SunDownloadManager
2008-09-22 21:15 . 2008-09-22 21:15 <DIR> d-------- C:\Documents and Settings\CARL\My
2008-09-21 10:37 . 2008-09-21 10:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-21 03:06 . 2008-09-21 03:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-21 02:47 . 2008-09-21 03:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 17:24 . 2008-09-20 22:51 <DIR> d-------- C:\Program Files\ScreenGardens Living Pond
2008-09-14 21:33 . 2008-09-14 21:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-14 21:33 . 2008-09-14 21:37 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 16:33 --------- d-----w C:\Program Files\McAfee
2008-09-23 16:32 --------- d-----w C:\Program Files\MorpheusBar
2008-09-22 12:05 --------- d-----w C:\Program Files\Java
2008-09-22 00:38 --------- d-----w C:\Documents and Settings\CARL\Application Data\SiteAdvisor
2008-09-20 17:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 17:17 --------- d-----w C:\Documents and Settings\CARL\Application Data\Lavasoft
2008-09-20 13:21 --------- d-----w C:\Documents and Settings\CARL\Application Data\uTorrent
2008-09-20 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-19 02:30 --------- d-----w C:\Program Files\Morpheus
2008-09-15 09:06 --------- d-----w C:\Program Files\PicLensIE
2008-09-02 12:25 --------- d-----w C:\Documents and Settings\CARL\Application Data\BitTorrent
2008-08-17 14:09 --------- d-----w C:\Documents and Settings\CARL\Application Data\Vso
2008-08-17 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-17 10:29 --------- d-----w C:\Program Files\SlySoft
2008-08-08 14:01 --------- d-----w C:\Documents and Settings\CARL\Application Data\DataLayer
2008-08-01 13:27 99,648 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-07-30 14:20 --------- d-----w C:\Program Files\DVDlabPro2
2008-07-27 10:30 --------- d-----w C:\Program Files\Xilisoft
2008-07-25 00:46 --------- d-----w C:\Program Files\Apple Software Update
2008-07-25 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-18 12:40 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:40 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:40 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:39 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:39 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:39 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:39 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 12:37 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 12:37 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-15 17:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 08:42 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2007-06-12 06:48 72,680 ----a-w C:\Documents and Settings\CARL\Application Data\GDIPFONTCACHEV1.DAT
2007-02-21 18:56 87,608 ----a-w C:\Documents and Settings\CARL\Application Data\ezpinst.exe
2007-02-21 18:56 47,360 ----a-w C:\Documents and Settings\CARL\Application Data\pcouffin.sys
2004-01-29 06:20 17,280 ----a-w C:\Program Files\SETUP.LST
2004-01-29 06:10 1,533,663 ----a-w C:\Program Files\dogwaffle.ex_
2004-01-27 08:19 47,473 ----a-w C:\Program Files\Splash.jp_
2004-01-07 01:30 5,718 ----a-w C:\Program Files\Grid_pm.ex_
2004-01-03 02:58 3,276 ----a-w C:\Program Files\ExploreTempDir_pm.ex_
2004-01-02 13:29 23,230 ----a-w C:\Program Files\Drpaint.dl_
2003-12-20 05:19 4,287 ----a-w C:\Program Files\Sepia_pf.ex_
2003-12-20 03:18 389 ----a-w C:\Program Files\Def_Res.tx_
2003-11-29 06:17 23,514 ----a-w C:\Program Files\Store_Alpha_pm.ex_
2003-11-25 03:55 16,674 ----a-w C:\Program Files\Zoom_pf.ex_
2003-11-13 03:45 5,053 ----a-w C:\Program Files\Key_Shrink_pb.ex_
2003-11-13 03:18 5,545 ----a-w C:\Program Files\Key_Grow_pb.ex_
2003-11-04 02:52 17,663 ----a-w C:\Program Files\drbrush.dl_
2003-11-04 01:15 45,953 ----a-w C:\Program Files\drfilter.dl_
2003-10-27 22:13 4,058 ----a-w C:\Program Files\antique2.gr_
2003-10-27 22:12 3,942 ----a-w C:\Program Files\antique1.gr_
2003-10-26 23:23 1,363 ----a-w C:\Program Files\DogWeb.ht_
2003-10-26 01:06 2,467 ----a-w C:\Program Files\Keyboard_Document.rt_
2003-10-26 00:45 13,880 ----a-w C:\Program Files\drFloodfill.dl_
2003-10-25 01:45 512 ----a-w C:\Program Files\TabletSupport.rt_
2003-10-17 01:19 25,398 ----a-w C:\Program Files\Thumb_Book.gi_
2003-10-06 08:37 23,758 ----a-w C:\Program Files\screenshot2-300.jp_
2003-09-26 22:47 82,398 ----a-w C:\Program Files\register.ex_
2003-09-26 22:27 353,173 ----a-w C:\Program Files\KnotWorker.ex_
2003-06-23 10:19 13,491 ----a-w C:\Program Files\WinterBranches.op_
2003-06-23 10:12 12,712 ----a-w C:\Program Files\Grass.op_
2003-06-22 08:40 12,008 ----a-w C:\Program Files\Garland.op_
2003-06-22 06:03 12,575 ----a-w C:\Program Files\DogWillow.op_
2003-06-05 10:31 97,631 ----a-w C:\Program Files\VBTablet.dl_
2003-05-01 12:20 12,113 ----a-w C:\Program Files\Fancyful.op_
2003-05-01 12:14 12,118 ----a-w C:\Program Files\Hivey.op_
2003-05-01 12:10 12,121 ----a-w C:\Program Files\Brainy.op_
2003-05-01 12:07 12,178 ----a-w C:\Program Files\Spiro.op_
2003-02-11 09:51 2,147 ----a-w C:\Program Files\Tipofday.tx_
2002-12-29 04:59 3,913 ----a-w C:\Program Files\ChangeDPI_px.ex_
2002-11-13 07:04 243 ----a-w C:\Program Files\ReadMe.tx_
2002-11-10 04:43 5,499 ----a-w C:\Program Files\Clipboard_Import_pb.ex_
2002-11-03 03:03 6,796 ----a-w C:\Program Files\Paint_on_alpha_pm.ex_
2002-11-03 02:54 3,826 ----a-w C:\Program Files\printerPrefs_generic_px.ex_
2002-11-01 04:43 3,676 ----a-w C:\Program Files\KeyToLuminance_pb.ex_
2002-11-01 04:41 3,383 ----a-w C:\Program Files\KeyInvert_pb.ex_
2002-11-01 04:40 3,675 ----a-w C:\Program Files\KeyToBlack_pb.ex_
2002-10-08 04:36 3,188 ----a-w C:\Program Files\Skys.gr_
2002-10-08 04:23 4,885 ----a-w C:\Program Files\Reds.gr_
2002-10-08 04:16 3,435 ----a-w C:\Program Files\Vents.gr_
2002-10-08 04:12 2,895 ----a-w C:\Program Files\Warnings.gr_
2002-10-08 04:03 3,969 ----a-w C:\Program Files\GunMetals.gr_
2002-09-23 00:59 10,655 ----a-w C:\Program Files\MotionBlur_pf.ex_
2002-09-19 18:10 10,701 ----a-w C:\Program Files\print_generic_px.ex_
2002-09-19 17:41 4,207 ----a-w C:\Program Files\ScaleAlpha_pm.ex_
2002-09-04 17:31 7,260 ----a-w C:\Program Files\Store_Brush_pb.ex_
2002-09-04 16:14 12,899 ----a-w C:\Program Files\Store_Buffer_pm.ex_
2002-09-02 17:57 5,735 ----a-w C:\Program Files\Clipboard_Export_pb.ex_
2002-08-22 17:34 66,779 ----a-w C:\Program Files\def_mdiform_bitmap.jp_
2002-08-20 22:11 17,460 ----a-w C:\Program Files\Def_Wallpaper.bm_
2002-08-20 12:49 328 ----a-w C:\Program Files\readme.txt
2002-08-08 20:14 520 ----a-w C:\Program Files\Test1.w_
2002-06-14 10:43 345 ----a-w C:\Program Files\Trace Sleek 8-Bit.kn_
2002-03-29 02:30 520 ----a-w C:\Program Files\Study.w_
2002-03-29 02:15 469 ----a-w C:\Program Files\Earthy.w_
2002-02-11 19:15 1,745 ----a-w C:\Program Files\readme.rt_
2002-02-08 22:23 4,837 ----a-w C:\Program Files\AverageFrames_pm.ex_
2006-03-31 07:05 56 --sh--r C:\WINDOWS\system32\753FDCB0D6.sys
2008-06-16 03:38 517,780 --sha-w C:\WINDOWS\system32\NnUFNqru.ini2
2005-10-27 14:09 161,795 --sh--w C:\WINDOWS\system32\rrutv.bak1
.
((((((((((((((((((((((((((((( snapshot@2008-09-21_11.39.30.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 03:26:08 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2008-06-30 01:09:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
- 2008-09-21 01:26:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-24 00:57:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-21 01:26:59 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-24 00:57:48 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-11-10 01:57:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 15:51:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 01:57:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 15:51:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 03:33:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-09 17:02:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-09-21 02:05:25 14,368 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-09-23 16:33:56 14,368 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-02-20 3330048]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Gadwin PrintScreen Pro"="C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2008-05-17 516096]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-03 2161600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"W2acecad.Wtxpload"="C:\WINDOWS\W2acecad\Wtxpload.exe" [2000-05-21 45056]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-05-28 163840]
"IMONTRAY"="C:\Program Files\Intel\Intel® Active Monitor\imontray.exe" [2003-11-03 32768]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 5058560]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2003-07-17 147456]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-25 36640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-05-04 78848]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2004-03-22 77824]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-16 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-06-16 16:29 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^CARL^Start Menu^Programs^Startup^Adobe Gamma Loader.exe]
path=C:\Documents and Settings\CARL\Start Menu\Programs\Startup\Adobe Gamma Loader.exe
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen Pro]
--a------ 2008-05-17 22:48 516096 C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
--a------ 2003-06-24 12:09 568096 C:\Program Files\Netscape\Netscape\Netscp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:54 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 17:58 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"TVersityMediaServer"=2 (0x2)
"KodakCCS"=3 (0x3)
"iPod Service"=3 (0x3)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"Diskeeper"=2 (0x2)
"Dcfssvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Telstra\\unpw\\unpwclient.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-01-21 21512]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 PenClass;Pen Class;C:\WINDOWS\system32\Drivers\PenClass.sys [2001-04-09 8138]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-02-26 9728]
R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2005-12-26 34848]
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]
S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872]
S3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usbuvt.sys [ ]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-01-21 26248]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - PAVBOOT
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 12:14:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-24 12:15:32
ComboFix-quarantined-files.txt 2008-09-24 02:45:28
ComboFix2.txt 2008-09-22 11:31:08
ComboFix3.txt 2008-09-21 08:36:20
ComboFix4.txt 2008-09-21 02:10:30
Pre-Run: 47,425,544,192 bytes free
Post-Run: 47,639,961,600 bytes free
313 --- E O F --- 2008-09-12 13:02:53
And here is the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:52, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://ninemsn.com.au/"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [W2acecad.Wtxpload] C:\WINDOWS\W2acecad\Wtxpload.exe acecad
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] "C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: http://www.airbrush.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160400379609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F6CD93-82B0-4D39-80CE-E9DD36A5DE4A}: Domain = sa.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 15376 bytes
ComboFix 08-09-22.06 - CARL 2008-09-24 12:11:22.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.573 [GMT 9.5:30]
Running from: C:\Documents and Settings\CARL\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\CARL\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf
C:\PROGRA~1\UNINST~1.DLL
C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll
C:\Program Files\Uninstall Morpheus Toolbar.dll
C:\WINDOWS\PSEXESVC.EXE
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\carl\favorites\adult
c:\documents and settings\carl\favorites\gambling
C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf
C:\PROGRA~1\UNINST~1.DLL
C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll
C:\Program Files\Uninstall Morpheus Toolbar.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-23 19:28 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-22 21:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-22 21:26 . 2008-09-22 21:29 <DIR> d-------- C:\Documents and Settings\CARL\.SunDownloadManager
2008-09-22 21:15 . 2008-09-22 21:15 <DIR> d-------- C:\Documents and Settings\CARL\My
2008-09-21 10:37 . 2008-09-21 10:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-21 03:06 . 2008-09-21 03:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-21 02:47 . 2008-09-21 03:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 17:24 . 2008-09-20 22:51 <DIR> d-------- C:\Program Files\ScreenGardens Living Pond
2008-09-14 21:33 . 2008-09-14 21:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-14 21:33 . 2008-09-14 21:37 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 16:33 --------- d-----w C:\Program Files\McAfee
2008-09-23 16:32 --------- d-----w C:\Program Files\MorpheusBar
2008-09-22 12:05 --------- d-----w C:\Program Files\Java
2008-09-22 00:38 --------- d-----w C:\Documents and Settings\CARL\Application Data\SiteAdvisor
2008-09-20 17:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 17:17 --------- d-----w C:\Documents and Settings\CARL\Application Data\Lavasoft
2008-09-20 13:21 --------- d-----w C:\Documents and Settings\CARL\Application Data\uTorrent
2008-09-20 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-19 02:30 --------- d-----w C:\Program Files\Morpheus
2008-09-15 09:06 --------- d-----w C:\Program Files\PicLensIE
2008-09-02 12:25 --------- d-----w C:\Documents and Settings\CARL\Application Data\BitTorrent
2008-08-17 14:09 --------- d-----w C:\Documents and Settings\CARL\Application Data\Vso
2008-08-17 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-17 10:29 --------- d-----w C:\Program Files\SlySoft
2008-08-08 14:01 --------- d-----w C:\Documents and Settings\CARL\Application Data\DataLayer
2008-08-01 13:27 99,648 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-07-30 14:20 --------- d-----w C:\Program Files\DVDlabPro2
2008-07-27 10:30 --------- d-----w C:\Program Files\Xilisoft
2008-07-25 00:46 --------- d-----w C:\Program Files\Apple Software Update
2008-07-25 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-18 12:40 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:40 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:40 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:39 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:39 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:39 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:39 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 12:37 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 12:37 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-15 17:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 08:42 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2007-06-12 06:48 72,680 ----a-w C:\Documents and Settings\CARL\Application Data\GDIPFONTCACHEV1.DAT
2007-02-21 18:56 87,608 ----a-w C:\Documents and Settings\CARL\Application Data\ezpinst.exe
2007-02-21 18:56 47,360 ----a-w C:\Documents and Settings\CARL\Application Data\pcouffin.sys
2004-01-29 06:20 17,280 ----a-w C:\Program Files\SETUP.LST
2004-01-29 06:10 1,533,663 ----a-w C:\Program Files\dogwaffle.ex_
2004-01-27 08:19 47,473 ----a-w C:\Program Files\Splash.jp_
2004-01-07 01:30 5,718 ----a-w C:\Program Files\Grid_pm.ex_
2004-01-03 02:58 3,276 ----a-w C:\Program Files\ExploreTempDir_pm.ex_
2004-01-02 13:29 23,230 ----a-w C:\Program Files\Drpaint.dl_
2003-12-20 05:19 4,287 ----a-w C:\Program Files\Sepia_pf.ex_
2003-12-20 03:18 389 ----a-w C:\Program Files\Def_Res.tx_
2003-11-29 06:17 23,514 ----a-w C:\Program Files\Store_Alpha_pm.ex_
2003-11-25 03:55 16,674 ----a-w C:\Program Files\Zoom_pf.ex_
2003-11-13 03:45 5,053 ----a-w C:\Program Files\Key_Shrink_pb.ex_
2003-11-13 03:18 5,545 ----a-w C:\Program Files\Key_Grow_pb.ex_
2003-11-04 02:52 17,663 ----a-w C:\Program Files\drbrush.dl_
2003-11-04 01:15 45,953 ----a-w C:\Program Files\drfilter.dl_
2003-10-27 22:13 4,058 ----a-w C:\Program Files\antique2.gr_
2003-10-27 22:12 3,942 ----a-w C:\Program Files\antique1.gr_
2003-10-26 23:23 1,363 ----a-w C:\Program Files\DogWeb.ht_
2003-10-26 01:06 2,467 ----a-w C:\Program Files\Keyboard_Document.rt_
2003-10-26 00:45 13,880 ----a-w C:\Program Files\drFloodfill.dl_
2003-10-25 01:45 512 ----a-w C:\Program Files\TabletSupport.rt_
2003-10-17 01:19 25,398 ----a-w C:\Program Files\Thumb_Book.gi_
2003-10-06 08:37 23,758 ----a-w C:\Program Files\screenshot2-300.jp_
2003-09-26 22:47 82,398 ----a-w C:\Program Files\register.ex_
2003-09-26 22:27 353,173 ----a-w C:\Program Files\KnotWorker.ex_
2003-06-23 10:19 13,491 ----a-w C:\Program Files\WinterBranches.op_
2003-06-23 10:12 12,712 ----a-w C:\Program Files\Grass.op_
2003-06-22 08:40 12,008 ----a-w C:\Program Files\Garland.op_
2003-06-22 06:03 12,575 ----a-w C:\Program Files\DogWillow.op_
2003-06-05 10:31 97,631 ----a-w C:\Program Files\VBTablet.dl_
2003-05-01 12:20 12,113 ----a-w C:\Program Files\Fancyful.op_
2003-05-01 12:14 12,118 ----a-w C:\Program Files\Hivey.op_
2003-05-01 12:10 12,121 ----a-w C:\Program Files\Brainy.op_
2003-05-01 12:07 12,178 ----a-w C:\Program Files\Spiro.op_
2003-02-11 09:51 2,147 ----a-w C:\Program Files\Tipofday.tx_
2002-12-29 04:59 3,913 ----a-w C:\Program Files\ChangeDPI_px.ex_
2002-11-13 07:04 243 ----a-w C:\Program Files\ReadMe.tx_
2002-11-10 04:43 5,499 ----a-w C:\Program Files\Clipboard_Import_pb.ex_
2002-11-03 03:03 6,796 ----a-w C:\Program Files\Paint_on_alpha_pm.ex_
2002-11-03 02:54 3,826 ----a-w C:\Program Files\printerPrefs_generic_px.ex_
2002-11-01 04:43 3,676 ----a-w C:\Program Files\KeyToLuminance_pb.ex_
2002-11-01 04:41 3,383 ----a-w C:\Program Files\KeyInvert_pb.ex_
2002-11-01 04:40 3,675 ----a-w C:\Program Files\KeyToBlack_pb.ex_
2002-10-08 04:36 3,188 ----a-w C:\Program Files\Skys.gr_
2002-10-08 04:23 4,885 ----a-w C:\Program Files\Reds.gr_
2002-10-08 04:16 3,435 ----a-w C:\Program Files\Vents.gr_
2002-10-08 04:12 2,895 ----a-w C:\Program Files\Warnings.gr_
2002-10-08 04:03 3,969 ----a-w C:\Program Files\GunMetals.gr_
2002-09-23 00:59 10,655 ----a-w C:\Program Files\MotionBlur_pf.ex_
2002-09-19 18:10 10,701 ----a-w C:\Program Files\print_generic_px.ex_
2002-09-19 17:41 4,207 ----a-w C:\Program Files\ScaleAlpha_pm.ex_
2002-09-04 17:31 7,260 ----a-w C:\Program Files\Store_Brush_pb.ex_
2002-09-04 16:14 12,899 ----a-w C:\Program Files\Store_Buffer_pm.ex_
2002-09-02 17:57 5,735 ----a-w C:\Program Files\Clipboard_Export_pb.ex_
2002-08-22 17:34 66,779 ----a-w C:\Program Files\def_mdiform_bitmap.jp_
2002-08-20 22:11 17,460 ----a-w C:\Program Files\Def_Wallpaper.bm_
2002-08-20 12:49 328 ----a-w C:\Program Files\readme.txt
2002-08-08 20:14 520 ----a-w C:\Program Files\Test1.w_
2002-06-14 10:43 345 ----a-w C:\Program Files\Trace Sleek 8-Bit.kn_
2002-03-29 02:30 520 ----a-w C:\Program Files\Study.w_
2002-03-29 02:15 469 ----a-w C:\Program Files\Earthy.w_
2002-02-11 19:15 1,745 ----a-w C:\Program Files\readme.rt_
2002-02-08 22:23 4,837 ----a-w C:\Program Files\AverageFrames_pm.ex_
2006-03-31 07:05 56 --sh--r C:\WINDOWS\system32\753FDCB0D6.sys
2008-06-16 03:38 517,780 --sha-w C:\WINDOWS\system32\NnUFNqru.ini2
2005-10-27 14:09 161,795 --sh--w C:\WINDOWS\system32\rrutv.bak1
.
((((((((((((((((((((((((((((( snapshot@2008-09-21_11.39.30.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 03:26:08 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2008-06-30 01:09:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
- 2008-09-21 01:26:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-24 00:57:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-21 01:26:59 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-24 00:57:48 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-11-10 01:57:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 15:51:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 01:57:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 15:51:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 03:33:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-09 17:02:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-09-21 02:05:25 14,368 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-09-23 16:33:56 14,368 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-02-20 3330048]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Gadwin PrintScreen Pro"="C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2008-05-17 516096]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-03 2161600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"W2acecad.Wtxpload"="C:\WINDOWS\W2acecad\Wtxpload.exe" [2000-05-21 45056]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-05-28 163840]
"IMONTRAY"="C:\Program Files\Intel\Intel® Active Monitor\imontray.exe" [2003-11-03 32768]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 5058560]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2003-07-17 147456]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-25 36640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-05-04 78848]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2004-03-22 77824]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-16 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-06-16 16:29 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^CARL^Start Menu^Programs^Startup^Adobe Gamma Loader.exe]
path=C:\Documents and Settings\CARL\Start Menu\Programs\Startup\Adobe Gamma Loader.exe
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen Pro]
--a------ 2008-05-17 22:48 516096 C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
--a------ 2003-06-24 12:09 568096 C:\Program Files\Netscape\Netscape\Netscp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:54 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 17:58 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"TVersityMediaServer"=2 (0x2)
"KodakCCS"=3 (0x3)
"iPod Service"=3 (0x3)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"Diskeeper"=2 (0x2)
"Dcfssvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Telstra\\unpw\\unpwclient.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-01-21 21512]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 PenClass;Pen Class;C:\WINDOWS\system32\Drivers\PenClass.sys [2001-04-09 8138]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-02-26 9728]
R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2005-12-26 34848]
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]
S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872]
S3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usbuvt.sys [ ]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-01-21 26248]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - PAVBOOT
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 12:14:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-24 12:15:32
ComboFix-quarantined-files.txt 2008-09-24 02:45:28
ComboFix2.txt 2008-09-22 11:31:08
ComboFix3.txt 2008-09-21 08:36:20
ComboFix4.txt 2008-09-21 02:10:30
Pre-Run: 47,425,544,192 bytes free
Post-Run: 47,639,961,600 bytes free
313 --- E O F --- 2008-09-12 13:02:53
And here is the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:52, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://ninemsn.com.au/"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [W2acecad.Wtxpload] C:\WINDOWS\W2acecad\Wtxpload.exe acecad
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] "C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: http://www.airbrush.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160400379609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F6CD93-82B0-4D39-80CE-E9DD36A5DE4A}: Domain = sa.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 15376 bytes
#23
Posted 23 September 2008 - 09:07 PM
Thanks so much for taking the time to help me out. My PC seems to be running a heap quicker now, Like when I first got the PC. Is there any sites out there that can teach me how to clean my system that good by my self? How do you know what is good and what is bad? It is all greek to me.
#24
Posted 24 September 2008 - 02:50 PM
Hi syco26
congratulations, your logs are clean and another fix is in the can
in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.
also, i see you have some remnants of Norton on your machine which, given you now use Mcafee we should clear away.
Go HERE and choose the product that is installed and then download the removal tool.
Run it and reboot.
This should get rid of Norton.
====STEP 1====
Follow these steps to uninstall Combofix and tools used in the removal of malware and flush your system restore points
====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help your further.
====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
best wishes
andrewuk
congratulations, your logs are clean and another fix is in the can
we research each line of the logs to determine if the entry is bad, and if so, what the infection is and therefore how to go about removing it.How do you know what is good and what is bad?
you can learn how to clear malware off machine at this forum by joining GeekU hereIs there any sites out there that can teach me how to clean my system that good by my self?
in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.
also, i see you have some remnants of Norton on your machine which, given you now use Mcafee we should clear away.
Go HERE and choose the product that is installed and then download the removal tool.
Run it and reboot.
This should get rid of Norton.
====STEP 1====
Follow these steps to uninstall Combofix and tools used in the removal of malware and flush your system restore points
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help your further.
====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
- Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
- AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
- SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
- SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
- IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
- ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
- Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
- Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
best wishes
andrewuk
#25
Posted 26 September 2008 - 02:19 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users