Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have Vundo And Newjuan....bad


  • This topic is locked This topic is locked
3 replies to this topic

#1 Great Asp

Great Asp

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 06 April 2008 - 01:04 PM

Hello PPL!,

Recently, I bought an Iphone, and tried to buy some software to rip movies from dvd to my Iphone. When I tried to download the software "after I bought it", I got Vundo.... :thumbsup:

I hope I have these logs in the correct format, if you need something more or different just let me know.

In advance, Thank you for helping me.


ComboFix 08-04-04.1 - Eric Brown 2008-04-05 19:27:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.601 [GMT -5:00]
Running from: C:\Documents and Settings\Eric Brown\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMd34d7337.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\bqkwyqwr.dll
C:\WINDOWS\system32\cpnchngr.ini
C:\WINDOWS\system32\gdgranib.dll
C:\WINDOWS\system32\gfdxwxjl.dll
C:\WINDOWS\system32\gkicrucs.ini
C:\WINDOWS\system32\jqstijjl.dll
C:\WINDOWS\system32\jwvujlpi.dll
C:\WINDOWS\system32\ljxwxdfg.ini
C:\WINDOWS\system32\mhadqfdt.dll
C:\WINDOWS\system32\qhyhtddm.dll
C:\WINDOWS\system32\ssqnkhf.dll
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\vnngwjku.ini
C:\WINDOWS\system32\vpbtomvm.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-02 18:59 . 2008-04-02 18:59 <DIR> d-------- C:\Program Files\MSBuild
2008-04-02 18:56 . 2008-04-02 18:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-02 18:55 . 2008-04-02 18:55 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-02 18:53 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-01 20:59 . 2008-04-01 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-01 20:58 . 2008-04-01 20:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-01 20:58 . 2008-04-01 20:58 <DIR> d-------- C:\Documents and Settings\Eric Brown\Application Data\SUPERAntiSpyware.com
2008-04-01 19:41 . 2008-04-05 15:39 3,150 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-01 19:40 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-01 19:40 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-01 19:40 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-01 19:40 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-01 19:40 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-01 19:40 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-01 18:59 . 2008-04-01 20:56 535 ---hs---- C:\WINDOWS\system32\emkeetix.ini
2008-03-24 20:37 . 2008-03-24 20:37 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-03-24 20:07 . 2008-03-24 20:07 <DIR> d-------- C:\Documents and Settings\Eric Brown\Application Data\SuperEasy Software
2008-03-24 20:05 . 2008-03-24 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SuperEasy Software
2008-03-24 18:35 . 2008-03-24 18:35 <DIR> d-------- C:\Program Files\Handbrake
2008-03-23 21:22 . 2008-04-05 16:36 <DIR> d-------- C:\VundoFix Backups
2008-03-23 20:19 . 2008-03-23 20:19 <DIR> d-------- C:\E-Zsoft
2008-03-23 20:17 . 2008-03-23 20:17 <DIR> d-------- C:\Program Files\E-Zsoft
2008-03-23 16:58 . 2008-03-23 16:59 <DIR> d-------- C:\Temp\VIDEO_TS
2008-03-23 16:58 . 2008-03-23 16:58 <DIR> d-------- C:\Temp
2008-03-23 16:56 . 2008-03-23 16:56 <DIR> d-------- C:\Documents and Settings\Eric Brown\Application Data\dvdcss
2008-03-23 08:49 . 2008-04-01 06:49 1,413,809 --ahs---- C:\WINDOWS\system32\lgjylmlo.ini
2008-03-22 20:39 . 2005-11-21 00:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-03-22 13:02 . 2007-12-02 17:19 6,278,135 --a------ C:\Program Files\setup.exe
2008-03-22 12:58 . 2008-03-22 12:58 <DIR> d-------- C:\Program Files\Cellebrite Mobile Synchronization
2008-03-21 20:53 . 2008-03-21 20:53 <DIR> d-------- C:\Program Files\iPod
2008-03-21 20:52 . 2008-03-21 20:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-21 20:52 . 2008-03-21 20:53 <DIR> d-------- C:\Program Files\iTunes
2008-03-21 20:52 . 2008-03-21 20:52 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-21 20:52 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-03-21 20:46 . 2004-08-04 02:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-21 20:46 . 2004-08-04 00:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-21 20:46 . 2004-08-04 00:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-21 20:46 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-12 13:10 . 2008-03-12 13:10 633,344 --------- C:\WINDOWS\system32\gpprefcl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 18:20 --------- d-----w C:\Program Files\Zoom Player
2008-04-02 01:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 00:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-02 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-25 01:59 --------- d-----w C:\Documents and Settings\Eric Brown\Application Data\uTorrent
2008-03-22 18:55 --------- d-----w C:\Documents and Settings\Eric Brown\Application Data\U3
2008-03-22 03:09 --------- d-----w C:\Documents and Settings\Eric Brown\Application Data\Apple Computer
2008-03-19 23:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-17 22:31 --------- d-----w C:\Program Files\McAfee
2008-03-14 14:53 --------- d-----w C:\Program Files\Java
2008-02-29 02:28 --------- d-----w C:\Documents and Settings\Eric Brown\Application Data\FileZilla
2008-02-28 23:03 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-02-16 19:42 --------- d-----w C:\Documents and Settings\Eric Brown\Application Data\My Games
2008-02-16 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 19:22 --------- d-----w C:\Program Files\Firaxis Games
2008-02-10 23:36 --------- d-----w C:\Program Files\QuickTime
2008-02-10 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-05 23:01 22,328 ----a-w C:\Documents and Settings\Eric Brown\Application Data\PnkBstrK.sys
2005-06-11 02:41 572,850,299 ----a-w C:\Program Files\battlefield2demo.zip
2004-03-17 06:17 7,281 ----a-w C:\Program Files\DevMode.lua
2005-05-07 21:54 220 --sh--w C:\WINDOWS\dwin.sys
2004-11-01 18:30 56 --sh--r C:\WINDOWS\system32\1B53C4B0AD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 15:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 03:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21 147456]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 15:29 86016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-12 16:21 185896]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-11 20:35:16 113664]
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe [2005-06-25 18:50:38 910336]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnkhf]
ssqnkhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\System32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\System32\ir32_32.dll
"vidc.ir41"= C:\WINDOWS\System32\ir41_32.ax
"msacm.lhacm"= lhacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Eric Brown^Start Menu^Programs^Startup^Morpheus Ultra.lnk]
path=C:\Documents and Settings\Eric Brown\Start Menu\Programs\Startup\Morpheus Ultra.lnk
backup=C:\WINDOWS\pss\Morpheus Ultra.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\BlueByte\\Settlers3\\s3.exe"=
"C:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2002-12-17 18:26]
R3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2005-05-06 12:31]
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43]
R3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2005-05-02 20:48]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:56]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:56]
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:56]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:56]
S3 SQLAgent$ACT7;SQLAgent$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 18:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87e3e92-0aa0-11d9-8d56-806d6172696f}]
\Shell\AutoRun\command - D:\S3QOTA\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 15:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-15 06:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-04-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 00:31:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-04-06 0:35:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 05:34:57
Pre-Run: 9,948,921,856 bytes free
Post-Run: 10,516,877,312 bytes free
.
2008-03-12 08:01:37 --- E O F ---
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 06, 2008 12:35:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/04/2008
Kaspersky Anti-Virus database records: 686632


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 155341
Number of viruses found 13
Number of infected objects 35
Number of suspicious objects 0
Duration of the scan process 02:10:44

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{48987983-626D-44CD-AC4D-D90F8EA0DB16}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRB2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\000b2a648b7830ae3687a79efa45ef6d_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\039dd0017b11c78b5452d78ee1225c68_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\086ce01848108f8ba7b32dc309705030_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0dbb856a59f0804a8947d11f3c92e6a4_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fb887b00c7073e5b05f2e3e11844e75_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1409b61811e7f7c452002bbcf51e8dfb_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1aa2135b9ddaeeead0bf2bb10166c27c_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b8795917d711df848ff6ff82ba46b63_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\209baffebe1c53042e00b8d3835e15d6_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\216516988bcd0552d21f43aa2210b1e6_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ff80298597e3c1fdc306a92d5c2281d_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30e314cd161e3d8c91a54bb887ce6715_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40a444748e5891a5a7caadaa2a823b28_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a2fb8fee8c795dec2092cab06d56a8e_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4df67f74c745fa7d6ae769caea8e8c4b_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54a67e3df082e4000a0cbcf0d38ed8ac_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5723d949c9bfece7699bd9f8ad97f9e7_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a27fb9d8182edb3f9c306df1d2e6170_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a5c3fe5a2ab58515c616fa0382af67d_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d13865a03e46cb5d82c5ca977e36112_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e39cfd3a307a767f88cf42b491d53d3_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e5b87af11b04c5f4869a0433fdfccc1_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60a10c2a68089d177a669d232ecd580f_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60cf8bef8b045b1bb4d351ed0872c962_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cdce6b726fd09f99e0aec17131e95ab_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ce5462b71db00122d3dbc94b4100908_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6fddc171c35e2cc5af6c7c2d250662fa_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7209e114621241973f4344dfcc87a1f2_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73b5c0948336762eb21b221695c2ad24_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74f64063d5ce2d411a3c3111647b2331_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\788194751434a0a12761292b740b78db_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d5fda5dd606fb48b7e19217d40f7c30_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ebe835d52cd81d351b6ef5258cb0671_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f86307eb5528e11a04923208652ba1d_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\831644608c3eeb9039234b62c50ddd91_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a7bc80b0389d85c3d83548ffa520fc0_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b9fcd4b96033e30a00f7b89b6587f4a_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8eef768e5dffb5da844fb4a36212176a_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8fe3206e15a025c5097fdf902fde0c78_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90765018defb08390f044cad8623db2f_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93ad6e5d3e13d7ac8a1311414f9dc6e3_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95a9c310bb883a48a64e3ac1103bd933_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97cd5c6dd996fadd0ea7e25ccc1e4ba7_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98736c49b7e92ba37f9c97e1128a1b40_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9915bf04ca0b656f9eadd67498979d71_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9adf64946503ce56b78efc24f13b8d8a_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9fbc8bb9f188207576534ed86f9b7ea0_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a50f49c77f0dbc87835bbdac2868d5eb_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a64cbd1a5196897d2d1345c2f1584bce_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aacd32792dc5badbde41c0c5ced46c3e_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae83e095b668d975b31fa1e5697d2188_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0ad32391551b7b4956f0744ee287d48_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b11bd1f58f0688a13ed7ec90dad0b3f4_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2d2bc77c5f1cab466ecb7c626a84290_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3511e560bdeaac0989863d259312337_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c78f34fcf54e0020f75310ddada093f2_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf01a0da4ac61eba079537eacc48c23b_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3761eaf658bc9e5f9c28ffa2182a8df_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d501c1a60c9f0538ec0b78f818666f6b_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8282d1cb64b5f322964f4b87788f7f9_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8edacf22469ce78e5503e51077f4ae9_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db06d03b55f69103f9527a20059c9eb7_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc9f74a771c08eadaab1a5317d0cd66f_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e183f654ddb81d5d458af27ee63e1623_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e28d679fc585ac7c5ee5df261114e6a7_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7fb82bbd47cea04d9de9612cbc25615_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f07534dedc0b4edce4474ec857e1eeae_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2760188c0e33ab62aa293b72b6cbd31_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f85c165ba804e8ea3e939569cf52ac33_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb1dde422df68aa4d95281ab5ce8c655_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb208d4471d96b97fc2a58f18529bd9a_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fcbde949b686fe99b5d26a5bb75c2480_71ee9a83-4a38-4a4f-8d8d-5351d7d752bb Object is locked skipped

C:\Documents and Settings\All Users\Documents\ACT\ACT for Win 7\Databases\ACT7Demo.ADF Object is locked skipped

C:\Documents and Settings\All Users\Documents\ACT\ACT for Win 7\Databases\ACT7Demo.ALF Object is locked skipped

C:\Documents and Settings\Eric Brown\Application Data\ACT\ACT For Win 7\ActEmailMessageStore.mdf Object is locked skipped

C:\Documents and Settings\Eric Brown\Application Data\ACT\ACT For Win 7\ActEmailMessageStoreLog.LDF Object is locked skipped

C:\Documents and Settings\Eric Brown\Application Data\Sun\Java\Deployment\cache\6.0\43\2c0baa6b-25687c5e/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped

C:\Documents and Settings\Eric Brown\Application Data\Sun\Java\Deployment\cache\6.0\43\2c0baa6b-25687c5e ZIP: infected - 1 skipped

C:\Documents and Settings\Eric Brown\Application Data\Sun\Java\Deployment\cache\6.0\58\7948343a-64484eb1/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped

C:\Documents and Settings\Eric Brown\Application Data\Sun\Java\Deployment\cache\6.0\58\7948343a-64484eb1 ZIP: infected - 1 skipped

C:\Documents and Settings\Eric Brown\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-f2d4ff7-421e716f.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped

C:\Documents and Settings\Eric Brown\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-f2d4ff7-421e716f.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Eric Brown\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5c117bd7-26ff1580.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped

C:\Documents and Settings\Eric Brown\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5c117bd7-26ff1580.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Eric Brown\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-6-2008( 0-31-24 ).LOG Object is locked skipped

C:\Documents and Settings\Eric Brown\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Eric Brown\Desktop\Cucisoft\Cucusoft MPEG AVI to DVD VCD SVCD Converter Pro Full Version\Cucusoft MPEG AVI to DVD VCD SVCD Converter Pro.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped

C:\Documents and Settings\Eric Brown\Desktop\SmitfraudFix\Process.exe Object is locked skipped

C:\Documents and Settings\Eric Brown\Desktop\SmitfraudFix\Reboot.exe Object is locked skipped

C:\Documents and Settings\Eric Brown\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Eric Brown\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Eric Brown\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Eric Brown\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Eric Brown\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Eric Brown\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Eric Brown\Local Settings\Temp\tmp35.tmp Object is locked skipped

C:\Documents and Settings\Eric Brown\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Eric Brown\My Documents\ACT\ACT for Win 7\Databases\TOTAL.ADF Object is locked skipped

C:\Documents and Settings\Eric Brown\My Documents\ACT\ACT for Win 7\Databases\TOTAL.ALF Object is locked skipped

C:\Documents and Settings\Eric Brown\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Eric Brown\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Downloads\DivXPlayerPro64-Setup.exe/stream/data0006 Infected: Trojan.Win32.Zapchast skipped

C:\Downloads\DivXPlayerPro64-Setup.exe/stream/data0007/stream/data0001 Infected: Trojan.Win32.Pakes skipped

C:\Downloads\DivXPlayerPro64-Setup.exe/stream/data0007/stream Infected: Trojan.Win32.Pakes skipped

C:\Downloads\DivXPlayerPro64-Setup.exe/stream/data0007 Infected: Trojan.Win32.Pakes skipped

C:\Downloads\DivXPlayerPro64-Setup.exe/stream Infected: Trojan.Win32.Pakes skipped

C:\Downloads\DivXPlayerPro64-Setup.exe NSIS: infected - 5 skipped

C:\Downloads\Dvd to iphone converter.exe/is1000024.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Downloads\Dvd to iphone converter.exe ZIP: infected - 1 skipped

C:\Downloads\is1000024.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\LOG\ERRORLOG Object is locked skipped

C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Program Files\Morpheus\mymorpheusToolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Program Files\Morpheus Ultra\mymorpheusToolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Program Files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\Program Files\MorpheusBar\bar\1.bin\M0POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\Program Files\MorpheusBar\bar\1.bin\NPMORPBR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\bqkwyqwr.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped

C:\QooBox\Quarantine\catchme2008-04-06_ 03115.45.zip/Documents and Settings/Eric Brown/Desktop/catchme.zip/ssqnkhf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ktg skipped

C:\QooBox\Quarantine\catchme2008-04-06_ 03115.45.zip/Documents and Settings/Eric Brown/Desktop/catchme.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.ktg skipped

C:\QooBox\Quarantine\catchme2008-04-06_ 03115.45.zip ZIP: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{CFAEEA35-3037-4890-A491-9055963513E2}\RP2\A0002059.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped

C:\System Volume Information\_restore{CFAEEA35-3037-4890-A491-9055963513E2}\RP2\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcmsc_3OUbeQZB8x0GoCF Object is locked skipped

C:\WINDOWS\Temp\mcmsc_8p5zX4OlIX2fv6f Object is locked skipped

C:\WINDOWS\Temp\mcmsc_AIXgd2qsCOgTZAr Object is locked skipped

C:\WINDOWS\Temp\mcmsc_qECDWu2A8QuM1MF Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\WINDOWS\DHP.dll Infected: not-a-virus:AdWare.Win32.DealHelper.j skipped

E:\WINDOWS\DHP2.dll Infected: not-a-virus:AdWare.Win32.DealHelper.j skipped

E:\System Volume Information\_restore{CFAEEA35-3037-4890-A491-9055963513E2}\RP2\change.log Object is locked skipped

F:\System Volume Information\_restore{CFAEEA35-3037-4890-A491-9055963513E2}\RP2\change.log Object is locked skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\System Volume Information\_restore{CFAEEA35-3037-4890-A491-9055963513E2}\RP2\change.log Object is locked skipped

Scan process completed.


Deckard's System Scanner v20071014.68
Run by Eric Brown on 2008-04-06 12:51:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-04-06 17:51:42 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-04-06 00:25:50 UTC - RP2 - ComboFix created restore point
1: 2008-04-05 21:22:29 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 9.6 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-06 12:52:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Documents and Settings\Eric Brown\Desktop\dss.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095482943218
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ssqnkhf - C:\WINDOWS\system32\ssqnkhf.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


--
End of file - 9161 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 PCAlertDriver - c:\program files\msi\core center\ntglm7x.sys <Not Verified; Your Corporation; Your Product Name>
R3 Razerlow (Razerlow USB Filter Driver) - c:\windows\system32\drivers\razerlow.sys <Not Verified; Razer (Asia-Pacific) Pte Ltd; Diamondback USB Optical Mouse>
R3 RushTopDevice - c:\program files\msi\core center\rushtop.sys <Not Verified; Your Corporation; Your Product Name>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_00E4&SUBSYS_02501462&REV_A1\3&13C0B0C5&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_00E4&SUBSYS_02501462&REV_A1\3&13C0B0C5&0&09
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_00DF&SUBSYS_02501462&REV_A2\3&13C0B0C5&0&28
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_00DF&SUBSYS_02501462&REV_A2\3&13C0B0C5&0&28
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-04 10:58:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-01 01:00:00 334 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-03-15 01:30:02 274 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 10:07:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 10:07:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 10:07:57 0 d-------- C:\WINDOWS\LastGood
2008-04-06 00:35:04 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-05 19:25:19 68096 --a------ C:\WINDOWS\zip.exe
2008-04-05 19:25:19 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-05 19:25:19 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-05 19:25:19 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-05 19:25:19 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-05 19:25:19 98816 --a------ C:\WINDOWS\sed.exe
2008-04-05 19:25:19 80412 --a------ C:\WINDOWS\grep.exe
2008-04-05 19:25:19 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-02 18:59:21 0 d-------- C:\Program Files\MSBuild
2008-04-02 18:56:31 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-02 18:55:13 0 d-------- C:\Program Files\Reference Assemblies
2008-04-01 20:59:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-01 20:58:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-01 20:58:36 0 d-------- C:\Documents and Settings\Eric Brown\Application Data\SUPERAntiSpyware.com
2008-04-01 19:41:18 3150 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-01 19:40:44 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-01 19:40:44 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-01 19:40:44 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-01 19:40:44 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-01 19:40:44 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-01 19:40:44 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-24 20:37:55 0 d-------- C:\Program Files\DVD Decrypter <DVDDEC~1>
2008-03-24 20:07:47 0 d-------- C:\Documents and Settings\Eric Brown\Application Data\SuperEasy Software
2008-03-24 20:05:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SuperEasy Software
2008-03-24 18:35:10 0 d-------- C:\Program Files\Handbrake
2008-03-23 21:22:50 0 d-------- C:\VundoFix Backups
2008-03-23 20:19:33 0 d-------- C:\E-Zsoft
2008-03-23 20:17:29 0 d-------- C:\Program Files\E-Zsoft
2008-03-23 16:58:45 0 d-------- C:\Temp
2008-03-23 16:56:41 0 d-------- C:\Documents and Settings\Eric Brown\Application Data\dvdcss
2008-03-22 20:39:01 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-03-22 13:02:57 6278135 --a------ C:\Program Files\setup.exe
2008-03-22 12:58:18 0 d-------- C:\Program Files\Cellebrite Mobile Synchronization
2008-03-21 20:53:03 0 d-------- C:\Program Files\iPod
2008-03-21 20:52:57 0 d-------- C:\Program Files\iTunes
2008-03-21 20:52:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-03-21 20:52:01 0 d-------- C:\Program Files\Common Files\Apple


-- Find3M Report ---------------------------------------------------------------

2008-04-05 13:20:29 0 d-------- C:\Program Files\Zoom Player
2008-04-01 20:58:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-24 20:59:38 0 d-------- C:\Documents and Settings\Eric Brown\Application Data\uTorrent
2008-03-22 13:55:04 0 d-------- C:\Documents and Settings\Eric Brown\Application Data\U3
2008-03-21 22:09:45 0 d-------- C:\Documents and Settings\Eric Brown\Application Data\Apple Computer
2008-03-21 20:52:01 0 d-------- C:\Program Files\Common Files
2008-03-19 18:20:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-17 17:31:38 0 d-------- C:\Program Files\McAfee
2008-03-15 15:53:30 0 d-------- C:\Documents and Settings\Eric Brown\Application Data\Adobe
2008-03-14 09:53:14 0 d-------- C:\Program Files\Java
2008-02-28 21:28:08 0 d-------- C:\Documents and Settings\Eric Brown\Application Data\FileZilla
2008-02-28 18:03:39 0 d-------- C:\Program Files\FileZilla FTP Client
2008-02-16 14:42:28 0 d-------- C:\Documents and Settings\Eric Brown\Application Data\My Games
2008-02-16 14:22:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-16 14:22:19 0 d-------- C:\Program Files\Firaxis Games
2008-02-10 18:36:58 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/09/2006 03:29 PM]
"nwiz"="nwiz.exe" [03/09/2006 03:29 PM C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SoundMan"="SOUNDMAN.EXE" [06/18/2004 03:31 AM C:\WINDOWS\SOUNDMAN.EXE]
"razer"="C:\Program Files\Razer\razerhid.exe" [05/17/2005 06:21 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/09/2006 03:29 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/12/2006 04:21 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/11/2007 8:35:16 PM]
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe [6/25/2005 6:50:38 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnkhf]
ssqnkhf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eric Brown^Start Menu^Programs^Startup^Morpheus Ultra.lnk]
path=C:\Documents and Settings\Eric Brown\Start Menu\Programs\Startup\Morpheus Ultra.lnk
backup=C:\WINDOWS\pss\Morpheus Ultra.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87e3e92-0aa0-11d9-8d56-806d6172696f}]
AutoRun\command- D:\S3QOTA\Autorun.exe

*Newly Created Service* - IDSVC



-- End of Deckard's System Scanner: finished at 2008-04-06 12:54:33 ------------

BC AdBot (Login to Remove)

 


m

#2 Great Asp

Great Asp
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 07 April 2008 - 06:17 PM

Anyone get a chance to look at this?

Any help would BE a help.

E

#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:11:59 PM

Posted 18 April 2008 - 07:28 AM

Hello Great Asp

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. Sometimes with the amount of people posting a log or two may fall through the cracks as yours may have done, plus by replying to your own post you removed yourself from the Zero replies category that our helpers look for to work logs. if you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:11:59 PM

Posted 14 May 2008 - 01:02 PM

Topic being closed due to lack of response

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users