Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans Out The Wazoo!


  • Please log in to reply
13 replies to this topic

#1 AMPayne

AMPayne

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 19 June 2007 - 05:14 PM

I have tried everything I know to do and am now officially at a loss! I read some other logs on here that helped with some of my problems but I am still constantly being warned by my anti-virus software of Trojans and ad-ware. Most of my problem consists of Rootkits and Trojan-Downloaders, although I have seen clickers too and a ton of ad-ware. I recently installed hijack this and am going to try my luck and see if one of you can possibly help me!

Note: I did have WebBuy but removed it and followed some other instructions posted on another blog here. It was a help but didn't get rid of the whole deal. Also, when I shut my computer down an "end program" box always shows up for something called "hiddenshellicon" or something?????????? What the heck? Lastly, all of my desktop icons stay highlighted since these problems started last week.


PLEASE HELP!!!!!!!

Thanks in advance- April

Here is my Log.......


Logfile of HijackThis v1.99.1
Scan saved at 4:56:33 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bpsnetworks.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BPS Networks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {28F172C9-1982-4A8E-8966-06FE7964B601} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {426C66C5-1EB1-45A6-92BF-14BF001FE8C7} - C:\Program Files\ComPlus Applications\hoqezim58441.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\bjqltmve.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\mljiged.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [{ZN}] C:\DOCUME~1\April\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [kvyjrfxA] C:\WINDOWS\kvyjrfxA.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photozig Albums Media Detector] C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\TheShieldDeluxe\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1987B17-4F04-43AB-8EDC-9F017461ADB9}: NameServer = 69.150.8.2,69.150.9.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: mljiged - mljiged.dll (file missing)
O20 - Winlogon Notify: vtsqo - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: The Shield Deluxe 2007 (AVP) - Unknown owner - C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 20 June 2007 - 11:05 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum AMPayne :thumbsup:

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\kvyjrfxA.exe
C:\WINDOWS\system32\bjqltmve.dll
C:\DOCUME~1\April\LOCALS~1\Temp\thinksnet.exe

Folders to delete:
C:\Program Files\ComPlus Applications

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

*****************************

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {28F172C9-1982-4A8E-8966-06FE7964B601} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {426C66C5-1EB1-45A6-92BF-14BF001FE8C7} - C:\Program Files\ComPlus Applications\hoqezim58441.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\bjqltmve.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\mljiged.dll (file missing)
O4 - HKLM\..\Run: [{ZN}] C:\DOCUME~1\April\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [kvyjrfxA] C:\WINDOWS\kvyjrfxA.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O20 - Winlogon Notify: mljiged - mljiged.dll (file missing)
O20 - Winlogon Notify: vtsqo - C:\WINDOWS\

Exit Hijackthis.

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 AMPayne

AMPayne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 20 June 2007 - 02:08 PM

RichieUK,

Thanks so much for your quick response. I did everything you told me to and now have a few new logs for you to review at your convenience. The only thing I have noticed is still happening is all of my desktop icons are still highlighted but, at this point, if thats the extent of my worries I will be happy. Also, I wanted to correct something from my last post, the end program window that was popping up upon shutdown is actually "shellhiddenwindow", whatever that is, but hopefully that too was corrected.

Here are the logs and thanks again.

AMPayne


Avenger


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kqmditnu

********************
Script file located at: \??\C:\WINDOWS\uhjujbwv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\cfg32.exe deleted successfully.
File C:\WINDOWS\cfg32a.exe deleted successfully.
File C:\WINDOWS\kvyjrfxA.exe deleted successfully.
File C:\WINDOWS\system32\bjqltmve.dll deleted successfully.


File C:\DOCUME~1\April\LOCALS~1\Temp\thinksnet.exe not found!
Deletion of file C:\DOCUME~1\April\LOCALS~1\Temp\thinksnet.exe failed!

Could not process line:
C:\DOCUME~1\April\LOCALS~1\Temp\thinksnet.exe
Status: 0xc0000034

Folder C:\Program Files\ComPlus Applications deleted successfully.

Completed script processing.

Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 1:55:46 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bpsnetworks.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BPS Networks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photozig Albums Media Detector] C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\TheShieldDeluxe\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1987B17-4F04-43AB-8EDC-9F017461ADB9}: NameServer = 69.150.8.2,69.150.9.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: The Shield Deluxe 2007 (AVP) - Unknown owner - C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

DrWeb

bjqltmve.dll;C:\Avenger;Trojan.Virtumod;Deleted.;
cfg32.exe\data001;C:\Avenger\cfg32.exe;Adware.BookedSpace;;
cfg32.exe\data002;C:\Avenger\cfg32.exe;Adware.BookedSpace;;
data003\data001;C:\Avenger\cfg32.exe\data003;Adware.BookedSpace;;
data003\data002;C:\Avenger\cfg32.exe\data003;Adware.BookedSpace;;
data003\data001;C:\Avenger\cfg32.exe\data003\data003;Adware.BookedSpace;;
data003\data002;C:\Avenger\cfg32.exe\data003\data003;Adware.BookedSpace;;
data003\data003;C:\Avenger\cfg32.exe\data003\data003;Adware.BookedSpace;;
data003;C:\Avenger\cfg32.exe\data003;Archive contains infected objects;;
data003\data004;C:\Avenger\cfg32.exe\data003;Adware.BookedSpace;;
data003;C:\Avenger\cfg32.exe;Archive contains infected objects;;
cfg32.exe\data004;C:\Avenger\cfg32.exe;Adware.BookedSpace;;
cfg32.exe;C:\Avenger;Archive contains infected objects;Moved.;
cfg32a.exe\data001;C:\Avenger\cfg32a.exe;Adware.BookedSpace;;
cfg32a.exe\data002;C:\Avenger\cfg32a.exe;Adware.BookedSpace;;
data003\data001;C:\Avenger\cfg32a.exe\data003;Adware.BookedSpace;;
data003\data002;C:\Avenger\cfg32a.exe\data003;Adware.BookedSpace;;
data003\data003;C:\Avenger\cfg32a.exe\data003;Adware.BookedSpace;;
data003;C:\Avenger\cfg32a.exe;Archive contains infected objects;;
cfg32a.exe\data004;C:\Avenger\cfg32a.exe;Adware.BookedSpace;;
cfg32a.exe;C:\Avenger;Archive contains infected objects;Moved.;
kvyjrfxA.exe;C:\Avenger;Trojan.Click.1928;Deleted.;
NetZero - First Month Free!.exe;C:\Documents and Settings\April\Desktop\Unused Desktop Shortcuts;Trojan.Click.1487;Deleted.;
GTDownDE_87.ocx;C:\i386;Adware.Gdown;Incurable.Moved.;
A0037996.ocx;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP378;Adware.Gdown;Incurable.Moved.;
A0043936.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP448;Trojan.Rond;Deleted.;
A0045471.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457;Trojan.Virtumod;Deleted.;
A0045472.exe\data001;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe;Adware.BookedSpace;;
A0045472.exe\data002;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe;Adware.BookedSpace;;
data003\data001;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe\data003;Adware.BookedSpace;;
data003\data002;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe\data003;Adware.BookedSpace;;
data003\data001;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe\data003\data003;Adware.BookedSpace;;
data003\data002;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe\data003\data003;Adware.BookedSpace;;
data003\data003;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe\data003\data003;Adware.BookedSpace;;
data003;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe\data003;Archive contains infected objects;;
data003\data004;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe\data003;Adware.BookedSpace;;
data003;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe;Archive contains infected objects;;
A0045472.exe\data004;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045472.exe;Adware.BookedSpace;;
A0045472.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457;Archive contains infected objects;Moved.;
A0045473.exe\data001;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045473.exe;Adware.BookedSpace;;
A0045473.exe\data002;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045473.exe;Adware.BookedSpace;;
data003\data001;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045473.exe\data003;Adware.BookedSpace;;
data003\data002;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045473.exe\data003;Adware.BookedSpace;;
data003\data003;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045473.exe\data003;Adware.BookedSpace;;
data003;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045473.exe;Archive contains infected objects;;
A0045473.exe\data004;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457\A0045473.exe;Adware.BookedSpace;;
A0045473.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457;Archive contains infected objects;Moved.;
A0045474.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457;Trojan.Click.1928;Deleted.;
A0045475.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP457;Trojan.Click.1487;Deleted.;

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 20 June 2007 - 02:48 PM

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

-------------------------------------

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Let me know how your pc is running now.
Posted Image
Posted Image

#5 AMPayne

AMPayne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 20 June 2007 - 05:31 PM

RichieUK,


Thanks again for all your help. My PC is faster now with A LOT less pop-ups! I also am not being screamed at constantly by my antivirus software over Trojans.

The only thing I really notice anymore is the dang highlighted icons on my desktop and that "ShellHiddenWindow" end program now box that still pops up when I shut down or reboot. O'well....can't win 'em all, huh?

All this started when my visiting nephew got on my PC to play games. After he went to a couple gaming websites I've had hell with this thing! I won't let him on anymore so maybe this will be the last you hear from me!

Here is the log you requested.

ComboFix 07-06-20 - C:\Documents and Settings\April\Desktop\ComboFix.exe
"April" - 2007-06-20 17:09:04 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\inetget2
C:\Program Files\Windows Media Player\prolyhduhdog.html
C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\Temp\iee
C:\Temp\iee\tmpZTF.log
C:\Temp\tn3
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\hosts
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core


((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))


2007-06-20 17:07 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-20 12:50 <DIR> d-------- C:\DOCUME~1\April\DoctorWeb
2007-06-19 16:54 30,396 --a------ C:\WINDOWS\acdt-pid67N.exe
2007-06-19 15:55 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-19 15:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-06-19 15:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2007-06-19 15:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative
2007-06-15 18:41 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-06-15 18:41 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-06-15 18:40 <DIR> d-------- C:\Program Files\PCSecurityShield
2007-06-15 18:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PCSecurityShield
2007-06-15 18:39 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-15 18:39 2,188,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-15 17:09 1,850,830 --ahs---- C:\WINDOWS\system32\oqstv.bak2
2007-06-14 23:31 1,846,246 ---hs---- C:\WINDOWS\system32\oqstv.ini2
2007-06-14 16:31 1,836,111 --ahs---- C:\WINDOWS\system32\oqstv.bak1
2007-06-14 16:22 <DIR> d-------- C:\WINDOWS\system32\win
2007-06-14 16:22 <DIR> d-------- C:\WINDOWS\system32\S9
2007-06-14 16:22 <DIR> d-------- C:\WINDOWS\system32\S7
2007-06-14 16:22 <DIR> d-------- C:\WINDOWS\system32\S6
2007-06-14 16:22 <DIR> d-------- C:\WINDOWS\system32\S2
2007-06-14 16:22 <DIR> d-------- C:\WINDOWS\system32\S1
2007-06-14 16:21 <DIR> d-------- C:\WINDOWS\system32\o02PrEz


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-20 18:54:38 17,074 ----a-w C:\DOCUME~1\April\APPLIC~1\wklnhst.dat
2007-06-18 03:01:14 -------- d-----w C:\Program Files\Dl_cats
2007-06-15 18:04:35 -------- d-----w C:\Program Files\Windows NT
2007-06-15 18:03:32 -------- d-----w C:\Program Files\Online Services
2007-06-13 08:08:02 -------- d-----w C:\Program Files\MSN Messenger
2007-05-22 21:49:12 -------- d-----w C:\Program Files\Realtime Landscaping Pro DEMO
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-03 22:27:38 204,864 ----a-w C:\WINDOWS\system32\klogon.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 11:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 01:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"P17Helper"="P17.dll" [2004-06-10 16:51 C:\WINDOWS\system32\P17.dll]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-12 07:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-14 17:57]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-19 19:14]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-03-12 07:25]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 14:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Photozig Albums Media Detector"="C:\Program Files\Photozig Albums\pzAlbumsDetect.exe" [2006-09-30 20:54]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Media Player\prolyhduhdog.html
FriendlyName=


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 17:15:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-20 17:19:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-20 17:19

--- E O F ---

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 20 June 2007 - 06:37 PM

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\oqstv.bak1

Folders to delete:
C:\WINDOWS\system32\win
C:\WINDOWS\system32\S9
C:\WINDOWS\system32\S7
C:\WINDOWS\system32\S6
C:\WINDOWS\system32\S2
C:\WINDOWS\system32\S1
C:\WINDOWS\system32\o02PrEz

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

*****************************

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop and agree to merge it into the registry,then reboot.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MimBoot"=-

*****************************

The only thing I have noticed is still happening is all of my desktop icons are still highlighted.
Try this:

Right click on a blank area of your desktop,select 'Properties'.
Select the 'Desktop' tab,then 'Customize Desktop'.
Click on the 'Web' tab.
If there's anything present inside the 'Web pages:' window,uncheck its box.
Make sure the box 'Lock desktop items' is also unchecked.
Press Ok/Apply/Ok.

Click on Start>Control Panel>System>'Advanced' tab>Performance 'Settings' button>'Visual Effects' tab.
Place a check in the box:
'Use drop shadows for icon labels on the desktop'.
Press Apply/Ok.

Restart your pc.

Post a new Hijackthis log please.
Let me know how your pc is running now.

Posted Image
Posted Image

#7 AMPayne

AMPayne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 20 June 2007 - 08:21 PM

Ok, I have made a mistake somewhere.

Apparently I didn't extract the Avenger.zip to my desktop. I tried to open it by the link you posted earlier and it says cannot find file now. I also tried opening it from my download manager and it says file has been deleted since it was used. I have no idea how that happened but it did. Can you please send me another link to Avenger?

PS. I did what you said with the icons and that problem is fixed! Thanks!

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 21 June 2007 - 03:42 AM

Can you please send me another link to Avenger?

Avenger.zip is attached to the bottom of this post :thumbsup:
Posted Image
Posted Image

#9 AMPayne

AMPayne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 21 June 2007 - 09:27 AM

RickieUK,


Ok I haven't seen the hidden window thing since doing what you last told me to do. You're awesome! I will warn you tho, I suspected something this morning so I checked my history and seen that my nephew had gotten on when I was sleeping last night. He didn't go to any of the gaming websites that caused all this in the first place but he was on some cheat code sites. If you see anything new I am soooooo sorry!!!! I've already gotten after him and added a password to my PC so it won't happen again.


Here are the new logs. Thanks a ton!







Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qafgqbxp

*******************

Script file located at: \??\C:\wlhbfjxb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\oqstv.bak2 deleted successfully.
File C:\WINDOWS\system32\oqstv.ini2 deleted successfully.
File C:\WINDOWS\system32\oqstv.bak1 deleted successfully.
Folder C:\WINDOWS\system32\win deleted successfully.
Folder C:\WINDOWS\system32\S9 deleted successfully.
Folder C:\WINDOWS\system32\S7 deleted successfully.
Folder C:\WINDOWS\system32\S6 deleted successfully.
Folder C:\WINDOWS\system32\S2 deleted successfully.
Folder C:\WINDOWS\system32\S1 deleted successfully.
Folder C:\WINDOWS\system32\o02PrEz deleted successfully.

Completed script processing.

*******************

Finished! Terminate.




Logfile of HijackThis v1.99.1
Scan saved at 9:22:42 AM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photozig Albums Media Detector] C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\TheShieldDeluxe\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1987B17-4F04-43AB-8EDC-9F017461ADB9}: NameServer = 69.150.8.2,69.150.9.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: The Shield Deluxe 2007 (AVP) - Unknown owner - C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 21 June 2007 - 10:27 AM

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.

*******************

Download and scan with the free 15 day trial of Counterspy V2
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into your next reply.

Also post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#11 AMPayne

AMPayne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 21 June 2007 - 05:08 PM

RickieUK,

The new logs.......boy that one is long.....

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Dell Photo AIO Printer 922"="\"C:\\Program Files\\Dell Photo AIO Printer 922\\dlbtbmgr.exe\""
"AVP"="\"C:\\Program Files\\PCSecurityShield\\TheShieldDeluxe\\avp.exe\""
@=""
"SBCSTray"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Photozig Albums Media Detector"="C:\\Program Files\\Photozig Albums\\pzAlbumsDetect.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


Scan History Details
Start Date: 6/21/2007 1:19:20 PM
End Date: 6/21/2007 1:48:21 PM
Total Time: 29 Min 1 Sec
Detected security risks

Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\april\cookies\april@atdmt[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\april\cookies\april@doubleclick[1].txt


iMesh P2P Program more information...
Details: iMesh is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Quarantined

Files detected
C:\PROGRAM FILES\iMeshBar\bar\History\search
C:\WINDOWS\system32\HSeNJ.ocx
C:\WINDOWS\system32\IMESH_CACHE\B_338_0_0_108200.htm
C:\WINDOWS\system32\IMESH_CACHE\B_338_0_0_108300.htm
C:\WINDOWS\system32\IMESH_CACHE\B_338_0_0_111200.htm
C:\WINDOWS\system32\IMESH_CACHE\B_338_1_0_449400.htm
C:\WINDOWS\system32\IMESH_CACHE\B_338_1_0_449500.htm
C:\PROGRAM FILES\IMESH
C:\PROGRAM FILES\IMESH\IMESH5
C:\PROGRAM FILES\IMESHBAR
C:\PROGRAM FILES\IMESHBAR\BAR
C:\PROGRAM FILES\IMESHBAR\BAR\HISTORY
C:\PROGRAM FILES\IMESHBAR\BAR\SETTINGS
C:\WINDOWS\SYSTEM32\IMESH_CACHE

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\IMESH
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_LOCAL_MACHINE\SOFTWARE\IMESHBAR\bar
HKEY_USERS\S-1-5-21-2709374538-736586104-3634626784-1006\SOFTWARE\IMESH


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Quarantined

Registry entries detected
HKEY_USERS\S-1-5-21-2709374538-736586104-3634626784-1006\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-2709374538-736586104-3634626784-1006\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-2709374538-736586104-3634626784-1006\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-2709374538-736586104-3634626784-1006\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-2709374538-736586104-3634626784-1006\SOFTWARE\KAZAA\Transfer


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID


Morpheus P2P Program more information...
Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing.
Status: Quarantined

Files detected
C:\DOCUMENTS AND SETTINGS\April\APPLICATION DATA\Morpheus\AudioRecent.m3u
C:\DOCUMENTS AND SETTINGS\April\APPLICATION DATA\Morpheus\MorphBlocked.net
C:\DOCUMENTS AND SETTINGS\April\APPLICATION DATA\Morpheus\MorphCache.net
C:\DOCUMENTS AND SETTINGS\April\APPLICATION DATA\Morpheus\MorphProxy.net
C:\DOCUMENTS AND SETTINGS\April\APPLICATION DATA\Morpheus\SharedFiles.dat
C:\DOCUMENTS AND SETTINGS\April\APPLICATION DATA\Morpheus\VideoRecent.m3u
C:\DOCUMENTS AND SETTINGS\April\APPLICATION DATA\Morpheus\WebCache.net
C:\DOCUMENTS AND SETTINGS\April\MY DOCUMENTS\MORPHEUS SHARED\Downloads\Partials\Porn Adult Movies - Horse really bleeps Girl several times - Animal Sex-xxx-Porno- d(-_-)b .mpg.info
C:\PROGRAM FILES\Morpheus\_socket.pyd
C:\PROGRAM FILES\Morpheus\_sre.pyd
C:\PROGRAM FILES\Morpheus\bitTorrent_LICENSE.txt
C:\PROGRAM FILES\Morpheus\MorphCache.net
C:\PROGRAM FILES\Morpheus\MorphUltraCache.net
C:\PROGRAM FILES\Morpheus\NeoWebCache.net
C:\PROGRAM FILES\Morpheus\python23.zip
C:\PROGRAM FILES\Morpheus\python_LICENSE.txt
C:\PROGRAM FILES\Morpheus\Schemas\application.xml
C:\PROGRAM FILES\Morpheus\Schemas\application.xsd
C:\PROGRAM FILES\Morpheus\Schemas\audio.xml
C:\PROGRAM FILES\Morpheus\Schemas\audio.xsd
C:\PROGRAM FILES\Morpheus\Schemas\document.xml
C:\PROGRAM FILES\Morpheus\Schemas\document.xsd
C:\PROGRAM FILES\Morpheus\Schemas\image.xml
C:\PROGRAM FILES\Morpheus\Schemas\image.xsd
C:\PROGRAM FILES\Morpheus\Schemas\morph.xml
C:\PROGRAM FILES\Morpheus\Schemas\morph.xsd
C:\PROGRAM FILES\Morpheus\Schemas\rom.xml
C:\PROGRAM FILES\Morpheus\Schemas\rom.xsd
C:\PROGRAM FILES\Morpheus\Schemas\video.xml
C:\PROGRAM FILES\Morpheus\Schemas\video.xsd
C:\PROGRAM FILES\Morpheus\select.pyd
C:\PROGRAM FILES\Morpheus\SkinData\default\About.htm
C:\PROGRAM FILES\Morpheus\SkinData\default\adnull.html
C:\PROGRAM FILES\Morpheus\SkinData\default\Background.BMP
C:\PROGRAM FILES\Morpheus\SkinData\default\bitzi-pattern.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\bitzi-tear.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\bitzi_perforation.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\bluebar.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-divider.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-dpr-back.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-dpr-blank-32x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-dpr-blank-33x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-dpr-forward.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-dpr-home.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-dpr-refresh.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-dpr-stop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-na-back.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-na-blank-32x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-na-blank-33x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-na-forward.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-na-home.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-na-refresh.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-na-stop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-normal-back.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-normal-blank-32x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-normal-blank-33x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-normal-forward.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-normal-home.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-normal-refresh.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-normal-stop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-over-back.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-over-forward.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-over-home.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-over-refresh.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\browser-over-stop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\Button-Dark.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\Button.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\ButtonDown-dark.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\ButtonDown.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\ButtonDownMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\ButtonMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\chat.css
C:\PROGRAM FILES\Morpheus\SkinData\default\chatcombo.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\chatcombomask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\ChatHeader.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\ChatSplitter.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\checkbox_blank.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\checkbox_blank_disabled.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\checkbox_checked.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\checkbox_checked_disabled.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\Connecting.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\Connecting_selected.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\CurrentMediaStatic.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\Downloads.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\DownloadsPressed.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\DragDropFiles.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\eBay.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\file.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\file_info_bg.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\fileavailability.html
C:\PROGRAM FILES\Morpheus\SkinData\default\fileavailabilitytorrent.html
C:\PROGRAM FILES\Morpheus\SkinData\default\filebitzi.html
C:\PROGRAM FILES\Morpheus\SkinData\default\FileBitziWaiting.html
C:\PROGRAM FILES\Morpheus\SkinData\default\filedetails.html
C:\PROGRAM FILES\Morpheus\SkinData\default\filedetails.jpg
C:\PROGRAM FILES\Morpheus\SkinData\default\filetipdetail.html
C:\PROGRAM FILES\Morpheus\SkinData\default\flyoutnull.html
C:\PROGRAM FILES\Morpheus\SkinData\default\Header.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_chat.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_chat_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_close.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_close_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_help.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_help_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_maximize.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_maximize_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_minimize.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_minimize_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_morpheusultra.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_morpheusultra_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_preferences.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_preferences_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_restore.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\header_restore_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\HeaderBlock.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\HeaderBlock.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\HeaderDowned.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\HScrollBar.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\HThumb.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\images\arrow.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\images\getmorpheusultra.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\images\monochrome_morpheus.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\images\monochrome_morpheus.jpg
C:\PROGRAM FILES\Morpheus\SkinData\default\images\monochrome_morpheus_ultra.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\images\monochrome_morpheus_ultra.jpg
C:\PROGRAM FILES\Morpheus\SkinData\default\images\welcome.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\Left.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\LeftDown.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\lightblue.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\ListSel.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\logo.html
C:\PROGRAM FILES\Morpheus\SkinData\default\logoUltra.html
C:\PROGRAM FILES\Morpheus\SkinData\default\MainFrame.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\MainFrameMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\MenuHighlight.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\MenuNormal.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\Mini.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\MiniDown.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\MorphDlg.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\MorphDlgMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_mute.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_mute_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_next.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_next_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_next_mask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_pause.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_pause_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_play.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_play_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_prev.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_prev_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_prev_mask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_sound.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_sound_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_stop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\player_stop_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\PlayerDisplay.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\playlist_add.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\playlist_add_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\playlist_repeat.BMP
C:\PROGRAM FILES\Morpheus\SkinData\default\playlist_repeat_dp.BMP
C:\PROGRAM FILES\Morpheus\SkinData\default\playlist_shuffle.BMP
C:\PROGRAM FILES\Morpheus\SkinData\default\playlist_shuffle_dp.BMP
C:\PROGRAM FILES\Morpheus\SkinData\default\playlist_subtract.BMP
C:\PROGRAM FILES\Morpheus\SkinData\default\playlist_subtract_dp.BMP
C:\PROGRAM FILES\Morpheus\SkinData\default\PlayListComboBox.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\PlayListItem.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\PlayListSelectedItem.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\PlayListTop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\PlayListViewBk.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\PriceDownArrow.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\PriceMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\PriceRightArrow.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\ProgressBackground.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\ProgressComplete.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\ProgressScale.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\radio_blank.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\radio_blank_disabled.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\radio_checked.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\radio_checked_disabled.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\RectangleButton.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\Research.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\retry.html
C:\PROGRAM FILES\Morpheus\SkinData\default\SchemeMenu.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SchemeMenuHL.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\search2start.html
C:\PROGRAM FILES\Morpheus\SkinData\default\search_extendsearch.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\search_extendsearch_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\search_filetype.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\search_filetype_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\search_searchbutton.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\search_searchbutton_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SearchClose.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SearchClosePressed.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SearchConnecting.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SearchDetailToolTip.html
C:\PROGRAM FILES\Morpheus\SkinData\default\SearchesListBottom.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SearchesListMiddle.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SearchesListSelected.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SearchesListSingle.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SearchesListTop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SearchesSplitter.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\Skin.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\skincombo.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\skincombomask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\Slider.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SmallClose.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SmallClosePressed.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\spacer.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\SplitterButtonDown.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SplitterButtonDownPressed.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SplitterButtonUp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\SplitterButtonUpPressed.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\standard.css
C:\PROGRAM FILES\Morpheus\SkinData\default\StatusBar.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\stopwatch.gif
C:\PROGRAM FILES\Morpheus\SkinData\default\TabActive.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\TabActiveMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\TabInactive.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\TabInactiveMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\TabLedge.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\TabLedgeInactive.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\TabLedgeMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\Tile.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\tooltip.css
C:\PROGRAM FILES\Morpheus\SkinData\default\tooltip.jpg
C:\PROGRAM FILES\Morpheus\SkinData\default\tooltipApp.jpg
C:\PROGRAM FILES\Morpheus\SkinData\default\tooltipAud.jpg
C:\PROGRAM FILES\Morpheus\SkinData\default\tooltipDoc.jpg
C:\PROGRAM FILES\Morpheus\SkinData\default\tooltipImg.jpg
C:\PROGRAM FILES\Morpheus\SkinData\default\tooltipRom.jpg
C:\PROGRAM FILES\Morpheus\SkinData\default\tooltipVid.jpg
C:\PROGRAM FILES\Morpheus\SkinData\default\Tray.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\TrayBottomPanel.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\ui.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\video_fullscreen.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\video_fullscreen_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\video_undock_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\VideoDisplayButtonsArea.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\VScrollBar.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\VSplitter.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\VTabActive.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\VTabInactive.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\VTabMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\VThumb.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\welcome.html
C:\PROGRAM FILES\Morpheus\SkinData\default\welcomenull.html
C:\PROGRAM FILES\Morpheus\SkinData\default\WideStatic.bmp
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\canvas_configlistbottomitem.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\canvas_configlistmiddleitem.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\canvas_configlistselecteditem.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\canvas_configlisttopitem.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_aboutdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_askdlg_onsearchresultdelete.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_askdlg_saveplaylists.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_askonexitdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_chat.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_childdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_configdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_connectingsearchdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_custombrowser.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_fileavailability.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_fileinformation.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_filterempty.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_getpasswddlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_install_sharedfolder.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_magnetcheckdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_magnethandledlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_mainframe.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_mainframebackground.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_morphdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_myfilespane.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_notconnectedsearchdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_playlistpane.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_prefantivirus.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_prefblock.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_prefchat.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_preffiletransfer.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_preffolders.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_prefgeneral.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_prefinternetconnection.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_prefmediaweb.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_prefp2pnetwork.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_prefparentalcontrol.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_prefproxy.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_prefskinsetup.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_refreshsharelistdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_searchespane.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_searchresultpane.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_setdefaultfilter.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_setpasswddlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_skinchange.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_skinmessagebox.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_torrentcheckdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_transferspane.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_traybottompanel.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_traywindow.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_videopane.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\screen_xpfirewallcheckdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\Skin.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_background.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_chatheader.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_configlistview.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_currentmediastatic.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_downloadsbutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_header.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_hscrollbar.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_hthumb.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_mainframe.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_menu.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_morphdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_morpheusstdbutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_morpheusstdbuttondown.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_playerdisplay.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_playlistcombobox.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_playlisttop.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_playlistviewbackground.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_playlistviewitem.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_price.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_progressbarbackground.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_progressbarscale.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_rectanglebutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_searcheslistschema.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_searchessplitter.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_slider.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_statusbar.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_stretch.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_tabactive.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_tabinactive.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_tabledge.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_tile.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_tray.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_traybottompanel.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_vscrollbar.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_vsplitter.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_vtab.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\skinlayout_vthumb.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_button_checkbox.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_button_darkbutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_button_radiobutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_button_rectanglebutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_button_usualbutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_checkbox_checkbox.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_checkbox_radiobutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_editcontrol_editbox.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_editcontrol_multilineeditbox.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_groupbox_roundrect.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_header_defaultheader.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_menu_chatmenu.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_menu_chatprefmenu.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_menu_headermenu.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_menu_helpmenu.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_menu_playlistmenu.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_menu_popupmenu.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_menu_schememenu.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_menu_searchescontextmenu.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_menu_tray.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_overlappedwindow_childdialog.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_overlappedwindow_morphdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_playlistview_default.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_progressbar_default.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_screen_morphdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_scrollbar_defaultscrollbar.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_slider_default.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_splitter_horzsplitter4myfilespane.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_splitter_horzsplitter4searchresultpane.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_splitter_horzsplitter4transferspane.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_tabs_default.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_tabs_fileinformation.xml
C:\PROGRAM FILES\Morpheus\SkinData\default\xml\style_vtabs_default.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\About.htm
C:\PROGRAM FILES\Morpheus\SkinData\happy\Background.BMP
C:\PROGRAM FILES\Morpheus\SkinData\happy\bitzi-pattern.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\bitzi-tear.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\bitzi_perforation.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\bluebar.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-divider.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-dpr-back.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-dpr-blank-32x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-dpr-blank-33x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-dpr-forward.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-dpr-home.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-dpr-refresh.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-dpr-stop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-na-back.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-na-blank-32x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-na-blank-33x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-na-forward.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-na-home.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-na-refresh.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-na-stop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-normal-back.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-normal-blank-32x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-normal-blank-33x17.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-normal-forward.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-normal-home.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-normal-refresh.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-normal-stop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-over-back.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-over-forward.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-over-home.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-over-refresh.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\browser-over-stop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Button-Dark.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Button.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\ButtonDown-dark.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\ButtonDown.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\ButtonDownMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\ButtonMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\chat.css
C:\PROGRAM FILES\Morpheus\SkinData\happy\chatcombo.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\chatcombomask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\ChatHeader.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\ChatSplitter.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\checkbox_blank.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\checkbox_blank_disabled.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\checkbox_checked.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\checkbox_checked_disabled.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\clock.swf
C:\PROGRAM FILES\Morpheus\SkinData\happy\Connecting.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Connecting_selected.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\CurrentMediaStatic.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Downloads.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\DownloadsPressed.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\eBay.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\file.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\file_info_bg.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\fileavailability.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\fileavailabilitytorrent.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\filebitzi.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\FileBitziWaiting.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\filedetails.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\filedetails.jpg
C:\PROGRAM FILES\Morpheus\SkinData\happy\filetipdetail.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\Header.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_chat.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_chat_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_close.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_close_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_help.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_help_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_maximize.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_maximize_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_minimize.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_minimize_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_morpheusultra.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_morpheusultra_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_preferences.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_preferences_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_restore.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\header_restore_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\HeaderBlock.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\HeaderBlock.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\HeaderDowned.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\HScrollBar.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\HThumb.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\images\getmorpheusultra.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\images\monochrome_morpheus.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\images\monochrome_morpheus_ultra.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\Left.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\LeftDown.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\lightblue.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\ListSel.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\logo.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\logoUltra.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\MainFrame.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\MainFrameMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\MenuHighlight.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\MenuNormal.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Mini.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\MiniDown.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\MorphDlg.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\MorphDlgMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_mute.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_mute_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_next.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_next_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_next_mask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_pause.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_pause_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_play.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_play_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_play_mask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_prev.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_prev_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_prev_mask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_sound.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_sound_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_sound_mask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_stop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_stop_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\player_stop_mask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\PlayerDisplay.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\playlist_add.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\playlist_add_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\playlist_repeat.BMP
C:\PROGRAM FILES\Morpheus\SkinData\happy\playlist_repeat_dp.BMP
C:\PROGRAM FILES\Morpheus\SkinData\happy\playlist_shuffle.BMP
C:\PROGRAM FILES\Morpheus\SkinData\happy\playlist_shuffle_dp.BMP
C:\PROGRAM FILES\Morpheus\SkinData\happy\playlist_subtract.BMP
C:\PROGRAM FILES\Morpheus\SkinData\happy\playlist_subtract_dp.BMP
C:\PROGRAM FILES\Morpheus\SkinData\happy\PlayListComboBox.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\PlayListItem.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\PlayListSelectedItem.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\PlayListTop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\PlayListViewBk.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\PriceDownArrow.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\PriceMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\PriceRightArrow.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\ProgressBackground.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\ProgressComplete.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\ProgressScale.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\radio_blank.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\radio_blank_disabled.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\radio_checked.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\radio_checked_disabled.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\RectangleButton.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Research.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\retry.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\SchemeMenu.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SchemeMenuHL.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\search2start.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\search_extendsearch.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\search_extendsearch_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\search_filetype.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\search_filetype_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\search_searchbutton.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\search_searchbutton_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SearchClose.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SearchClosePressed.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SearchConnecting.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SearchDetailToolTip.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\SearchesListBottom.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SearchesListMiddle.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SearchesListSelected.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SearchesListSingle.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SearchesListTop.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SearchesSplitter.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Skin.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\skincombo.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\skincombomask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Slider.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Slider_02.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Slider_02_mask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Slider_mask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SmallClose.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SmallClosePressed.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\spacer.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\SplitterButtonDown.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SplitterButtonDownPressed.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SplitterButtonUp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\SplitterButtonUpPressed.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\standard.css
C:\PROGRAM FILES\Morpheus\SkinData\happy\StatusBar.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\stopwatch.gif
C:\PROGRAM FILES\Morpheus\SkinData\happy\TabActive.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\TabActiveMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\TabInactive.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\TabInactiveMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\TabLedge.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\TabLedgeInactive.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\TabLedgeMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\Tile.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\tooltip.css
C:\PROGRAM FILES\Morpheus\SkinData\happy\tooltip.jpg
C:\PROGRAM FILES\Morpheus\SkinData\happy\tooltipApp.jpg
C:\PROGRAM FILES\Morpheus\SkinData\happy\tooltipAud.jpg
C:\PROGRAM FILES\Morpheus\SkinData\happy\tooltipDoc.jpg
C:\PROGRAM FILES\Morpheus\SkinData\happy\tooltipImg.jpg
C:\PROGRAM FILES\Morpheus\SkinData\happy\tooltipRom.jpg
C:\PROGRAM FILES\Morpheus\SkinData\happy\tooltipVid.jpg
C:\PROGRAM FILES\Morpheus\SkinData\happy\Tray.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\TrayBottomPanel.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\ui.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\video_fullscreen.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\video_fullscreen_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\video_undock_dp.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\VideoDisplayButtonsArea.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\VScrollBar.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\VSplitter.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\VTabActive.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\VTabInactive.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\VTabMask.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\VThumb.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\welcome.html
C:\PROGRAM FILES\Morpheus\SkinData\happy\WideStatic.bmp
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\canvas_configlistbottomitem.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\canvas_configlistmiddleitem.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\canvas_configlistselecteditem.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\canvas_configlisttopitem.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_aboutdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_askdlg_onsearchresultdelete.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_askdlg_saveplaylists.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_askonexitdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_chat.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_configdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_fileinformation.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_getpasswddlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_install_sharedfolder.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_mainframe.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_myfilespane.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_playlistpane.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_prefantivirus.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_prefblock.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_prefchat.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_preffolders.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_prefgeneral.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_prefparentalcontrol.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_prefproxy.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_prefskinsetup.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_searchespane.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_searchresultpane.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_setpasswddlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_skinmessagebox.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_transferspane.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_traybottompanel.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\screen_videopane.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\Skin.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_configlistview.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_currentmediastatic.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_header.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_hscrollbar.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_mainframe.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_morphdlg.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_morpheusstdbutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_morpheusstdbuttondown.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_playerdisplay.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_playlistcombobox.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_playlisttop.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_searcheslistschema.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_slider.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_slider_02.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_tabactive.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_tabinactive.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_tabledge.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_vscrollbar.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\skinlayout_vtab.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_button_usualbutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_checkbox_checkbox.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_checkbox_radiobutton.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_editcontrol_editbox.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_editcontrol_multilineeditbox.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_groupbox_roundrect.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_header_defaultheader.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_playlistview_default.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_slider_default.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_slider_progress.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_tabs_default.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_tabs_fileinformation.xml
C:\PROGRAM FILES\Morpheus\SkinData\happy\xml\style_vtabs_default.xml
C:\PROGRAM FILES\Morpheus\version.tmp
C:\PROGRAM FILES\Morpheus\WebCache.net
C:\PROGRAM FILES\Morpheus\zlib.pyd
C:\DOCUMENTS AND SETTINGS\APRIL\APPLICATION DATA\MORPHEUS
C:\DOCUMENTS AND SETTINGS\APRIL\MY DOCUMENTS\MORPHEUS PLAYLISTS
C:\DOCUMENTS AND SETTINGS\APRIL\MY DOCUMENTS\MORPHEUS SHARED
C:\DOCUMENTS AND SETTINGS\APRIL\MY DOCUMENTS\MORPHEUS SHARED\DOWNLOADS
C:\DOCUMENTS AND SETTINGS\APRIL\MY DOCUMENTS\MORPHEUS SHARED\DOWNLOADS\PARTIALS
C:\DOCUMENTS AND SETTINGS\APRIL\MY DOCUMENTS\MORPHEUS SHARED\DOWNLOADS\TORRENTS
C:\PROGRAM FILES\MORPHEUS
C:\PROGRAM FILES\MORPHEUS\SCHEMAS
C:\PROGRAM FILES\MORPHEUS\SKINDATA
C:\PROGRAM FILES\MORPHEUS\SKINDATA\DEFAULT
C:\PROGRAM FILES\MORPHEUS\SKINDATA\DEFAULT\IMAGES
C:\PROGRAM FILES\MORPHEUS\SKINDATA\DEFAULT\XML
C:\PROGRAM FILES\MORPHEUS\SKINDATA\HAPPY
C:\PROGRAM FILES\MORPHEUS\SKINDATA\HAPPY\IMAGES
C:\PROGRAM FILES\MORPHEUS\SKINDATA\HAPPY\XML

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MORPHEUS
HKEY_LOCAL_MACHINE\SOFTWARE\MORPHEUS


SafeSurfing.RsyncMon Browser Plug-in more information...
Details: SafeSurfing.RsyncMon is a SafeSurfing adware variant that installs as a Browser Helper Object (BHO) in Internet Explorer.
Status: Quarantined

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OVMON
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OVMON
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OVMON


Desktop Links Adware (General) more information...
Details: Desktop Links consists of various links and shortcuts placed on the desktop by adware and spyware programs. It includes folders and links placed in Internet Explorer's favorites list.
Status: Quarantined

Files detected
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico




Logfile of HijackThis v1.99.1
Scan saved at 5:07:31 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photozig Albums Media Detector] C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\TheShieldDeluxe\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1987B17-4F04-43AB-8EDC-9F017461ADB9}: NameServer = 69.150.8.2,69.150.9.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: The Shield Deluxe 2007 (AVP) - Unknown owner - C:\Program Files\PCSecurityShield\TheShieldDeluxe\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 21 June 2007 - 05:22 PM

You're log is clean,any problems!
Posted Image
Posted Image

#13 AMPayne

AMPayne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 23 June 2007 - 09:03 PM

Sorry, left town for a day or so. Running great! Thanks so much! When my husband gets home from active duty in a few days I'll send you a donation! You're well worth it.

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 24 June 2007 - 03:49 AM

You're welcome :thumbsup:
If all's ok,please do the following:

Find and delete:
Avenger
Combofix
fix.reg
Fixwareout

C:\QooBox
C:\Avenger
C:\Documents and Settings\userprofile\DoctorWeb\Quarantine

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users