Hi.

I believe I downloaded a virus yesterday on my desktop. Norton Internet Security 2009 warned me about a virus, then asked me to reboot. Following the reboot, I can no longer access the internet with the desktop, nor can I run NIS 2009 or Spybot. In safe mode, I can perform a complete scan using NIS 2009, but it doesn't find anything (I'm not even sure if C: was scanned). Spybot won't work even in Safe mode. I tried clicking on the .scr files in the Spybot directory, to no avail. I am also prevented from running HijackThis or Malwarebytes. In safe mode, using internet access, I am also redirected away from antivirus sites.

Does anyone have a fix for this problem?

Thanks.

Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

I think I managed to fix the problem.
First- I was able to open HijackThis by rebooting in safe mode and changing the file name. Next, I downloaded and ran GMER, which found a virus gxvxcserv.sys, which I deleted using GMER. I then ran Malwarebytes, which found and deleted a few Trojans (e.g. Banker). I used Flash_Disinfector to remove the auto.inf files on my hard drives. I then was able to scan using Spybot, which found a few more malware. Booting back up normally, I was able to run Norton Internet 2009 again, and I rescanned my system. I manually deleted a few files from the Recycler as well as from my C:/ directory that seemed suspicious.

Well, the system works now. I hope the viruses are truly gone.

Thanks for the response, Blade 81. I hadn't expected to receive a response quickly, so I tried to figure it out on my own. Perhaps I didn't catch them all, though.

Thanks ++.

Here's the requested data:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Eli at 14:16:12.56 on 02/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2361 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ASUS\AI Booster\OverClk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\palmOne\Palm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\My Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = https://portal.jgh.ca/Citrix/AccessPlatform
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Windows Live Sync] "c:\program files\windows live\sync\WindowsLiveSync.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Launch Ai Booster] "c:\program files\asus\ai booster\OverClk.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\explorer.lnk - c:\windows\explorer.exe
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\palmde~1.lnk - c:\program files\palmone\Palm.exe
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\seamon~1.lnk - c:\program files\mozilla.org\seamonkey\seamonkey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: jgh.ca\portal
DPF: {0C3CAA1C-027B-40AF-B080-5880E96C5113} - hxxp://install.cche.net/clint/install/control/5.6.5.3/VIVIDESKControlWeb.ocx#Version=5,6,5,3
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166198073296
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194503651921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5398/mcfscan.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax\quicktax 2008\ic2008pp.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-6-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-6-2 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-6-2 482352]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-10-26 29768]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090528.001\IDSxpx86.sys [2009-6-2 276344]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-4-21 328752]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-6-2 115560]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-2-2 144672]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware sandra lite xii.sp2c\RpcAgentSrv.exe [2008-5-31 98488]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-1 101936]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-3-16 33256]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2006-12-22 14095]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090602.007\NAVENG.SYS [2009-6-2 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090602.007\NAVEX15.SYS [2009-6-2 876144]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2006-12-15 5824]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\everest ultimate edition\kerneld.wnt [2008-6-1 23152]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-4-22 34352]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2006-12-15 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-12-15 13532]
S3 YTL;YTL;c:\docume~1\eli\locals~1\temp\ytl.exe --> c:\docume~1\eli\locals~1\temp\YTL.exe [?]

=============== Created Last 30 ================

2009-06-02 08:07 <DIR> --d-h--- C:\WindowsLiveSyncTemp
2009-06-02 08:05 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-02 08:05 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-02 08:05 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-02 08:05 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-02 08:05 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-02 08:05 <DIR> --d----- c:\program files\Symantec
2009-06-02 08:05 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-06-02 08:02 0 a------- c:\windows\system32\cd.dat
2009-06-02 07:28 <DIR> --d----- c:\program files\Spybot2
2009-06-02 07:06 0 a------- C:\backup.reg
2009-06-02 07:02 <DIR> a-dshr-- C:\autorun.inf
2009-06-01 14:52 <DIR> --d----- c:\program files\NortonInstaller
2009-06-01 13:00 <DIR> --d----- c:\docume~1\eli\applic~1\Malwarebytes
2009-06-01 11:32 <DIR> --d----- c:\program files\New Anti-Malware
2009-06-01 10:46 <DIR> --d----- c:\program files\Trend Micro
2009-06-01 10:37 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 10:37 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-01 10:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 10:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-31 10:29 <DIR> --d----- c:\program files\iTunes
2009-05-31 10:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-25 10:56 116,891 a------- c:\windows\hpqins00.dat
2009-05-08 18:22 3,247 a------- c:\windows\system32\wbem\Outlook_01c9d02b85b01390.mof

==================== Find3M ====================

2009-04-14 16:43 118,784 a------- c:\windows\SeaMonkeyUninstall.exe
2009-04-14 16:43 11,426 a------- c:\windows\mozver.dat
2009-04-14 16:43 118,784 a------- c:\windows\GREUninstall.exe
2009-04-03 14:18 33,256 a------- c:\windows\system32\drivers\hssdrv.sys
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2008-01-01 18:22 81,920 a------- c:\docume~1\eli\applic~1\ezpinst.exe
2008-01-01 18:22 47,360 a------- c:\docume~1\eli\applic~1\pcouffin.sys
2007-12-29 20:16 87,608 a------- c:\docume~1\eli\applic~1\inst.exe
2007-12-14 13:11 60,968 a------- c:\documents and settings\eli\GoToAssistDownloadHelper.exe
2004-10-01 16:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2008-05-12 15:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 14:16:30.60 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 15/12/2006 3:03:12 AM
System Uptime: 06/02/2009 1:25:39 PM (2785 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5W DH Deluxe
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | LGA 775 | 2404/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 295.199 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 153 GiB total, 99.656 GiB free.
G: is CDROM ()
H: is Removable
M: is Removable
T: is FIXED (NTFS) - 233 GiB total, 178.3 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&AD17F01&0&00E3
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller #2
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&AD17F01&0&00E3
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF099309
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF099309
Service: RTLWUSB

==== System Restore Points ===================

RP1016: 04/03/2009 2:39:31 PM - System Checkpoint
RP1017: 05/03/2009 3:10:23 PM - System Checkpoint
RP1018: 05/03/2009 6:38:00 PM - Software Distribution Service 3.0
RP1019: 06/03/2009 7:18:14 PM - System Checkpoint
RP1020: 07/03/2009 8:18:17 PM - System Checkpoint
RP1021: 08/03/2009 8:19:18 PM - System Checkpoint
RP1022: 09/03/2009 4:39:33 PM - Software Distribution Service 3.0
RP1023: 10/03/2009 10:55:56 AM - Software Distribution Service 3.0
RP1024: 11/03/2009 11:17:57 AM - System Checkpoint
RP1025: 12/03/2009 5:00:18 AM - Software Distribution Service 3.0
RP1026: 13/03/2009 5:15:44 AM - System Checkpoint
RP1027: 13/03/2009 10:00:28 PM - Software Distribution Service 3.0
RP1028: 14/03/2009 11:20:20 PM - System Checkpoint
RP1029: 16/03/2009 12:43:06 AM - System Checkpoint
RP1030: 17/03/2009 12:59:47 AM - System Checkpoint
RP1031: 18/03/2009 1:58:41 AM - System Checkpoint
RP1032: 19/03/2009 2:58:41 AM - System Checkpoint
RP1033: 20/03/2009 12:29:02 AM - Software Distribution Service 3.0
RP1034: 20/03/2009 6:00:16 AM - Software Distribution Service 3.0
RP1035: 21/03/2009 6:10:45 AM - System Checkpoint
RP1036: 22/03/2009 7:03:12 AM - System Checkpoint
RP1037: 23/03/2009 7:04:01 AM - System Checkpoint
RP1038: 23/03/2009 5:57:25 PM - Software Distribution Service 3.0
RP1039: 24/03/2009 6:02:56 PM - System Checkpoint
RP1040: 25/03/2009 7:02:56 PM - System Checkpoint
RP1041: 26/03/2009 7:20:19 PM - System Checkpoint
RP1042: 26/03/2009 9:13:20 PM - Software Distribution Service 3.0
RP1043: 27/03/2009 9:19:13 PM - System Checkpoint
RP1044: 28/03/2009 9:59:15 PM - System Checkpoint
RP1045: 29/03/2009 10:32:53 PM - System Checkpoint
RP1046: 30/03/2009 12:24:28 PM - Software Distribution Service 3.0
RP1047: 31/03/2009 12:32:51 PM - System Checkpoint
RP1048: 01/04/2009 12:33:57 PM - System Checkpoint
RP1049: 02/04/2009 1:04:43 PM - System Checkpoint
RP1050: 02/04/2009 4:30:10 PM - Software Distribution Service 3.0
RP1051: 03/04/2009 5:17:14 PM - System Checkpoint
RP1052: 04/04/2009 5:41:16 PM - System Checkpoint
RP1053: 05/04/2009 6:29:16 PM - System Checkpoint
RP1054: 06/04/2009 6:44:40 PM - System Checkpoint
RP1055: 06/04/2009 7:34:08 PM - Software Distribution Service 3.0
RP1056: 07/04/2009 8:16:58 PM - System Checkpoint
RP1057: 08/04/2009 8:31:28 PM - System Checkpoint
RP1058: 09/04/2009 9:16:57 PM - System Checkpoint
RP1059: 10/04/2009 10:16:57 PM - System Checkpoint
RP1060: 12/04/2009 12:34:58 AM - System Checkpoint
RP1061: 13/04/2009 1:16:42 AM - System Checkpoint
RP1062: 14/04/2009 12:58:32 AM - Software Distribution Service 3.0
RP1063: 14/04/2009 12:14:33 PM - Installed Remove Hidden Data Tool
RP1064: 15/04/2009 6:00:22 AM - Software Distribution Service 3.0
RP1065: 16/04/2009 6:15:47 AM - System Checkpoint
RP1066: 17/04/2009 7:15:46 AM - System Checkpoint
RP1067: 18/04/2009 8:15:49 AM - System Checkpoint
RP1068: 19/04/2009 9:15:50 AM - System Checkpoint
RP1069: 20/04/2009 10:15:42 AM - System Checkpoint
RP1070: 21/04/2009 10:27:43 AM - System Checkpoint
RP1071: 22/04/2009 11:15:42 AM - System Checkpoint
RP1072: 23/04/2009 12:15:42 PM - System Checkpoint
RP1073: 23/04/2009 5:42:27 PM - Software Distribution Service 3.0
RP1074: 24/04/2009 12:04:16 AM - Software Distribution Service 3.0
RP1075: 25/04/2009 12:15:46 AM - System Checkpoint
RP1076: 26/04/2009 12:16:26 AM - System Checkpoint
RP1077: 27/04/2009 1:15:28 AM - System Checkpoint
RP1078: 28/04/2009 2:29:51 AM - System Checkpoint
RP1079: 28/04/2009 5:08:37 AM - Software Distribution Service 3.0
RP1080: 29/04/2009 5:15:17 AM - System Checkpoint
RP1081: 29/04/2009 6:00:18 AM - Software Distribution Service 3.0
RP1082: 30/04/2009 6:15:17 AM - System Checkpoint
RP1083: 01/05/2009 7:15:16 AM - System Checkpoint
RP1084: 01/05/2009 11:00:24 PM - Software Distribution Service 3.0
RP1085: 02/05/2009 11:28:20 PM - System Checkpoint
RP1086: 03/05/2009 11:37:19 PM - System Checkpoint
RP1087: 04/05/2009 8:28:11 AM - Installed 32 Bit HP CIO Components Installer
RP1088: 04/05/2009 8:28:28 AM - Removed 32 Bit HP CIO Components Installer
RP1089: 04/05/2009 3:51:21 PM - Software Distribution Service 3.0
RP1090: 05/05/2009 4:37:19 PM - System Checkpoint
RP1091: 06/05/2009 4:49:19 PM - System Checkpoint
RP1092: 07/05/2009 5:37:19 PM - System Checkpoint
RP1093: 07/05/2009 10:18:30 PM - Software Distribution Service 3.0
RP1094: 08/05/2009 10:37:19 PM - System Checkpoint
RP1095: 09/05/2009 10:38:27 PM - System Checkpoint
RP1096: 10/05/2009 11:37:06 PM - System Checkpoint
RP1097: 11/05/2009 11:49:04 PM - System Checkpoint
RP1098: 12/05/2009 12:47:56 AM - Software Distribution Service 3.0
RP1099: 12/05/2009 6:09:15 AM - Software Distribution Service 3.0
RP1100: 13/05/2009 6:00:23 AM - Software Distribution Service 3.0
RP1101: 14/05/2009 6:37:04 AM - System Checkpoint
RP1102: 15/05/2009 7:38:09 AM - System Checkpoint
RP1103: 15/05/2009 8:50:29 AM - Software Distribution Service 3.0
RP1104: 16/05/2009 9:37:06 AM - System Checkpoint
RP1105: 17/05/2009 10:37:04 AM - System Checkpoint
RP1106: 18/05/2009 12:45:58 PM - System Checkpoint
RP1107: 18/05/2009 7:54:08 PM - Software Distribution Service 3.0
RP1108: 19/05/2009 2:29:50 AM - Installed Windows XP WgaNotify.
RP1109: 20/05/2009 3:27:25 AM - System Checkpoint
RP1110: 21/05/2009 3:28:30 AM - System Checkpoint
RP1111: 21/05/2009 10:09:38 AM - Software Distribution Service 3.0
RP1112: 22/05/2009 10:27:25 AM - System Checkpoint
RP1113: 23/05/2009 11:27:28 AM - System Checkpoint
RP1114: 24/05/2009 11:54:13 AM - System Checkpoint
RP1115: 25/05/2009 12:27:27 PM - System Checkpoint
RP1116: 25/05/2009 4:12:03 PM - Software Distribution Service 3.0
RP1117: 26/05/2009 4:27:25 PM - System Checkpoint
RP1118: 27/05/2009 5:27:25 PM - System Checkpoint
RP1119: 28/05/2009 6:52:36 PM - Software Distribution Service 3.0
RP1120: 29/05/2009 6:53:18 PM - System Checkpoint
RP1121: 30/05/2009 8:05:22 PM - System Checkpoint
RP1122: 02/06/2009 8:09:06 AM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
32 Bit HP CIO Components Installer
A-PDF Restrictions Remover 1.5
Accent OFFICE Password Recovery 2.70
ACLS Simulator 7 Package
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Standard
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro
Adobe Reader 8.1.5
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Archive Password Recovery (remove only)
AI Booster
AIO_Scan
Alt-Tab Task Switcher Powertoy for Windows XP
Androsa FileProtector
AnyDVD
APC PowerChute Personal Edition
Apple Mobile Device Support
Apple Software Update
ASUS DH Remote
ASUS WiFi-AP Solo
ASUSUpdate
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Catalyst Registration
ATI Display Driver
ATI Parental Control & Encoder
AudioConverter Studio 5.9
AVI ReComp 1.4.4
AviSynth 2.5
Belarc Advisor 7.2
BioShock
Blaze Media Pro
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
Calculator Powertoy for Windows XP
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CDDRV_Installer
CDisplay 1.8
CinemaForge
Citrix Web Client
CloneCD
CloneDVDmobile
Company of Heroes
Comparator Fast
Compatibility Pack for the 2007 Office system
Copy
Corel Uninstaller
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Critical Care Simulator 2002
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Debugging Tools for Windows (x86)
Destination Component
DeviceDiscovery
Disk Checker
DivxToDVD 0.5.2b
DocProc
Documents To Go
DocumentViewer
DocumentViewerQFolder
DP Editor Ver.1.0
DVD Solution
DVD X Rescue
DVDXCopy Platinum 3.2.1
eFax Messenger 4.3
EndNote
EndNote X1
Epocrates Essentials
EVEREST Ultimate Edition v4.50
Exif Launcher Ver.1.0
Exif Viewer Ver.1.1
Fast MP4 3GP AVI MPG WMV RM MOV FLV Converter 4.6
Folder Size for Windows
FOX Video Converter 8.0.9.25
Foxit Reader
Fraps
Free Word Excel Password Wizard
Galactic Civilizations II
HDD Health v3.3 Beta
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotspot Shield 1.15
HP Customer Participation Program 9.0
HP Document Viewer 7.0
HP Image Transfer v.1.9.9
HP Imaging Device Functions 9.0
HP Memories Disc
HP OCR Software 9.0
hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Photosmart Premier Software 6.5
HP Product Assistant
HP Scanjet 4800 series 7.0
HP Smart Web Printing
HP Solution Center 9.0
HP Update
hpg4850
HPProductAssistant
HPSSupply
iGuidance
Image Eye v7.4
Image Resizer Powertoy for Windows XP
ImTOO AVI MPEG Converter
ImTOO AVI to DVD Converter
ImTOO DivX to DVD Converter
ImTOO Download YouTube Video
ImTOO DVD Copy Express
ImTOO DVD Creator
ImTOO DVD Ripper Platinum
ImTOO DVD Subtitle Ripper
InstantShareDevices
Intel(R) Matrix Storage Manager
iPAQ WebReg
iPod for Windows 2005-10-12
IrfanView (remove only)
ISI ResearchSoft - Export Helper
iTunes
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 4.1.4 (Standard)
KB408682
Keyboard Shortcuts 1.2
KhalInstallWrapper
LeechGet Opera/Mozilla/Netscape Plug-In
LiveUpdate Notice (Symantec Corporation)
Logitech Gaming Software
Logitech Harmony Remote Software 7
Logitech iTouch Software
Logitech SetPoint
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.97
Malwarebytes' Anti-Malware
MarketResearch
Marvell Miniport Driver
MCJeopardy
Meta-DiSc
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MSConfig CleanUp 1.2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Launcher
Nero 8 Trial
neroxml
Norton Internet Security
Nuance PDF Professional 5
Oblivion
Octoshape add-in for Adobe Flash Player
On2 VP7 Personal Edition
Orbit Downloader
Oxford-Hachette French Dictionary
palmOne
PanoStandAlone
PC Probe II
PDF Settings
PhotoGallery
PhotoS
PowerDVD
PowerISO
PowerProducer
PrintKey2000
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickTax 2005
QuickTax 2006
QuickTax 2007
QuickTax 2008
QuickTime
RandMap
RAR Password Cracker 4.12
RealPlayer
Realtek High Definition Audio Driver
Remote Control USB Driver
Remove Hidden Data Tool
Scan
ScannerCopy
ScanSoft OmniPage 15.0
Scansoft PDF Professional
SeaMonkey (1.1.16)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sid Meier's Civilization 4
SiSoftware Sandra Lite XII.SP2c
Skins
SkinsHP1
SlideShow
SolutionCenter
Sonic_PrimoSDK
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Starcraft
Status
Symantec Technical Support Web Controls
SyncToy
Toolbox
TrayApp
Tweakui Powertoy for Windows XP
Ultimate Paint 2.88
UnloadSupport
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VCRedistSetup
VideoLAN VLC media player 0.8.6b
VideoToolkit01
Virtual Cable Tester
Visual Task Tips 2.1
VIVIDESK Client (MCGILL)
VIVIDESK Plug-in
VobSub v2.23 (Remove Only)
VSO CopyToDVD 4
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live FolderShare Beta
Windows Live Sync
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
xplorer² lite
Xvid 1.1.3 final uninstall
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

30/05/2009 1:00:03 AM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library SanDisk Cruzer Mini USB Device.
28/05/2009 10:10:04 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\D.
02/06/2009 8:20:11 AM, error: RemoteAccess [20151] - The Control Protocol IPCP in the Point to Point Protocol module (unknown) returned an error while initializing. A device attached to the system is not functioning.
02/06/2009 8:20:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IDSxpx86
02/06/2009 8:18:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Eraser Service service to connect.
02/06/2009 8:18:45 AM, error: Service Control Manager [7000] - The Symantec Eraser Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2009 8:03:29 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3 00000000, parameter4 804fa9ca.
02/06/2009 8:02:52 AM, error: Service Control Manager [7000] - The Symantec Eraser Service service failed to start due to the following error: The system cannot find the path specified.
02/06/2009 7:01:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO BANTExt eeCtrl ElbyCDIO ElRawDisk Fips intelppm SCDEmu
01/06/2009 2:53:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO BANTExt eeCtrl ElbyCDIO ElRawDisk Fips intelppm ohci1394 SCDEmu
01/06/2009 2:08:22 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
01/06/2009 12:08:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
01/06/2009 12:06:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
01/06/2009 10:49:10 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
01/06/2009 10:26:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO BANTExt BHDrvx86 ccHP eeCtrl ElbyCDIO ElRawDisk Fips IDSxpx86 intelppm SCDEmu SRTSP SRTSPX SYMTDI
01/06/2009 10:26:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
01/06/2009 10:15:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
01/06/2009 10:08:09 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
01/06/2009 10:06:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO BANTExt BHDrvx86 ccHP eeCtrl ElbyCDIO ElRawDisk Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu SRTSP SRTSPX SYMTDI Tcpip
01/06/2009 10:06:29 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2009 10:06:29 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2009 10:06:29 AM, error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
01/06/2009 10:06:29 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2009 10:06:29 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2009 10:06:29 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2009 10:06:29 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/06/2009 10:05:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
01/06/2009 10:00:41 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

==== End Of File ===========================

I hadn't expected to receive a response quickly, so I tried to figure it out on my own.
Hi

It's good to be ready for waiting for some days for help when posting to forums. There's lots of people seeking for help and it's impossible to reply quickly to them all. This time you didn't need to wait that long. This is just a reminder for those help seekers reading this topic. Patience is a virtue ;)


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



After that:


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Blade81, I really appreciate all your help so far.

I've deleted the P2P program and ran Combofix. Here's the Combofix output log, as well as the DDS logs.

ComboFix 09-06-03.04 - Eli 04/06/2009 0:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2441 [GMT -4:00]
Running from: c:\documents and settings\Eli\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Eli\Application Data\inst.exe
c:\windows\system32\chckshll.dll
c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 00:20 . 2009-06-01 08:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\NAVENG.SYS
2009-06-04 00:20 . 2009-06-01 08:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\NAVEX15.SYS
2009-06-04 00:20 . 2009-06-01 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\EECTRL.SYS
2009-06-04 00:20 . 2009-06-01 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\ECMSVR32.DLL
2009-06-04 00:20 . 2009-06-01 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\CCERASER.DLL
2009-06-04 00:20 . 2009-06-01 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\NAVENG32.DLL
2009-06-04 00:20 . 2009-06-01 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\NAVEX32A.DLL
2009-06-04 00:20 . 2009-06-01 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\ERASER.SYS
2009-06-02 12:08 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll
2009-06-02 12:08 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.sys
2009-06-02 12:08 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys
2009-06-02 12:08 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll
2009-06-02 12:08 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvia64.sys
2009-06-02 12:07 . 2009-06-02 12:07 -------- d--h--w- C:\WindowsLiveSyncTemp
2009-06-02 12:05 . 2009-03-12 08:42 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-02 12:05 . 2009-06-02 12:15 -------- d-----w- c:\program files\Symantec
2009-06-02 12:05 . 2009-06-02 12:15 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-02 12:05 . 2009-06-02 12:15 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-02 12:05 . 2009-06-02 12:05 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-02 12:05 . 2009-06-02 12:05 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-02 12:05 . 2009-06-02 12:05 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-02 12:05 . 2009-06-02 12:23 -------- d-----w- c:\windows\system32\drivers\NIS
2009-06-02 12:04 . 2009-06-02 12:04 -------- d-----w- c:\program files\Windows Sidebar
2009-06-02 12:02 . 2009-06-02 12:02 0 ----a-w- c:\windows\system32\cd.dat
2009-06-02 11:28 . 2009-06-02 17:29 -------- d-----w- c:\program files\Spybot2
2009-06-02 11:06 . 2009-06-02 11:06 0 ----a-w- C:\backup.reg
2009-06-02 10:55 . 2009-06-02 10:55 -------- d-----w- c:\program files\Erunt
2009-06-01 18:52 . 2009-06-01 18:52 -------- d-----w- c:\program files\NortonInstaller
2009-06-01 17:00 . 2009-06-01 17:00 -------- d-----w- c:\documents and settings\Eli\Application Data\Malwarebytes
2009-06-01 15:32 . 2009-06-02 06:01 -------- d-----w- c:\program files\New Anti-Malware
2009-06-01 14:46 . 2009-06-01 14:46 -------- d-----w- c:\program files\Trend Micro
2009-06-01 14:37 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 14:37 . 2009-06-01 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 14:37 . 2009-06-01 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-01 14:37 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-01 14:14 . 2009-06-01 14:14 -------- d-----w- c:\documents and settings\Eli\Local Settings\Application Data\Symantec
2009-05-31 21:32 . 2009-05-31 21:32 390664 ----a-w- c:\documents and settings\Eli\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-31 14:29 . 2009-05-31 14:29 -------- d-----w- c:\program files\iTunes
2009-05-31 14:29 . 2009-05-31 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-31 14:25 . 2009-05-31 14:25 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-25 14:56 . 2009-05-25 15:01 116891 ----a-w- c:\windows\hpqins00.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 11:44 . 2006-12-19 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-03 06:08 . 2006-12-18 17:20 -------- d-----w- c:\program files\palmOne
2009-06-02 19:48 . 2007-01-08 17:15 -------- d-----w- c:\documents and settings\Eli\Application Data\EndNote
2009-06-02 17:27 . 2008-06-01 22:01 -------- d-----w- c:\documents and settings\Eli\Application Data\Orbit
2009-06-02 12:15 . 2009-06-02 12:05 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-02 12:15 . 2009-06-02 12:05 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-02 12:07 . 2006-12-15 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-02 12:04 . 2009-03-06 22:15 -------- d-----w- c:\program files\Norton Internet Security
2009-06-02 12:04 . 2009-03-06 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-02 12:03 . 2009-03-06 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-02 11:25 . 2006-12-19 05:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-01 16:54 . 2007-07-24 20:59 -------- d-----w- c:\program files\LeechGet 2006
2009-06-01 16:34 . 2007-07-20 03:31 -------- d-----w- c:\program files\BitTorrent
2009-06-01 16:07 . 2006-12-18 17:46 -------- d-----w- c:\program files\Morpheus Ultra
2009-06-01 00:21 . 2007-12-12 22:21 -------- d-----w- c:\documents and settings\Eli\Application Data\uTorrent
2009-05-31 14:29 . 2006-12-19 03:31 -------- d-----w- c:\program files\iPod
2009-05-31 14:29 . 2008-09-14 00:24 -------- d-----w- c:\program files\Common Files\Apple
2009-05-07 22:01 . 2009-01-18 03:36 -------- d-----w- c:\program files\Hotspot Shield
2009-04-25 03:08 . 2008-10-26 21:55 -------- d-----w- c:\program files\Disk Checker
2009-04-14 20:43 . 2007-09-17 01:19 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe
2009-04-14 20:43 . 2006-12-17 20:19 11426 ----a-w- c:\windows\mozver.dat
2009-04-14 20:43 . 2006-12-17 20:19 118784 ----a-w- c:\windows\GREUninstall.exe
2009-04-03 18:18 . 2009-03-17 01:46 33256 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2006-09-19 20:44 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-03-06 14:22 . 2001-08-23 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2004-10-01 20:00 . 2006-12-17 19:46 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2007-12-29 23:37 . 2007-12-29 23:35 48 --sh--w- c:\windows\SF2D2F4F3.tmp
.

------- Sigcheck -------

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-01-01 17:07 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-01-01 17:07 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-03-17 01:46 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2008-12-03 1170256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-28 185896]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Eli\Start Menu\Programs\Startup\
Explorer.lnk - c:\windows\explorer.exe [2001-8-23 1033728]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-6-20 547840]
Palm Desktop.lnk - c:\program files\palmOne\Palm.exe [2005-1-5 614400]
SeaMonkey.lnk - c:\program files\mozilla.org\SeaMonkey\seamonkey.exe [2007-9-16 106496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-7-24 221247]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-3 40960]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-27 805392]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-12-3 147456]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-6-1 1711304]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2006-12-18 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IRUpdater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\IRUpdater.lnk
backup=c:\windows\pss\IRUpdater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eli^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\documents and settings\Eli\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Eli\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [02/06/2009 8:15 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [02/06/2009 8:15 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [02/06/2009 8:15 AM 482352]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [26/10/2008 5:55 PM 29768]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.sys [02/06/2009 8:08 AM 276344]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [21/04/2009 9:12 PM 328752]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [02/06/2009 8:15 AM 115560]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [02/02/2008 2:20 AM 144672]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [31/05/2008 11:49 PM 98488]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [01/06/2009 4:00 AM 101936]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [16/03/2009 9:46 PM 33256]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [22/12/2006 12:16 PM 14095]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [15/12/2006 11:16 AM 5824]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\EVEREST Ultimate Edition\kerneld.wnt [01/06/2008 4:08 PM 23152]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [22/04/2009 5:34 PM 34352]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [15/12/2006 11:26 AM 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [15/12/2006 11:25 AM 13532]
S3 YTL;YTL;c:\docume~1\Eli\LOCALS~1\Temp\YTL.exe --> c:\docume~1\Eli\LOCALS~1\Temp\YTL.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-30 c:\windows\Tasks\E-mail backup.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]

2009-06-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-05-30 c:\windows\Tasks\My Documents Backup.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]

2009-05-30 c:\windows\Tasks\Palm Backup.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = https://portal.jgh.ca/Citrix/AccessPlatform
uInternet Settings,ProxyOverride = *.local
Trusted Zone: jgh.ca\portal
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\Quicktax\QuickTax 2007\ic2007pp.dll
DPF: {0C3CAA1C-027B-40AF-B080-5880E96C5113} - hxxp://install.cche.net/clint/install/control/5.6.5.3/VIVIDESKControlWeb.ocx#Version=5,6,5,3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 00:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220523388-2147237195-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-220523388-2147237195-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CCAE4AF-1BCA-B175-1A60-A644B25310D1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iainbpgjifbflfkedo"=hex:6b,61,62,62,66,66,65,68,61,6e,63,68,68,66,61,6b,70,64,
70,6a,67,61,00,00
"haomlckheomocmkk"=hex:6b,61,62,62,66,66,65,68,61,6e,63,68,68,66,61,6b,70,64,
70,6a,67,61,00,00

[HKEY_USERS\S-1-5-21-220523388-2147237195-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7a,98,2a,3c,a7,0d,80,d0,da,6b,6c,3b,94,ed,d0,0c,df,e6,66,90,8e,77,49,
a2,4d,d1,76,04,fc,8a,2f,01,19,7e,17,e7,45,61,1b,ce,ec,2e,28,0f,08,64,b5,05,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38

[HKEY_LOCAL_MACHINE\software\Ariolic Software, Ltd\ActiveSMART\Ð*,*Ƭ ]
"Performance"=dword:0000005f
"Reliability"=dword:0000005f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1864)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-06-04 0:08
ComboFix-quarantined-files.txt 2009-06-04 04:08

Pre-Run: 317,010,296,832 bytes free
Post-Run: 316,993,605,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

303 --- E O F --- 2009-06-02 12:09

DDS (Ver_09-05-14.01) - NTFSx86
Run by Eli at 0:12:11.62 on 04/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2367 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ASUS\AI Booster\OverClk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\palmOne\Palm.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\My Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = https://portal.jgh.ca/Citrix/AccessPlatform
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Windows Live Sync] "c:\program files\windows live\sync\WindowsLiveSync.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Launch Ai Booster] "c:\program files\asus\ai booster\OverClk.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\explorer.lnk - c:\windows\explorer.exe
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\palmde~1.lnk - c:\program files\palmone\Palm.exe
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\seamon~1.lnk - c:\program files\mozilla.org\seamonkey\seamonkey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: jgh.ca\portal
DPF: {0C3CAA1C-027B-40AF-B080-5880E96C5113} - hxxp://install.cche.net/clint/install/control/5.6.5.3/VIVIDESKControlWeb.ocx#Version=5,6,5,3
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166198073296
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194503651921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5398/mcfscan.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax\quicktax 2008\ic2008pp.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-6-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-6-2 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-6-2 482352]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-10-26 29768]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090528.001\IDSxpx86.sys [2009-6-2 276344]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-4-21 328752]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-6-2 115560]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-2-2 144672]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware sandra lite xii.sp2c\RpcAgentSrv.exe [2008-5-31 98488]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-1 101936]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-3-16 33256]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2006-12-22 14095]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090603.036\NAVENG.SYS [2009-6-3 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090603.036\NAVEX15.SYS [2009-6-3 876144]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2006-12-15 5824]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\everest ultimate edition\kerneld.wnt [2008-6-1 23152]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-4-22 34352]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2006-12-15 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-12-15 13532]
S3 YTL;YTL;c:\docume~1\eli\locals~1\temp\ytl.exe --> c:\docume~1\eli\locals~1\temp\YTL.exe [?]

=============== Created Last 30 ================

2009-06-04 00:04 <DIR> a-dshr-- C:\cmdcons
2009-06-04 00:03 161,792 a------- c:\windows\SWREG.exe
2009-06-04 00:03 154,624 a------- c:\windows\PEV.exe
2009-06-04 00:03 98,816 a------- c:\windows\sed.exe
2009-06-04 00:03 <DIR> --ds---- C:\ComboFix
2009-06-02 08:07 <DIR> --d-h--- C:\WindowsLiveSyncTemp
2009-06-02 08:05 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-02 08:05 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-02 08:05 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-02 08:05 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-02 08:05 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-02 08:05 <DIR> --d----- c:\program files\Symantec
2009-06-02 08:05 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-06-02 08:02 0 a------- c:\windows\system32\cd.dat
2009-06-02 07:28 <DIR> --d----- c:\program files\Spybot2
2009-06-02 07:06 0 a------- C:\backup.reg
2009-06-02 07:02 <DIR> a-dshr-- C:\autorun.inf
2009-06-01 14:52 <DIR> --d----- c:\program files\NortonInstaller
2009-06-01 13:00 <DIR> --d----- c:\docume~1\eli\applic~1\Malwarebytes
2009-06-01 11:32 <DIR> --d----- c:\program files\New Anti-Malware
2009-06-01 10:46 <DIR> --d----- c:\program files\Trend Micro
2009-06-01 10:37 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 10:37 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-01 10:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 10:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-31 10:29 <DIR> --d----- c:\program files\iTunes
2009-05-31 10:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-25 10:56 116,891 a------- c:\windows\hpqins00.dat
2009-05-08 18:22 3,247 a------- c:\windows\system32\wbem\Outlook_01c9d02b85b01390.mof

==================== Find3M ====================

2009-04-14 16:43 118,784 a------- c:\windows\SeaMonkeyUninstall.exe
2009-04-14 16:43 11,426 a------- c:\windows\mozver.dat
2009-04-14 16:43 118,784 a------- c:\windows\GREUninstall.exe
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2008-01-01 18:22 81,920 a------- c:\docume~1\eli\applic~1\ezpinst.exe
2008-01-01 18:22 47,360 a------- c:\docume~1\eli\applic~1\pcouffin.sys
2007-12-14 13:11 60,968 a------- c:\documents and settings\eli\GoToAssistDownloadHelper.exe
2004-10-01 16:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2008-05-12 15:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 0:12:33.06 ===============

Ok. Let's continue :)


Open notepad and copy/paste the text in the quotebox below into it:



Driver::
YTL

File::
c:\docume~1\Eli\LOCALS~1\Temp\YTL.exe

Folder::
c:\program files\Morpheus Ultra
c:\documents and settings\Eli\Application Data\uTorrent
c:\program files\utorrent

Regnull::
[HKEY_USERS\S-1-5-21-220523388-2147237195-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CCAE4AF-1BCA-B175-1A60-A644B25310D1}*]

DDS::
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 13 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Kaspersky found some more viruses, although it didn't remove them.

Here are the 3 logs (broken up into 2 posts).

Thanks.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, June 5, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, June 04, 2009 18:20:49
Records in database: 2306762
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
M:\
T:\

Scan statistics:
Files scanned: 170571
Threat name: 16
Infected objects: 19
Suspicious objects: 18
Duration of the scan: 04:30:08


File name / Threat name / Threats count
C:\Documents and Settings\Eli\Application Data\Mozilla\Profiles\default\0cx92n2l.slt\ImapMail\exchange.mcgill.ca\INBOX-1 Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\Eli\Application Data\Mozilla\Profiles\Eli\k6rnyfqm.slt\Mail\pop3.norton.antivirus\2001 Infected: Email-Worm.Win32.Magistr.a 1
C:\Documents and Settings\Eli\Application Data\Mozilla\Profiles\Eli\k6rnyfqm.slt\Mail\pop3.norton.antivirus\2002 Infected: Email-Worm.Win32.Klez.h 4
C:\Documents and Settings\Eli\Application Data\Mozilla\Profiles\Eli\k6rnyfqm.slt\Mail\pop3.norton.antivirus\2002 Suspicious: Exploit.HTML.Iframe.FileDownload 8
C:\Documents and Settings\Eli\Application Data\Mozilla\Profiles\Eli\k6rnyfqm.slt\Mail\pop3.norton.antivirus\2002 Suspicious: Exploit.HTML.SecurityBreach.3 1
C:\Documents and Settings\Eli\Application Data\Mozilla\Profiles\Eli\k6rnyfqm.slt\Mail\pop3.norton.antivirus\2003 Suspicious: Exploit.HTML.Iframe.FileDownload 6
C:\Documents and Settings\Eli\Application Data\Mozilla\Profiles\Eli\k6rnyfqm.slt\Mail\pop3.norton.antivirus\2003 Suspicious: Exploit.HTML.SecurityBreach.3 1
C:\Documents and Settings\Eli\Application Data\Mozilla\Profiles\Eli\k6rnyfqm.slt\Mail\pop3.norton.antivirus\2004 Infected: Email-Worm.Win32.Bagle.b 1
C:\Documents and Settings\Eli\My Documents\Downloads\010-PasswordCrackers\advanced office 97 password recovery 1.33\setup.exe Infected: not-a-virus:PSWTool.Win32.OEPass.x 1
C:\Documents and Settings\Eli\My Documents\Downloads\010-PasswordCrackers\Advanced PDF Password Recovery 1.34\setup.exe Infected: not-a-virus:PSWTool.Win32.OEPass.n 1
C:\Documents and Settings\Eli\My Documents\Downloads\010-PasswordCrackers\anv20.zip Infected: not-a-virus:PSWTool.Win32.ZipANV 1
C:\Medical\Palm Medical Software\Medscut Palm Software\temp\2000 Crackz & Serialz A - Z\lxtvg122.zip Infected: Trojan.Win32.FormatC.ao 1
C:\My Downloads\Downloads pre-2005\2000 Crackz & Serialz A - Z.exe Infected: Trojan.Win32.FormatC.ao 1
C:\My Downloads\Downloads pre-2005\GDiVX1.9.9.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar 1
C:\My Downloads\Downloads pre-2005\GDiVX1.9.9.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\My Downloads\Downloads pre-2005\Palm OS Software Over 100 Programs.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1
C:\My Downloads\Downloads pre-2005\PASSWORD_HACKER_(WORKS_GREAT!) (1) (1).EXE Infected: not-a-virus:PSWTool.Win32.LPR 1
C:\My Downloads\Downloads pre-2005\setupmpe.exe Infected: not-a-virus:AdWare.Win32.WurldMedia.k 1
F:\System Volume Information\_restore{B43848D8-A74D-4DCF-AC54-C7D29C374F56}\RP1122\A0123331.com Infected: Trojan.Win32.TDSS.affc 1
H:\RECYCLER\S-2-5-31-100009945-100021218-100015399-7650.com Infected: Trojan.Win32.TDSS.affc 1
H:\RECYCLER\S-5-5-21-100012000-100029068-100027383-9562.com Infected: Trojan.Win32.TDSS.affc 1

The selected area was scanned.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Eli at 2:55:51.28 on 05/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2044 [GMT -4:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\AI Booster\OverClk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\palmOne\Palm.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\My Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = https://portal.jgh.ca/Citrix/AccessPlatform
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Windows Live Sync] "c:\program files\windows live\sync\WindowsLiveSync.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Launch Ai Booster] "c:\program files\asus\ai booster\OverClk.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\explorer.lnk - c:\windows\explorer.exe
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\palmde~1.lnk - c:\program files\palmone\Palm.exe
StartupFolder: c:\docume~1\eli\startm~1\programs\startup\seamon~1.lnk - c:\program files\mozilla.org\seamonkey\seamonkey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: jgh.ca\portal
DPF: {0C3CAA1C-027B-40AF-B080-5880E96C5113} - hxxp://install.cche.net/clint/install/control/5.6.5.3/VIVIDESKControlWeb.ocx#Version=5,6,5,3
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166198073296
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194503651921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5398/mcfscan.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax\quicktax 2008\ic2008pp.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-6-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-6-2 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-6-2 482352]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-10-26 29768]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090528.001\IDSxpx86.sys [2009-6-2 276344]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-4-21 328752]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-6-2 115560]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-2-2 144672]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware sandra lite xii.sp2c\RpcAgentSrv.exe [2008-5-31 98488]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-1 101936]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-3-16 33256]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2006-12-22 14095]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090604.021\NAVENG.SYS [2009-6-4 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090604.021\NAVEX15.SYS [2009-6-4 876144]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2006-12-15 5824]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\everest ultimate edition\kerneld.wnt [2008-6-1 23152]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-4-22 34352]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2006-12-15 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-12-15 13532]

=============== Created Last 30 ================

2009-06-04 18:02 <DIR> --d----- C:\Adobe
2009-06-04 12:16 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-04 12:01 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-04 00:04 <DIR> a-dshr-- C:\cmdcons
2009-06-04 00:03 161,792 a------- c:\windows\SWREG.exe
2009-06-04 00:03 154,624 a------- c:\windows\PEV.exe
2009-06-04 00:03 98,816 a------- c:\windows\sed.exe
2009-06-02 08:07 <DIR> --d-h--- C:\WindowsLiveSyncTemp
2009-06-02 08:05 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-02 08:05 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-02 08:05 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-02 08:05 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-02 08:05 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-02 08:05 <DIR> --d----- c:\program files\Symantec
2009-06-02 08:05 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-06-02 08:02 0 a------- c:\windows\system32\cd.dat
2009-06-02 07:28 <DIR> --d----- c:\program files\Spybot2
2009-06-02 07:06 0 a------- C:\backup.reg
2009-06-02 07:02 <DIR> a-dshr-- C:\autorun.inf
2009-06-01 14:52 <DIR> --d----- c:\program files\NortonInstaller
2009-06-01 13:00 <DIR> --d----- c:\docume~1\eli\applic~1\Malwarebytes
2009-06-01 11:32 <DIR> --d----- c:\program files\New Anti-Malware
2009-06-01 10:46 <DIR> --d----- c:\program files\Trend Micro
2009-06-01 10:37 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 10:37 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-01 10:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 10:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-31 10:29 <DIR> --d----- c:\program files\iTunes
2009-05-31 10:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-25 10:56 116,891 a------- c:\windows\hpqins00.dat
2009-05-08 18:22 3,247 a------- c:\windows\system32\wbem\Outlook_01c9d02b85b01390.mof

==================== Find3M ====================

2009-04-14 16:43 118,784 a------- c:\windows\SeaMonkeyUninstall.exe
2009-04-14 16:43 11,426 a------- c:\windows\mozver.dat
2009-04-14 16:43 118,784 a------- c:\windows\GREUninstall.exe
2008-01-01 18:22 81,920 a------- c:\docume~1\eli\applic~1\ezpinst.exe
2008-01-01 18:22 47,360 a------- c:\docume~1\eli\applic~1\pcouffin.sys
2007-12-14 13:11 60,968 a------- c:\documents and settings\eli\GoToAssistDownloadHelper.exe
2004-10-01 16:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2008-05-12 15:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 2:56:20.78 ===============

Here's the Combofix log (part 1).

ComboFix 09-06-03.04 - Eli 04/06/2009 11:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2432 [GMT -4:00]
Running from: c:\documents and settings\Eli\Desktop\Unused Desktop Shortcuts\ComboFix.exe
Command switches used :: c:\documents and settings\Eli\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\docume~1\Eli\LOCALS~1\Temp\YTL.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Eli\Application Data\uTorrent
c:\documents and settings\Eli\Application Data\uTorrent\010-PasswordCrackers.torrent
c:\documents and settings\Eli\Application Data\uTorrent\Classical Music Top 100.torrent
c:\documents and settings\Eli\Application Data\uTorrent\CloneCD v.5.3.1.0-BY ToRR3NTPYTHoN.rar.torrent
c:\documents and settings\Eli\Application Data\uTorrent\dht.dat
c:\documents and settings\Eli\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Eli\Application Data\uTorrent\Foxit Reader Editor and Creator plus Add-Ons.zip.torrent
c:\documents and settings\Eli\Application Data\uTorrent\Magic ISO.rar.torrent
c:\documents and settings\Eli\Application Data\uTorrent\PDF Converters & Password Removers AIO 2008 [MUST HAVE] [h33t] [MAMBO04].torrent
c:\documents and settings\Eli\Application Data\uTorrent\resume.dat
c:\documents and settings\Eli\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Eli\Application Data\uTorrent\rss.dat
c:\documents and settings\Eli\Application Data\uTorrent\rss.dat.old
C:\documents and settings\Eli\Application Data\uTorrent\settings.dat
c:\documents and settings\Eli\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Eli\Application Data\uTorrent\utorrent.chm
c:\documents and settings\Eli\Application Data\uTorrent\utorrent.lng
c:\program files\Morpheus Ultra
c:\program files\Morpheus Ultra\EASYCRACKS.NET.NFO
c:\program files\Morpheus Ultra\Folder_Morpheus.ico
c:\program files\Morpheus Ultra\Launcher.exe
c:\program files\Morpheus Ultra\Loader.exe
c:\program files\Morpheus Ultra\Morpheus Ultra 5.1.1 Launcher by Team Net Guru.zip
c:\program files\Morpheus Ultra\morpheus ultra loader creator.exe
c:\program files\Morpheus Ultra\MorpheusUltra55.exe
c:\program files\Morpheus Ultra\python_LICENSE.txt
c:\program files\Morpheus Ultra\python23.dll
c:\program files\Morpheus Ultra\python23.zip
c:\program files\Morpheus Ultra\SkinData\cottoncandy\About.htm
c:\program files\Morpheus Ultra\SkinData\cottoncandy\amazon.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Background.BMP
c:\program files\Morpheus Ultra\SkinData\cottoncandy\bitzi-pattern.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\bitzi-tear.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\bitzi_perforation.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\bluebar.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-divider.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-dpr-back.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-dpr-blank-32x17.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-dpr-blank-33x17.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-dpr-forward.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-dpr-home.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-dpr-refresh.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-dpr-stop.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-na-back.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-na-blank-32x17.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-na-blank-33x17.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-na-forward.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-na-home.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-na-refresh.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-na-stop.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-normal-back.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-normal-blank-32x17.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-normal-blank-33x17.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-normal-forward.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-normal-home.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-normal-refresh.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-normal-stop.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-over-back.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-over-forward.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-over-home.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-over-refresh.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\browser-over-stop.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\BrowserProgress.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Button.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\ButtonDisabled.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\ButtonDown.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\ButtonMask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\chat.css
c:\program files\Morpheus Ultra\SkinData\cottoncandy\chatcombo.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\chatcombomask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\ChatHeader.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\ChatSplitter.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\checkbox_blank.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\checkbox_blank_disabled.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\checkbox_checked.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\checkbox_checked_disabled.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\clock.swf
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Connecting.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Connecting_selected.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\CurrentMediaStatic.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Downloads.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\DownloadsMask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\DownloadsPressed.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\eBay.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\file.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\file_info_bg.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\fileavailability.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\fileavailabilitytorrent.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\filebitzi.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\FileBitziWaiting.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\filedetails.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\filedetails.jpg
c:\program files\Morpheus Ultra\SkinData\cottoncandy\filetipdetail.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Header.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_chat.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_chat_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_close.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_close_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_help.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_help_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_maximize.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_maximize_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_minimize.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_minimize_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_morpheusultra.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_morpheusultra_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_preferences.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_preferences_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_restore.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\header_restore_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\HeaderBlock.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\HeaderBlock.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\HeaderDowned.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\HScrollBar.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\HThumb.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\images\getmorpheusultra.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\images\monochrome_morpheus.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\images\monochrome_morpheus_ultra.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\images\Thumbs.db
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Left.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\LeftDown.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\lightblue.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\ListSel.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\logo.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\logoUltra.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\MainFrame.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\MainFrameMask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\MenuHighlight.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\MenuNormal.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\MorphDlg.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\MorphDlgMask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_mute.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_mute_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_next.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_next_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_next_mask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_pause.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_pause_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_play.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_play_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_play_mask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_prev.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_prev_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_prev_mask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_sound.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_sound_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_sound_mask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_stop.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_stop_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\player_stop_mask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\PlayerDisplay.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\playlist_add.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\playlist_add_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\playlist_repeat.BMP
c:\program files\Morpheus Ultra\SkinData\cottoncandy\playlist_repeat_dp.BMP
c:\program files\Morpheus Ultra\SkinData\cottoncandy\playlist_shuffle.BMP
c:\program files\Morpheus Ultra\SkinData\cottoncandy\playlist_shuffle_dp.BMP
c:\program files\Morpheus Ultra\SkinData\cottoncandy\playlist_subtract.BMP
c:\program files\Morpheus Ultra\SkinData\cottoncandy\playlist_subtract_dp.BMP
c:\program files\Morpheus Ultra\SkinData\cottoncandy\PlayListComboBox.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\PlayListItem.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\PlayListSelectedItem.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\PlayListTop.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\PlayListViewBk.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\radio_blank.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\radio_blank_disabled.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\radio_checked.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\radio_checked_disabled.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\RectangleButton.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\retry.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SchemeMenu.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SchemeMenuHL.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\search_filetype.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\search_filetype_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\search_filetype_mask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\search_searchbutton.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\search_searchbutton_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\search2start.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SearchClose.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SearchClosePressed.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SearchConnecting.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SearchDetailToolTip.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SearchesListBottom.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SearchesListMiddle.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SearchesListSelected.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SearchesListSingle.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SearchesListTop.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SearchesSplitter.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\skincombo.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\skincombomask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Slider.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Slider_02.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Slider_02_mask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Slider_mask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SmallClose.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SmallClosePressed.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\spacer.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SplitterButtonDown.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SplitterButtonDownPressed.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SplitterButtonUp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\SplitterButtonUpPressed.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\standard.css
c:\program files\Morpheus Ultra\SkinData\cottoncandy\StatusBar.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\stopwatch.gif
c:\program files\Morpheus Ultra\SkinData\cottoncandy\TabActive.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\TabActiveMask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\TabInactive.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\TabInactiveMask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\TabLedge.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\tooltip.css
c:\program files\Morpheus Ultra\SkinData\cottoncandy\tooltip.jpg
c:\program files\Morpheus Ultra\SkinData\cottoncandy\tooltipApp.jpg
c:\program files\Morpheus Ultra\SkinData\cottoncandy\tooltipAud.jpg
c:\program files\Morpheus Ultra\SkinData\cottoncandy\tooltipDoc.jpg
c:\program files\Morpheus Ultra\SkinData\cottoncandy\tooltipImg.jpg
c:\program files\Morpheus Ultra\SkinData\cottoncandy\tooltipRom.jpg
c:\program files\Morpheus Ultra\SkinData\cottoncandy\tooltipVid.jpg
c:\program files\Morpheus Ultra\SkinData\cottoncandy\Tray.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\TrayBottomPanel.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\ui.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\video_dockscreen.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\video_dockscreen_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\video_fullscreen.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\video_fullscreen_dp.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\VideoDisplayButtonsArea.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\VScrollBar.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\VSplitter.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\VTabActive.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\VTabInactive.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\VTabMask.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\VThumb.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\welcome.html
c:\program files\Morpheus Ultra\SkinData\cottoncandy\WideStatic.bmp
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_aboutdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_addpodcastdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_askdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_askdlg_onsearchresultdelete.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_askdlg_ontransfercancel.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_askdlg_saveplaylists.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_askonexitdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_chat.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_childdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_configdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_connectingsearchdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_custombrowser.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_fileinformation.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_getpasswddlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_install_sharedfolder.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_magnetcheckdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_magnethandledlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_mainframe.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_morphdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_msgdlg_filter_redirect.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_MsgDlg_UPnP_is_Enabled.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_MsgDlg_UPnP_status_info.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_myfilespane.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_myrsspane.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_notconnectedsearchdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_playlistpane.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_podcastalreadysubscribed.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_prefantivirus.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_prefblock.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_prefchat.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_preffolders.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_prefgeneral.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_prefinternetconnection.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_preflangsetup.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_prefparentalcontrol.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_prefproxy.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_prefskinsetup.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_refreshsharelistdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_searchespane.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_searchresultpane.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_setpasswddlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_skinmessagebox.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_torrentcheckdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_transferspane.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_traybottompanel.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_undockedmediaplayer.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_videopane.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\screen_xpfirewallcheckdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\Skin.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_configlistview.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_currentmediastatic.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_downloadsbutton.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_header.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_hscrollbar.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_mainframe.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_morphdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_morpheusstdbutton.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_morpheusstdbuttondown.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_playerdisplay.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_playlistcombobox.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_playlisttop.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_rectanglebutton.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_searcheslistschema.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_slider.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_tabactive.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_tabinactive.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_vscrollbar.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\skinlayout_vtab.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_button_checkbox.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_button_radiobutton.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_button_rectanglebutton.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_button_usualbutton.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_checkbox_checkbox.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_checkbox_radiobutton.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_editcontrol_editbox.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_editcontrol_multilineeditbox.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_groupbox_roundrect.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_header_defaultheader.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_overlappedwindow_childdialog.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_overlappedwindow_morphdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_playlistview_default.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_screen_morphdlg.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_slider_default.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_slider_progress.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_tabs_default.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_tabs_fileinformation.xml
c:\program files\Morpheus Ultra\SkinData\cottoncandy\xml\style_vtabs_default.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\About.htm
c:\program files\Morpheus Ultra\SkinData\Midnight\adnull.html
c:\program files\Morpheus Ultra\SkinData\Midnight\amazon.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\bitzi-pattern.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\bitzi-tear.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\bitzi_perforation.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\bluebar.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-divider.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-dpr-back.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-dpr-blank-32x17.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-dpr-blank-33x17.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-dpr-forward.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-dpr-home.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-dpr-refresh.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-dpr-stop.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-na-blank-32x17.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-na-blank-33x17.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-normal-back.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-normal-blank-32x17.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-normal-blank-33x17.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-normal-forward.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-normal-home.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-normal-refresh.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\browser-normal-stop.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\BrowserProgress.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\Button.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ButtonDown.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ButtonDownMask.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ButtonDownMaskRight.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ButtonDownRight.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ButtonMask.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ButtonMaskRight.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ButtonRight.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\chat.css
c:\program files\Morpheus Ultra\SkinData\Midnight\chatcombo.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\chatcombomask.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ChatHeader.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ChatSplitter.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\Connecting.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\Connecting_selected.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\CurrentMediaStatic.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\Downloads.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\DownloadsPressed.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\eBay.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\file.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\file_info_bg.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\fileavailability.html
c:\program files\Morpheus Ultra\SkinData\Midnight\fileavailabilitytorrent.html
c:\program files\Morpheus Ultra\SkinData\Midnight\filebitzi.html
c:\program files\Morpheus Ultra\SkinData\Midnight\FileBitziWaiting.html
c:\program files\Morpheus Ultra\SkinData\Midnight\filedetails.html
c:\program files\Morpheus Ultra\SkinData\Midnight\filedetails.jpg
c:\program files\Morpheus Ultra\SkinData\Midnight\filetipdetail.html
c:\program files\Morpheus Ultra\SkinData\Midnight\flyoutnull.html
c:\program files\Morpheus Ultra\SkinData\Midnight\Header.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_chat.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_chat_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_close.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_close_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_help.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_help_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_maximize.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_maximize_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_minimize.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_minimize_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_morpheusultra.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_morpheusultra_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_preferences.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_preferences_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_restore.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\header_restore_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\HeaderBlock.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\HeaderBlock.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\HeaderDowned.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\images\arrow.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\images\getmorpheusultra.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\images\monochrome_morpheus.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\images\monochrome_morpheus_ultra.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\images\welcome.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\Left.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\LeftDown.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\lightblue.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\ListSel.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\logo.html
c:\program files\Morpheus Ultra\SkinData\Midnight\logoUltra.html
c:\program files\Morpheus Ultra\SkinData\Midnight\MainFrame.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\MainFrameMask.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\MenuHighlight.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\MenuNormal.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\MorphDlg.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\MorphDlgMask.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_mute.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_mute_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_next.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_next_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_pause.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_pause_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_play.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_play_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_prev.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_prev_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_sound.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_sound_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_stop.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\player_stop_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\PlayerDisplay.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\PlayerDisplayUndocked.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\playlist_add.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\playlist_add_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\playlist_repeat.BMP
c:\program files\Morpheus Ultra\SkinData\Midnight\playlist_repeat_dp.BMP
c:\program files\Morpheus Ultra\SkinData\Midnight\playlist_shuffle.BMP
c:\program files\Morpheus Ultra\SkinData\Midnight\playlist_shuffle_dp.BMP
c:\program files\Morpheus Ultra\SkinData\Midnight\playlist_subtract.BMP
c:\program files\Morpheus Ultra\SkinData\Midnight\playlist_subtract_dp.BMP
c:\program files\Morpheus Ultra\SkinData\Midnight\PlayListComboBox.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\PlayListItem.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\PlayListSelectedItem.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\PlayListTop.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\PlayListViewBk.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ProgressSlider.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ProgressSliderUndocked.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\radio_blank.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\radio_blank_disabled.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\radio_checked.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\radio_checked_disabled.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\RectangleButton.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\Research.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\retry.html
c:\program files\Morpheus Ultra\SkinData\Midnight\SchemeMenu.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SchemeMenuHL.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\search_extendsearch.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\search_extendsearch_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\search_filetype.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\search_filetype_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\search_searchbutton.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\search_searchbutton_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\search2start.html
c:\program files\Morpheus Ultra\SkinData\Midnight\SearchClose.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SearchClosePressed.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SearchConnecting.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SearchDetailToolTip.html
c:\program files\Morpheus Ultra\SkinData\Midnight\SearchesListBottom.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SearchesListMiddle.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SearchesListSelected.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SearchesListSingle.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SearchesListTop.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SearchesSplitter.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\skincombo.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\Slider.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SmallClose.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SmallClosePressed.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\spacer.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\SplitterButtonDown.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SplitterButtonDownPressed.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SplitterButtonUp.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\SplitterButtonUpPressed.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\standard.css
c:\program files\Morpheus Ultra\SkinData\Midnight\StatusBar.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\stopwatch.gif
c:\program files\Morpheus Ultra\SkinData\Midnight\TabActive-fileinformation.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\TabActive.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\TabInactive-fileinformation.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\TabInactive.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\tooltip.css
c:\program files\Morpheus Ultra\SkinData\Midnight\tooltip.jpg
c:\program files\Morpheus Ultra\SkinData\Midnight\tooltipApp.jpg
c:\program files\Morpheus Ultra\SkinData\Midnight\tooltipAud.jpg
c:\program files\Morpheus Ultra\SkinData\Midnight\tooltipDoc.jpg
c:\program files\Morpheus Ultra\SkinData\Midnight\tooltipImg.jpg
c:\program files\Morpheus Ultra\SkinData\Midnight\tooltipRom.jpg
c:\program files\Morpheus Ultra\SkinData\Midnight\tooltipVid.jpg
c:\program files\Morpheus Ultra\SkinData\Midnight\Tray.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\TrayBottomPanel.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\ui.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\UndockedMediaPlayer.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\UndockedMediaPlayerMask.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\VideoDisplayButtonsArea.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\VScrollBar.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\VSplitter.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\VTabActive.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\VTabInactive.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\VTabMask.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\VThumb.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\welcome.html
c:\program files\Morpheus Ultra\SkinData\Midnight\welcomenull.html
c:\program files\Morpheus Ultra\SkinData\Midnight\WideStatic.bmp
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_aboutdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_addpodcastdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_askdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_askdlg_onsearchresultdelete.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_askdlg_ontransfercancel.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_askdlg_saveplaylists.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_askonexitdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_chat.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_childdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_configdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_connectingsearchdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_custombrowser.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_fileinformation.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_filterempty.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_getpasswddlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_install_sharedfolder.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_itunes_prompt.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_magnetcheckdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_magnethandledlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_mainframe.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_morphdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_msgdlg_filter_can_redirect.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_msgdlg_filter_redirect.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_MsgDlg_UPnP_is_Enabled.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_MsgDlg_UPnP_status_info.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_myfilespane.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_myrsspane.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_notconnectedsearchdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_playlistpane.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_podcastalreadysubscribed.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_podcastcheckdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_prefantivirus.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_prefblock.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_prefchat.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_preffolders.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_prefgeneral.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_prefinternetconnection.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_preflangsetup.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_prefparentalcontrol.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_prefproxy.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_prefskinsetup.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_refreshsharelistdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_searchespane.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_searchresultpane.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_setdefaultfilter.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_setpasswddlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_skinmessagebox.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_torrentcheckdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_transferspane.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_traybottompanel.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_undockedmediaplayer.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\screen_xpfirewallcheckdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\Skin.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_mainframe.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_morphdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_morpheusstdbutton.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_morpheusstdbuttondown.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_morpheusstdbuttondownright.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_morpheusstdbuttonright.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_playerdisplay.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_playlistcombobox.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_ProgressSlider.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_rectanglebutton.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_slider.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_tabactive.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_tabinactive.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_undockedmediaplayer.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_vsplitter.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\skinlayout_vtab.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_button_checkbox.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_button_radiobutton.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_button_rectanglebutton.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_button_rightbutton.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_button_usualbutton.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_checkbox_checkbox.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_checkbox_radiobutton.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_editcontrol_editbox.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_editcontrol_multilineeditbox.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_groupbox_roundrect.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_header_defaultheader.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_menu_chatmenu.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_menu_chatprefmenu.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_menu_headermenu.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_menu_helpmenu.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_menu_playlistmenu.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_menu_popupmenu.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_menu_schememenu.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_menu_searchescontextmenu.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_menu_tray.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_overlappedwindow_childdialog.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_overlappedwindow_morphdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_screen_morphdlg.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_screen_UndockedMediaPlayer.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_slider_default.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_slider_progressslider.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_slider_progresssliderundocked.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_tabs_default.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_tabs_fileinformation.xml
c:\program files\Morpheus Ultra\SkinData\Midnight\xml\style_vtabs_default.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\About.htm
c:\program files\Morpheus Ultra\SkinData\Vintage\adnull.html
c:\program files\Morpheus Ultra\SkinData\Vintage\amazon.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\Background.BMP
c:\program files\Morpheus Ultra\SkinData\Vintage\bitzi-pattern.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\bitzi-tear.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\bitzi_perforation.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\bluebar.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-divider.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-dpr-back.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-dpr-blank-32x17.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-dpr-forward.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-dpr-home.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-dpr-refresh.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-dpr-stop.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-na-back.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-na-blank-32x17.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-na-forward.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-na-home.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-na-refresh.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-na-stop.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-normal-back.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-normal-blank-32x17.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-normal-forward.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-normal-home.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-normal-refresh.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-normal-stop.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-over-back.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-over-forward.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-over-home.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-over-refresh.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\browser-over-stop.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\BrowserProgress.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\Button-Dark.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\Button.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\ButtonDisabled.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\ButtonDown.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\ButtonDownMask.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\ButtonMask.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\chat.css
c:\program files\Morpheus Ultra\SkinData\Vintage\chatcombo.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\ChatHeader.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\ChatSplitter.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\Connecting.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\Connecting_selected.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\CurrentMediaStatic.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\Downloads.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\DownloadsPressed.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\eBay.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\file.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\file_info_bg.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\file_info_bg.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\fileavailability.html
c:\program files\Morpheus Ultra\SkinData\Vintage\fileavailabilitytorrent.html
c:\program files\Morpheus Ultra\SkinData\Vintage\filebitzi.html
c:\program files\Morpheus Ultra\SkinData\Vintage\FileBitziWaiting.html
c:\program files\Morpheus Ultra\SkinData\Vintage\filedetails.html
c:\program files\Morpheus Ultra\SkinData\Vintage\filedetails.jpg
c:\program files\Morpheus Ultra\SkinData\Vintage\filetipdetail.html
c:\program files\Morpheus Ultra\SkinData\Vintage\flyoutnull.html
c:\program files\Morpheus Ultra\SkinData\Vintage\Header.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_chat.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_chat_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_close.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_close_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_help.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_help_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_maximize.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_maximize_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_minimize.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_minimize_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_morpheusultra.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_morpheusultra_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_preferences.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_preferences_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_restore.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\header_restore_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\HeaderBlock.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\HeaderBlock.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\HeaderDowned.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\HScrollBar.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\HThumb.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\images\arrow.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\images\getmorpheusultra.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\images\monochrome_morpheus.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\images\monochrome_morpheus.jpg
c:\program files\Morpheus Ultra\SkinData\Vintage\images\monochrome_morpheus_ultra.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\images\monochrome_morpheus_ultra.jpg
c:\program files\Morpheus Ultra\SkinData\Vintage\images\Thumbs.db
c:\program files\Morpheus Ultra\SkinData\Vintage\images\welcome.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\Left.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\LeftDown.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\lightblue.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\ListSel.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\logo.html
c:\program files\Morpheus Ultra\SkinData\Vintage\logoUltra.html
c:\program files\Morpheus Ultra\SkinData\Vintage\MainFrame.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\MenuHighlight.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\MenuNormal.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\MorphDlg.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_mute.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_mute_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_next.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_next_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_pause.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_pause_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_play.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_play_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_prev.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_prev_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_sound.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_sound_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_stop.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\player_stop_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\PlayerDisplay.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\playlist_add.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\playlist_add_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\playlist_repeat.BMP
c:\program files\Morpheus Ultra\SkinData\Vintage\playlist_repeat_dp.BMP
c:\program files\Morpheus Ultra\SkinData\Vintage\playlist_shuffle.BMP
c:\program files\Morpheus Ultra\SkinData\Vintage\playlist_shuffle_dp.BMP
c:\program files\Morpheus Ultra\SkinData\Vintage\playlist_subtract.BMP
c:\program files\Morpheus Ultra\SkinData\Vintage\playlist_subtract_dp.BMP
c:\program files\Morpheus Ultra\SkinData\Vintage\PlayListComboBox.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\PlayListItem.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\PlayListSelectedItem.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\PlayListTop.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\PlayListViewBk.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\radio_blank.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\radio_blank_disabled.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\radio_checked.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\radio_checked_disabled.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\RectangleButton.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\retry.html
c:\program files\Morpheus Ultra\SkinData\Vintage\SchemeMenu.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SchemeMenuHL.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\search_filetype.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\search_filetype_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\search_searchbutton.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\search_searchbutton_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\search2start.html
c:\program files\Morpheus Ultra\SkinData\Vintage\SearchClose.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SearchClosePressed.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SearchConnecting.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SearchDetailToolTip.html
c:\program files\Morpheus Ultra\SkinData\Vintage\SearchesListBottom.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SearchesListMiddle.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SearchesListSelected.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SearchesListSingle.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SearchesListTop.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SearchesSplitter.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\skincombo.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\Slider.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SmallClose.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SmallClosePressed.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\spacer.gif
c:\program files\Morpheus Ultra\SkinData\Vintage\SplitterButtonDown.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SplitterButtonDownPressed.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\SplitterButtonUp.bmp

Combofix log (part 2)

c:\program files\Morpheus Ultra\SkinData\Vintage\SplitterButtonUpPressed.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\standard.css
c:\program files\Morpheus Ultra\SkinData\Vintage\StatusBar.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\TabActive.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\TabActiveMask.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\TabInactive.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\TabInactiveMask.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\TabLedge.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\TabLedgeInactive.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\tooltip.css
c:\program files\Morpheus Ultra\SkinData\Vintage\tooltip.jpg
c:\program files\Morpheus Ultra\SkinData\Vintage\tooltipApp.jpg
c:\program files\Morpheus Ultra\SkinData\Vintage\tooltipAud.jpg
c:\program files\Morpheus Ultra\SkinData\Vintage\tooltipDoc.jpg
c:\program files\Morpheus Ultra\SkinData\Vintage\tooltipImg.jpg
c:\program files\Morpheus Ultra\SkinData\Vintage\tooltipRom.jpg
c:\program files\Morpheus Ultra\SkinData\Vintage\tooltipVid.jpg
c:\program files\Morpheus Ultra\SkinData\Vintage\Tray.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\TrayBottomPanel.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\ui.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\video_dockscreen-.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\video_dockscreen_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\video_fullscreen.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\video_fullscreen_dp.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\VideoDisplayButtonsArea.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\VScrollBar.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\VSplitter.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\VTabActive.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\VTabInactive.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\VThumb.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\welcome.html
c:\program files\Morpheus Ultra\SkinData\Vintage\welcomenull.html
c:\program files\Morpheus Ultra\SkinData\Vintage\WideStatic.bmp
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_aboutdlg.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_askdlg.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_askdlg_onsearchresultdelete.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_askdlg_saveplaylists.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_askonexitdlg.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_chat.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_configdlg.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_fileinformation.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_getpasswddlg.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_install_sharedfolder.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_mainframe.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_msgdlg_filter_redirect.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_MsgDlg_UPnP_is_Enabled.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_MsgDlg_UPnP_status_info.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_myfilespane.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_myrsspane.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_prefantivirus.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_prefblock.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_prefchat.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_preffolders.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_prefgeneral.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_prefinternetconnection.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_preflangsetup.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_prefmediaweb.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_prefp2pnetwork.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_prefparentalcontrol.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_prefproxy.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_prefskinsetup.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_searchespane.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_searchresultpane.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_setpasswddlg.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_skinmessagebox.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_transferspane.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\screen_undockedmediaplayer.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\Skin.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\skinlayout_mainframe.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\skinlayout_morpheusstdbutton.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\skinlayout_playerdisplay.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\skinlayout_slider.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_button_darkbutton.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_button_rectanglebutton.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_button_usualbutton.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_checkbox_checkbox.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_checkbox_radiobutton.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_editcontrol_multilineeditbox.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_groupbox_roundrect.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_overlappedwindow_childdialog.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_overlappedwindow_morphdlg.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_screen_morphdlg.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_tabs_default.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_tabs_fileinformation.xml
c:\program files\Morpheus Ultra\SkinData\Vintage\xml\style_vtabs_default.xml
c:\program files\Morpheus Ultra\STEMP\Morpheus.exe
c:\program files\Morpheus Ultra\STEMP\Morpheus.sw2
c:\program files\Morpheus Ultra\STEMP\Softwrap.dll
c:\program files\Morpheus Ultra\svc.conf
c:\program files\Morpheus Ultra\Team Net Guru.nfo
c:\program files\utorrent
c:\program files\utorrent\4602-utorrent.66f4.dmp
c:\program files\utorrent\4602-utorrent.a49e.dmp
c:\program files\utorrent\8179-utorrent.154b.dmp
c:\program files\utorrent\8179-utorrent.8b3a.dmp
c:\program files\utorrent\8179-utorrent.c388.dmp
c:\program files\utorrent\uTorrent.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YTL
-------\Service_YTL
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 14:43 . 2009-06-01 08:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090604.002\NAVENG.SYS
2009-06-04 14:43 . 2009-06-01 08:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090604.002\NAVEX15.SYS
2009-06-04 14:43 . 2009-06-01 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090604.002\NAVENG32.DLL
2009-06-04 14:43 . 2009-06-01 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090604.002\NAVEX32A.DLL
2009-06-04 14:43 . 2009-06-01 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090604.002\EECTRL.SYS
2009-06-04 14:43 . 2009-06-01 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090604.002\ECMSVR32.DLL
2009-06-04 14:43 . 2009-06-01 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090604.002\CCERASER.DLL
2009-06-04 14:43 . 2009-06-01 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090604.002\ERASER.SYS
2009-06-02 12:08 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll
2009-06-02 12:08 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.sys
2009-06-02 12:08 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys
2009-06-02 12:08 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll
2009-06-02 12:08 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvia64.sys
2009-06-02 12:07 . 2009-06-02 12:07 -------- d--h--w- C:\WindowsLiveSyncTemp
2009-06-02 12:05 . 2009-03-12 08:42 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-02 12:05 . 2009-06-02 12:15 -------- d-----w- c:\program files\Symantec
2009-06-02 12:05 . 2009-06-02 12:15 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-02 12:05 . 2009-06-02 12:15 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-02 12:05 . 2009-06-02 12:05 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-02 12:05 . 2009-06-02 12:05 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-02 12:05 . 2009-06-02 12:05 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-02 12:05 . 2009-06-02 12:23 -------- d-----w- c:\windows\system32\drivers\NIS
2009-06-02 12:04 . 2009-06-02 12:04 -------- d-----w- c:\program files\Windows Sidebar
2009-06-02 12:02 . 2009-06-02 12:02 0 ----a-w- c:\windows\system32\cd.dat
2009-06-02 11:28 . 2009-06-02 17:29 -------- d-----w- c:\program files\Spybot2
2009-06-02 11:06 . 2009-06-02 11:06 0 ----a-w- C:\backup.reg
2009-06-02 10:55 . 2009-06-02 10:55 -------- d-----w- c:\program files\Erunt
2009-06-01 18:52 . 2009-06-01 18:52 -------- d-----w- c:\program files\NortonInstaller
2009-06-01 17:00 . 2009-06-01 17:00 -------- d-----w- c:\documents and settings\Eli\Application Data\Malwarebytes
2009-06-01 15:32 . 2009-06-02 06:01 -------- d-----w- c:\program files\New Anti-Malware
2009-06-01 14:46 . 2009-06-01 14:46 -------- d-----w- c:\program files\Trend Micro
2009-06-01 14:37 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 14:37 . 2009-06-01 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 14:37 . 2009-06-01 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-01 14:37 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-01 14:14 . 2009-06-01 14:14 -------- d-----w- c:\documents and settings\Eli\Local Settings\Application Data\Symantec
2009-05-31 21:32 . 2009-05-31 21:32 390664 ----a-w- c:\documents and settings\Eli\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-31 14:29 . 2009-05-31 14:29 -------- d-----w- c:\program files\iTunes
2009-05-31 14:29 . 2009-05-31 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-31 14:25 . 2009-05-31 14:25 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-25 14:56 . 2009-05-25 15:01 116891 ----a-w- c:\windows\hpqins00.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 15:36 . 2008-06-01 22:01 -------- d-----w- c:\documents and settings\Eli\Application Data\Orbit
2009-06-04 15:19 . 2007-01-08 17:15 -------- d-----w- c:\documents and settings\Eli\Application Data\EndNote
2009-06-03 11:44 . 2006-12-19 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-03 06:08 . 2006-12-18 17:20 -------- d-----w- c:\program files\palmOne
2009-06-02 12:15 . 2009-06-02 12:05 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-02 12:15 . 2009-06-02 12:05 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-02 12:07 . 2006-12-15 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-02 12:04 . 2009-03-06 22:15 -------- d-----w- c:\program files\Norton Internet Security
2009-06-02 12:04 . 2009-03-06 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-02 12:03 . 2009-03-06 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-02 11:25 . 2006-12-19 05:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-01 16:54 . 2007-07-24 20:59 -------- d-----w- c:\program files\LeechGet 2006
2009-06-01 16:34 . 2007-07-20 03:31 -------- d-----w- c:\program files\BitTorrent
2009-05-31 14:29 . 2006-12-19 03:31 -------- d-----w- c:\program files\iPod
2009-05-31 14:29 . 2008-09-14 00:24 -------- d-----w- c:\program files\Common Files\Apple
2009-05-07 22:01 . 2009-01-18 03:36 -------- d-----w- c:\program files\Hotspot Shield
2009-04-25 03:08 . 2008-10-26 21:55 -------- d-----w- c:\program files\Disk Checker
2009-04-14 20:43 . 2007-09-17 01:19 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe
2009-04-14 20:43 . 2006-12-17 20:19 11426 ----a-w- c:\windows\mozver.dat
2009-04-14 20:43 . 2006-12-17 20:19 118784 ----a-w- c:\windows\GREUninstall.exe
2009-04-03 18:18 . 2009-03-17 01:46 33256 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2006-09-19 20:44 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2004-10-01 20:00 . 2006-12-17 19:46 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2007-12-29 23:37 . 2007-12-29 23:35 48 --sh--w- c:\windows\SF2D2F4F3.tmp
.

------- Sigcheck -------

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-01-01 17:07 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-01-01 17:07 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( SnapShot@2009-06-04_04.07.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 15:36 . 2009-06-04 15:36 16384 c:\windows\Temp\Perflib_Perfdata_2e4.dat
+ 2009-06-04 05:42 . 2009-06-04 05:42 614400 c:\windows\ERDNT\04-06-2009\Users\00000002\UsrClass.dat
+ 2009-06-04 05:42 . 2005-10-20 16:02 163328 c:\windows\ERDNT\04-06-2009\ERDNT.EXE
+ 2009-06-04 05:42 . 2009-06-04 05:42 11460608 c:\windows\ERDNT\04-06-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-03-17 01:46 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2008-12-03 1170256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Eli\Start Menu\Programs\Startup\
Explorer.lnk - c:\windows\explorer.exe [2001-8-23 1033728]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-6-20 547840]
Palm Desktop.lnk - c:\program files\palmOne\Palm.exe [2005-1-5 614400]
SeaMonkey.lnk - c:\program files\mozilla.org\SeaMonkey\seamonkey.exe [2007-9-16 106496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-7-24 221247]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-3 40960]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-27 805392]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-12-3 147456]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-6-1 1711304]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2006-12-18 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IRUpdater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\IRUpdater.lnk
backup=c:\windows\pss\IRUpdater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eli^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\documents and settings\Eli\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Eli\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [02/06/2009 8:15 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [02/06/2009 8:15 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [02/06/2009 8:15 AM 482352]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [26/10/2008 5:55 PM 29768]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.sys [02/06/2009 8:08 AM 276344]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [21/04/2009 9:12 PM 328752]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [02/06/2009 8:15 AM 115560]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [02/02/2008 2:20 AM 144672]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [31/05/2008 11:49 PM 98488]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [01/06/2009 4:00 AM 101936]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [16/03/2009 9:46 PM 33256]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [22/12/2006 12:16 PM 14095]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [15/12/2006 11:16 AM 5824]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\EVEREST Ultimate Edition\kerneld.wnt [01/06/2008 4:08 PM 23152]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [22/04/2009 5:34 PM 34352]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [15/12/2006 11:26 AM 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [15/12/2006 11:25 AM 13532]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-30 c:\windows\Tasks\E-mail backup.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]

2009-06-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-05-30 c:\windows\Tasks\My Documents Backup.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]

2009-05-30 c:\windows\Tasks\Palm Backup.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = https://portal.jgh.ca/Citrix/AccessPlatform
uInternet Settings,ProxyOverride = *.local
Trusted Zone: jgh.ca\portal
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\Quicktax\QuickTax 2007\ic2007pp.dll
DPF: {0C3CAA1C-027B-40AF-B080-5880E96C5113} - hxxp://install.cche.net/clint/install/control/5.6.5.3/VIVIDESKControlWeb.ocx#Version=5,6,5,3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 11:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220523388-2147237195-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-220523388-2147237195-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7a,98,2a,3c,a7,0d,80,d0,da,6b,6c,3b,94,ed,d0,0c,df,e6,66,90,8e,77,49,
a2,4d,d1,76,04,fc,8a,2f,01,19,7e,17,e7,45,61,1b,ce,ec,2e,28,0f,08,64,b5,05,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38

[HKEY_LOCAL_MACHINE\software\Ariolic Software, Ltd\ActiveSMART\Ð*,*Ƭ ]
"Performance"=dword:0000005f
"Reliability"=dword:0000005f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1868)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(4188)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-06-04 11:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 15:40
ComboFix2.txt 2009-06-04 04:08

Pre-Run: 316,858,814,464 bytes free
Post-Run: 316,787,535,872 bytes free

1568 --- E O F --- 2009-06-02 12:09

Hi,

Delete suspicious looking email messages in this mailbox:
C:\Documents and Settings\Eli\Application Data\Mozilla\Profiles\default\0cx92n2l.slt\ImapMail\exchange.mcgill.ca\INBOX-1

Is C:\Documents and Settings\Eli\Application Data\Mozilla\Profiles\Eli\k6rnyfqm.slt\Mail\pop3.norton.antivirus mailbox one that contains Norton quarantined email items?

Uninstall all Java versions prior Java 6 Update 14.

Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\Documents and Settings\Eli\My Documents\Downloads\010-PasswordCrackers\Advanced PDF Password Recovery 1.34\setup.exe
C:\Documents and Settings\Eli\My Documents\Downloads\010-PasswordCrackers\anv20.zip
C:\My Downloads\Downloads pre-2005\2000 Crackz & Serialz A - Z.exe
C:\My Downloads\Downloads pre-2005\GDiVX1.9.9.exe
C:\My Downloads\Downloads pre-2005\PASSWORD_HACKER_(WORKS_GREAT!) (1) (1).EXE
C:\My Downloads\Downloads pre-2005\setupmpe.exe
H:\RECYCLER\S-2-5-31-100009945-100021218-100015399-7650.com
H:\RECYCLER\S-5-5-21-100012000-100029068-100027383-9562.com

Folder::
C:\Medical\Palm Medical Software\Medscut Palm Software\temp\2000 Crackz & Serialz A - Z
C:\Documents and Settings\Eli\My Documents\Downloads\010-PasswordCrackers\advanced office 97 password recovery 1.33

DirLook::
C:\Documents and Settings\Eli\My Documents\Downloads\010-PasswordCrackers



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then attach the resultant log (as a file this time). Re-run Kaspersky online scanner and post back its report & a fresh dds.txt log too.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Hi Blade81.

I ran Combofix with the latest script. Unfortunately, I have to leave for several days, so I'll run Kaspersky Anti-virus when I return and post the results.

Also, the last Combofix scan deleted Windows Live-Sync, which I find surprising, as it was not included in the CFScript and I find it to be a very useful program.

Thanks again.

Unfortunately, I have to leave for several days
Will the absence last more than four days? We normally archive topics older than that if no response is posted.


Also, the last Combofix scan deleted Windows Live-Sync, which I find surprising, as it was not included in the CFScript and I find it to be a very useful program.
I have to check the results when you have posted them.

I'll be back in 4 days.

Many thanks.

Ok. Shall wait for your reply :)

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.