ComboFix 09-05-26.02 - Chris Jablonski 05/26/2009 21:10.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.758 [GMT -4:00]
Running from: d:\documents and settings\Chris Jablonski\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Chris Jablonski\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\All Users\Application Data\avg8
d:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
d:\documents and settings\All Users\Application Data\Symantec
d:\documents and settings\All Users\Application Data\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}203a6540.zip
d:\documents and settings\Chris Jablonski\Application Data\LimeWire
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\certificate\limewire.keystore
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\createtimes.cache
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\downloads.dat
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\fileurns.bak
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\fileurns.cache
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\filters.props
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\gnutella.net
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\installation.props
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\library.dat
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\limewire.props
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\mojito.props
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\promotion\promodb.backup
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\promotion\promodb.data
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\promotion\promodb.properties
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\promotion\promodb.script
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\questions.props
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\responses.cache
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\simpp.xml
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\spam.dat
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\tables.props
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme.lwtp
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\01_star.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\02_star.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\03_star.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\04_star.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\05_star.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\chat.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\forward_up.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\kill.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\kill_on.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\pause_up.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\play_dn.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\play_up.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\question.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\stop_up.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\theme.txt
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\version.txt
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\themes\windows_theme\warning.gif
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\ttrees.cache
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\ttroot.cache
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\version.xml
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\versions.props
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\xml\data\audio.sxml2
d:\documents and settings\Chris Jablonski\Application Data\LimeWire\xml\data\video.sxml2
d:\program files\Common Files\Symantec Shared
d:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
d:\program files\LimeWire
d:\program files\LimeWire\Hows this for a List.m3u
d:\program files\LimeWire\rap stuff chill.m3u
d:\program files\LimeWire\WoW ChiLLin.m3u
d:\program files\LimeWire\WoW, Listen.m3u
.
((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.
2009-05-27 01:08 . 2009-05-27 01:10 -------- d-----w d:\program files\Essentials Codec Pack
2009-05-23 22:31 . 2009-05-23 22:31 -------- d-----w d:\program files\Common Files\DivX Shared
2009-05-22 22:36 . 2008-06-19 21:24 28544 ----a-w d:\windows\system32\drivers\pavboot.sys
2009-05-22 22:35 . 2009-05-22 22:35 -------- d-----w d:\program files\Panda Security
2009-05-16 10:22 . 2009-05-16 10:22 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\Malwarebytes
2009-05-12 20:49 . 2009-05-12 20:49 -------- d-----w D:\rsit
2009-05-11 02:29 . 2009-04-06 19:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-05-11 02:29 . 2009-04-06 19:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 02:29 . 2009-05-11 02:29 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-05-11 02:29 . 2009-05-11 02:29 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-09 23:39 . 2009-05-09 23:41 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\GetRightToGo
2009-05-01 05:03 . 2009-05-01 05:03 201 ----a-w d:\windows\nsreg.dat
2009-04-29 20:55 . 2006-03-03 15:07 143360 ----a-w d:\windows\system32\dunzip32.dll
2009-04-29 20:54 . 2006-07-14 04:10 37800 ----a-w d:\windows\system32\drivers\mfesmfk.sys
2009-04-29 20:54 . 2006-07-14 04:09 31560 ----a-w d:\windows\system32\drivers\mferkdk.sys
2009-04-29 20:54 . 2006-07-14 04:09 33896 ----a-w d:\windows\system32\drivers\mfebopk.sys
2009-04-29 20:54 . 2006-07-14 04:09 161768 ----a-w d:\windows\system32\drivers\mfehidk.sys
2009-04-29 20:54 . 2006-07-08 19:46 84744 ----a-w d:\windows\system32\drivers\mfeavfk.sys
2009-04-29 20:53 . 2006-08-01 17:59 104536 ----a-w d:\windows\system32\drivers\Mpfp.sys
2009-04-29 20:53 . 2009-04-29 20:53 -------- d-----w d:\program files\McAfee.com
2009-04-29 20:53 . 2009-04-29 20:55 -------- d-----w d:\program files\Common Files\McAfee
2009-04-29 20:53 . 2009-04-29 21:08 -------- d-----w d:\program files\McAfee
2009-04-29 20:52 . 2009-04-29 20:56 -------- d-----w d:\documents and settings\All Users\Application Data\McAfee
2009-04-29 02:26 . 2009-04-29 02:26 102800 ----a-w d:\windows\system32\drivers\tmcomm.sys
2009-04-28 11:36 . 2009-04-28 11:36 -------- d-----w d:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 15:08 . 2008-07-18 04:50 -------- d-----w d:\program files\Warcraft III
2009-05-23 23:10 . 2008-12-09 13:51 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\uTorrent
2009-05-23 22:32 . 2008-09-30 08:59 -------- d-----w d:\program files\DivX
2009-05-19 23:58 . 2008-07-18 01:46 -------- d-----w d:\program files\World of Warcraft
2009-04-26 12:13 . 2008-07-18 01:55 -------- d-----w d:\program files\Common Files\Blizzard Entertainment
2009-04-22 07:39 . 2009-04-22 07:26 -------- d-----w d:\program files\Garena
2009-04-16 07:01 . 2009-04-16 07:00 -------- d-----w d:\program files\Defraggler
2009-04-16 06:56 . 2008-07-18 05:58 -------- d-----w d:\program files\CCleaner
2009-04-07 00:29 . 2008-09-08 02:40 -------- d-----w d:\documents and settings\All Users\Application Data\Viewpoint
2009-04-07 00:28 . 2009-04-07 00:17 -------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2009-03-28 20:16 . 2008-11-17 01:39 -------- d-----w d:\program files\DotA Gaming Network
2009-03-20 03:36 . 2008-07-18 04:56 78123 ----a-w d:\windows\War3Unin.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-05-15_19.43.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-05-15 19:43 40394 d:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-05-24 20:12 40394 d:\windows\system32\perfc009.dat
+ 2009-02-24 19:34 . 2009-02-24 19:34 90112 d:\windows\system32\dpl100.dll
- 2004-08-04 12:00 . 2009-05-15 19:43 312172 d:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-05-24 20:12 312172 d:\windows\system32\perfh009.dat
- 2008-10-28 22:35 . 2008-10-28 22:35 802816 d:\windows\system32\divx_xx11.dll
+ 2009-02-24 19:34 . 2009-02-24 19:34 802816 d:\windows\system32\divx_xx11.dll
- 2008-10-28 22:36 . 2008-10-28 22:36 823296 d:\windows\system32\divx_xx0c.dll
+ 2009-02-24 19:34 . 2009-02-24 19:34 823296 d:\windows\system32\divx_xx0c.dll
- 2008-10-28 22:35 . 2008-10-28 22:35 815104 d:\windows\system32\divx_xx0a.dll
+ 2009-02-24 19:34 . 2009-02-24 19:34 815104 d:\windows\system32\divx_xx0a.dll
- 2008-10-28 22:36 . 2008-10-28 22:36 823296 d:\windows\system32\divx_xx07.dll
+ 2009-02-24 19:34 . 2009-02-24 19:34 823296 d:\windows\system32\divx_xx07.dll
+ 2009-02-24 19:34 . 2009-02-24 19:34 684032 d:\windows\system32\DivX.dll
- 2008-10-28 22:35 . 2008-10-28 22:35 684032 d:\windows\system32\DivX.dll
+ 2009-04-17 12:59 . 2009-04-17 12:59 128256 d:\windows\Downloaded Program Files\as2stubie.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin600.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin600.exe.lnk
backup=d:\windows\pss\TrayMin600.exe.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^Chris Jablonski^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk]
path=d:\documents and settings\Chris Jablonski\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
backup=d:\windows\pss\My_AutoWarkey_Script.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"rpcapd"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"MioNet"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avg8emc"=2 (0x2)
"avg8wd"=2 (0x2)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"MSK80Service"=2 (0x2)
"MPS9"=2 (0x2)
"MpfService"=2 (0x2)
"mcusrmgr"=2 (0x2)
"mctskshd.exe"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"mcpromgr"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"McLogManagerService"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Download Manager\\DLM.exe"=
"d:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\Warcraft III\\pickup.listchecker.exe"=
"d:\\WINDOWS\\system32\\wupdmgr.exe"=
"d:\\Program Files\\World of Warcraft\\BNUpdate.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe"=
"d:\\Program Files\\World of Warcraft\\Updates\\WoW-3.0.1-to-3.0.2-Update\\Updater.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-BurningCrusade-enUS-Slim-Installer\\Installer.exe"=
"d:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"d:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft Installer\\Installer.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"d:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"d:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"1700:TCP"= 1700:TCP:*:Disabled:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"6111:TCP"= 6111:TCP:wc3
"6110:TCP"= 6110:TCP:wc3
"6114:TCP"= 6114:TCP:wc3
"3274:TCP"= 3274:TCP:wow
"8086:TCP"= 8086:TCP:wow
"8087:TCP"= 8087:TCP:wow
"9081:TCP"= 9081:TCP:wow
"9090:TCP"= 9090:TCP:wow
"9097:TCP"= 9097:TCP:wow
"9100:TCP"= 9100:TCP:wow
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [5/22/2009 6:36 PM 28544]
R3 HSFHWATI;HSFHWATI;d:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 6:06 PM 231424]
R3 phc600;USB PC Camera (phc600);d:\windows\system32\drivers\phc600.sys [11/19/2008 1:43 AM 440064]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\Viewpoint\Common\ViewpointService.exe" --> d:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2009-05-15 d:\windows\Tasks\McDefragTask.job
- d:\windows\system32\defrag.exe [2004-08-04 00:12]
2009-05-01 d:\windows\Tasks\McQcTask.job
- d:\program files\mcafee\mqc\QcConsol.exe [2009-04-29 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.watch-movies-links.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - d:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 21:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-796845957-2111687655-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(748)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(840)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\windows\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2009-05-27 21:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-27 01:15
ComboFix2.txt 2009-05-24 19:54
ComboFix3.txt 2009-05-22 22:21
ComboFix4.txt 2009-05-22 22:07
ComboFix5.txt 2009-05-27 01:08
D:\DeQuarantine.txt
Pre-Run: 38,367,293,440 bytes free
Post-Run: 38,309,031,936 bytes free
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
299 --- E O F --- 2008-11-18 21:25
Dequarantine Log.
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\audxlib.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\audxlib.dll ( 741376 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_78er.matrix.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_78er.matrix.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_doppelte_99er.matrix.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_doppelte_99er.matrix.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_einfache_99er.matrix.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_einfache_99er.matrix.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's High Quality Matrix.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's High Quality Matrix.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\CG-Animation Matrix.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\CG-Animation Matrix.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_autogk_sharp.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_autogk_sharp.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_avc_hr.cfg.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_avc_hr.cfg ( 910 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v1.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v1.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ehr.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ehr.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3hr.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3hr.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3lr.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3lr.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3uhr_rev2.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3uhr_rev2.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ulr_rev3.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ulr_rev3.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-best-picture.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-best-picture.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-better-picture.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-better-picture.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-good-picture.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-good-picture.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Low Bitrate Matrix.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Low Bitrate Matrix.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\MPEG.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\MPEG.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\pvcd.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\pvcd.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix.cfg.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix.cfg ( 2697 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix_def.cfg.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix_def.cfg ( 1244 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix2.cfg.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix2.cfg ( 1244 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V3.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V3.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V5.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V5.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Standard.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Standard.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Ultimate Matrix.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Ultimate Matrix.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Ultra Low Bitrate Matrix.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Ultra Low Bitrate Matrix.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Very Low Bitrate Matrix.xcm.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Very Low Bitrate Matrix.xcm ( 128 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_kernelDeint.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_kernelDeint.dll ( 683520 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_liba52.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_liba52.dll ( 142848 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_libdts.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_libdts.dll ( 257024 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_libfaad2.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_libfaad2.dll ( 485888 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_libmad.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_libmad.dll ( 178688 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_realaac.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_realaac.dll ( 153600 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_samplerate.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_samplerate.dll ( 183296 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_theora.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_theora.dll ( 239247 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_tremor.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_tremor.dll ( 146944 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_unrar.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_unrar.dll ( 113152 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_vfw.dll.manifest.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_vfw.dll.manifest ( 547 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_vfw.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_vfw.dll ( 57344 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_wmv9.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_wmv9.dll ( 93184 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_x264.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ff_x264.dll ( 884237 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffavisynth.avsi.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ffavisynth.avsi ( 39 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffavisynth.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ffavisynth.dll ( 53760 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffdshow.ax.manifest.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ffdshow.ax.manifest ( 547 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffdshow.ax.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ffdshow.ax ( 2625536 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffvdub.vdf.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\ffvdub.vdf ( 96768 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\FLT_ffdshow.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\FLT_ffdshow.dll ( 53760 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1026.bg.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1026.bg ( 82598 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1028.tc.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1028.tc ( 22148 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1029.cz.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1029.cz ( 99356 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1031.de.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1031.de ( 78406 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1033.en.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1033.en ( 9 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1034.es.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1034.es ( 115322 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1035.fi.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1035.fi ( 69860 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1036.fr.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1036.fr ( 114950 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1038.hu.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1038.hu ( 10636 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1040.it.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1040.it ( 85420 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1041.ja.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1041.ja ( 94746 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1045.pl.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1045.pl ( 130524 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1046.br.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1046.br ( 11084 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1049.ru.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1049.ru ( 62196 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1051.sk.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1051.sk ( 70960 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1053.se.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1053.se ( 9802 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.2052.sc.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.2052.sc ( 67828 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\libavcodec.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\libavcodec.dll ( 4338246 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\libmpeg2_ff.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\libmpeg2_ff.dll ( 145609 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\libmplayer.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\libmplayer.dll ( 560802 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\msvcr71.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\msvcr71.dll ( 348160 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\openIE.js.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\openIE.js ( 1708 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\TomsMoComp_ff.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\TomsMoComp_ff.dll ( 238080 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\xvidcore.dll.vir -> D:\Program Files\Essentials Codec Pack\FFDShow\xvidcore.dll ( 791742 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Gabset\FLVSplitter.ax.vir -> D:\Program Files\Essentials Codec Pack\Gabset\FLVSplitter.ax ( 344064 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Gabset\Mpeg2DecFilter.ax.vir -> D:\Program Files\Essentials Codec Pack\Gabset\Mpeg2DecFilter.ax ( 446464 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Gabset\VSFilter.dll.vir -> D:\Program Files\Essentials Codec Pack\Gabset\VSFilter.dll ( 1019904 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\avi.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\avi.dll ( 108032 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\avs.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\avs.dll ( 97280 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\avss.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\avss.dll ( 102400 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\cue2xml.js.vir -> D:\Program Files\Essentials Codec Pack\Haali\cue2xml.js ( 4835 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\dsmux.exe.vir -> D:\Program Files\Essentials Codec Pack\Haali\dsmux.exe ( 103424 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\dxr.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\dxr.dll ( 245248 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\gdsmux.exe.vir -> D:\Program Files\Essentials Codec Pack\Haali\gdsmux.exe ( 335872 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\license.txt.vir -> D:\Program Files\Essentials Codec Pack\Haali\license.txt ( 1187 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkunicode.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\mkunicode.dll ( 23552 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkv2vfr.exe.vir -> D:\Program Files\Essentials Codec Pack\Haali\mkv2vfr.exe ( 135168 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkx.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\mkx.dll ( 148992 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkzlib.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\mkzlib.dll ( 79360 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll ( 159744 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mp4.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\mp4.dll ( 141312 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\ogm.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\ogm.dll ( 120832 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\splitter.ax.vir -> D:\Program Files\Essentials Codec Pack\Haali\splitter.ax ( 536576 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\ts.dll.vir -> D:\Program Files\Essentials Codec Pack\Haali\ts.dll ( 163840 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\MediaRepair.exe.vir -> D:\Program Files\Essentials Codec Pack\MediaRepair.exe ( 65536 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\mplayerc.exe.vir -> D:\Program Files\Essentials Codec Pack\mplayerc.exe ( 6402048 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\uninst.exe.vir -> D:\Program Files\Essentials Codec Pack\uninst.exe ( 66266 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WavPack\license.txt.vir -> D:\Program Files\Essentials Codec Pack\WavPack\license.txt ( 1583 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WavPack\WavPackDSDecoder.ax.vir -> D:\Program Files\Essentials Codec Pack\WavPack\WavPackDSDecoder.ax ( 147456 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WavPack\WavPackDSSplitter.ax.vir -> D:\Program Files\Essentials Codec Pack\WavPack\WavPackDSSplitter.ax ( 81920 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WECPUpdate.exe.vir -> D:\Program Files\Essentials Codec Pack\WECPUpdate.exe ( 196608 bytes )
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Windows Essentials Media Codec Pack.url.vir -> D:\Program Files\Essentials Codec Pack\Windows Essentials Media Codec Pack.url ( 52 bytes )
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:07 PM, on 5/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watch-movies-links.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - D:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6342352765
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9072450140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
--
End of file - 5538 bytes