WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Virtumonde and Savetheinformation

Started by raskasbw , Dec 03 2007 05:38 PM

This topic is locked

6 replies to this topic

#1 raskasbw

New Member

New Member
3 posts

Posted 03 December 2007 - 05:38 PM

Hi there, got myself infected. Looks like Virtumonde and Savetheinformation. I've run Vundofix and Adaware Personal but it hasn't helped. Lots of popups are coming up and dialogue boxes warning me of spyware/adware on the computer. Little yellow triangle in the tray is also warning me of stuff. I'm assuming they're hoaxes.

I've renamed HijackThis.exe to scanner.exe. Here's the log.

Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 3:37:47 PM, on 12/3/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINDOWS\system32\awtsrsq.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A39C99CB-BA76-4FFB-B526-2691E095E171} - C:\WINDOWS\System32\ddayw.dll
O2 - BHO: {12500a27-3f1a-301a-5fd4-c00f57b8ed0b} - {b0de8b75-f00c-4df5-a103-a1f372a00521} - C:\WINDOWS\System32\elqblvrr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [8076bc93] rundll32.exe "C:\WINDOWS\System32\gltxvkwg.dll",b
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0663A1A4-DBB3-4080-8C77-FCE20F4CA5B7}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{1711D978-BFB8-49AC-8A86-A594EDCF3918}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5979EC6-9629-4007-BD33-D247BEA4F592}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9D09419-F7CA-4F8D-A6FF-29D7ABAADCF4}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{0663A1A4-DBB3-4080-8C77-FCE20F4CA5B7}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{0663A1A4-DBB3-4080-8C77-FCE20F4CA5B7}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6
O20 - Winlogon Notify: awtsrsq - C:\WINDOWS\SYSTEM32\awtsrsq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Edited by raskasbw, 03 December 2007 - 05:53 PM.

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 06 December 2007 - 11:49 AM

Hello and Welcome to the forum.

Your still infected with the Vundo Trojan along with the Wareout Trojan also. One of the reasons being is that you are running an unpatched Windows Operating system. Is your copy of windows legal?? If not your going to keep getting infected .

Your computer has been hijacked by the lovely people in the Ukraine, you are infected with Wareout.

85.255.112.200 - 85.255.127.255
Inhoster hosting company
OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
FixWareout Subratam
FixWareout Lonny

Save it to your desktop and run it.
Click Next, then Install,
Then make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.

Save the contents of the logfile C:\fixwareout\report.txt and post it into your next reply.

Now lets check some settings on your system. For (2000/XP) Only)

Go to Start > control panel.
If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections.
Then right click on your default connection, usually local area connection for cable and dsl.
Left click on properties.
Click the Networking tab.
Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems

Next Go start> Run type cmd and hit OK
Type in ipconfig /flushdns then hit enter
(that space between g and / is needed)
Type exit hit enter

Please download ATF Cleaner by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Your version of HJT is outdated, you can uninstall it via the Add Remove Programs in the Control Panel and then download and install the newer version by Trendmicro. Keep it renamed to Scanner.exe

Download Trendmicros Hijackthis to your desktop, double click it to install, follow the prompts and by default it will install in C:\Program Files
Trendmicro\Hijackthis\Highjackthis.exe

Let me see the Wareout report, the Combofix report and a New HJT log please

Edited by ken545, 06 December 2007 - 11:57 AM.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 raskasbw

New Member

New Member
3 posts

Posted 07 December 2007 - 02:17 AM

Thanks a ton for the reply.

Updated HijackThis log, renamed it scanner.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:44 AM, on 12/7/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

--
End of file - 5555 bytes

Fixwareout

Username "Jeff" - 12/06/2007 23:04:30 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.91 85.255.112.6" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0663A1A4-DBB3-4080-8C77-FCE20F4CA5B7}
"nameserver"="85.255.115.91,85.255.112.6" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1711D978-BFB8-49AC-8A86-A594EDCF3918}
"nameserver"="85.255.115.91,85.255.112.6" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B5979EC6-9629-4007-BD33-D247BEA4F592}
"nameserver"="85.255.115.91,85.255.112.6" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F9D09419-F7CA-4F8D-A6FF-29D7ABAADCF4}
"nameserver"="85.255.115.91,85.255.112.6" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6E49E0B4-5BDC-4E27-90D1-166BCCA93208}
"DhcpNameServer"="85.255.115.91,85.255.112.6" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B5979EC6-9629-4007-BD33-D247BEA4F592}
"DhcpNameServer"="85.255.115.91,85.255.112.6" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F9D09419-F7CA-4F8D-A6FF-29D7ABAADCF4}
"DhcpNameServer"="85.255.115.91,85.255.112.6" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"WINDVDPatch"="CTHELPER.EXE"
"nwiz"="nwiz.exe /install"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"8076bc93"="rundll32.exe \"C:\\WINDOWS\\System32\\misnsfgm.dll\",b"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="\\WkDetect.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Combofix

ComboFix 07-12-07.3 - Jeff 2007-12-06 23:51:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.676 [GMT -8:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Jeff\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Jeff\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Jeff\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\Yazzle1848OinAdmin.exe
C:\Program Files\Common Files\Yazzle1848OinUninstaller.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtsrsq.dll
C:\WINDOWS\System32\ddayw.dll
C:\WINDOWS\system32\edrglmre.ini
C:\WINDOWS\system32\elqblvrr.dll
C:\WINDOWS\system32\ermlgrde.dll
C:\WINDOWS\system32\jaxqjioy.exe
C:\WINDOWS\system32\mgfsnsim.ini
C:\WINDOWS\system32\misnsfgm.dll
C:\WINDOWS\system32\mlarfewr.dll
C:\WINDOWS\system32\odexkluk.dll
C:\WINDOWS\system32\tleacmas.dllbox
C:\WINDOWS\system32\uukdkmae.exe
C:\WINDOWS\system32\vmrsskpu.dll
C:\WINDOWS\system32\wxdfcnot.dll
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\wyadd.ini2
C:\WINDOWS\system32\xejxkyja.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-06 15:54 . 2007-12-06 15:54 74,304 --a------ C:\WINDOWS\system32\pwywkgop.exe
2007-12-05 15:55 . 2007-12-05 15:55 74,304 --a------ C:\WINDOWS\system32\dmahcmll.exe
2007-12-04 15:59 . 2007-12-05 15:59 895,651 --ahs---- C:\WINDOWS\system32\dpftsimk.ini
2007-12-03 14:53 . 2007-12-03 14:53 256 --a------ C:\WINDOWS\adaway.lic
2007-12-03 14:31 . 2007-12-04 15:54 819,865 --ahs---- C:\WINDOWS\system32\gwkvxtlg.ini
2007-12-03 00:37 . 2007-12-03 15:29 <DIR> d-------- C:\VundoFix Backups
2007-12-03 00:27 . 2007-12-03 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-03 00:19 . 2007-12-03 00:20 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-02 23:54 . 2007-12-03 14:25 792,054 --ahs---- C:\WINDOWS\system32\mtpqxkpx.ini
2007-12-01 21:31 . 2005-11-28 11:34 194 --ahs---- C:\BOOT.BAK
2007-12-01 14:26 . 2007-10-04 17:14 136,260 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-12-01 14:22 . 2007-12-01 14:24 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\SystemRequirementsLab
2007-11-20 22:21 . 2007-11-20 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-11-20 21:56 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-11-20 21:44 . 2007-11-20 21:44 <DIR> d-------- C:\Program Files\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 00:48 --------- d-----w C:\Program Files\Steam
2007-12-05 00:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-03 09:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-03 08:27 --------- d-----w C:\Program Files\Lavasoft
2007-12-03 08:27 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Lavasoft
2007-12-03 08:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 07:48 --------- d-----w C:\Program Files\ComcastToolbar
2007-12-02 07:19 --------- d-----w C:\Documents and Settings\Jeff\Application Data\uTorrent
2007-11-27 07:37 --------- d-----w C:\Program Files\Morpheus
2007-11-17 04:32 --------- d-----w C:\Program Files\Starcraft
2007-11-14 02:31 --------- d-----w C:\Program Files\World of Warcraft
2007-11-13 08:12 --------- d-----w C:\Documents and Settings\Jeff\Application Data\U3
2007-11-13 06:08 --------- d-----w C:\Documents and Settings\Jeff\Application Data\HP
2007-10-26 03:59 --------- d-----w C:\Program Files\LucasArts
2007-10-26 03:54 --------- d-----w C:\Documents and Settings\Jeff\Application Data\InstallShield
2007-10-22 10:53 --------- d-----w C:\Program Files\HP
2007-10-22 10:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-22 10:52 --------- d-----w C:\Program Files\Common Files\HP
2007-10-22 10:48 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-22 10:48 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-10-05 01:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-05 01:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-05 01:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-05 01:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-05 01:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-05 01:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-05 01:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-05 01:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-05 01:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-05 01:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-05 01:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-05 01:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-05 01:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-05 01:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-05 01:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-05 01:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-05 01:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-05 01:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-05 01:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-05 01:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-05 01:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-05 01:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-05 01:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-05 01:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-05 01:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-05 01:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-05 01:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-05 01:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-05 01:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="\WkDetect.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-08-09 14:41]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 02:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 04:00 C:\WINDOWS\system32\rundll32.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 C:\WINDOWS\system32\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 04:00 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-30 19:56:21]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-06-29 15:15:10]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2005-08-23 07:41:49]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 14:36:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 23:59:13
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 0:00:41 - machine was rebooted
.
--- E O F ---

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 07 December 2007 - 07:16 AM

Good Morning,

Your Java is out of date but you won't be able to update it on account of windows being so out of date. After your clean we can try to install Service Pack 1 ( SP1) and then go from there.

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
C:\WINDOWS\system32\pwywkgop.exe
C:\WINDOWS\system32\dmahcmll.exe
C:\WINDOWS\system32\dpftsimk.ini
C:\WINDOWS\system32\gwkvxtlg.ini
C:\WINDOWS\system32\mtpqxkpx.ini

Folder::
C:\VundoFix Backups
C:\Program Files\Morpheus

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 raskasbw

New Member

New Member
3 posts

Posted 07 December 2007 - 02:07 PM

ComboFix
ComboFix 07-12-07.3 - Jeff 2007-12-07 11:56:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.697 [GMT -8:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeff\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\dmahcmll.exe
C:\WINDOWS\system32\dpftsimk.ini
C:\WINDOWS\system32\gwkvxtlg.ini
C:\WINDOWS\system32\mtpqxkpx.ini
C:\WINDOWS\system32\pwywkgop.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Morpheus
C:\Program Files\Morpheus\_socket.pyd
C:\Program Files\Morpheus\_sre.pyd
C:\Program Files\Morpheus\Audio.ico
C:\Program Files\Morpheus\bitTorrent_LICENSE.txt
C:\Program Files\Morpheus\Casino Kingdom.ico
C:\Program Files\Morpheus\chc0.cfg
C:\Program Files\Morpheus\EPoker.ico
C:\Program Files\Morpheus\Folder_Morpheus.ico
C:\Program Files\Morpheus\M5Shell.dll
C:\Program Files\Morpheus\MorphCache.net
C:\Program Files\Morpheus\MorphConfig.ini
C:\Program Files\Morpheus\MorphConfigEx.ini
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\Morpheus\MorpheusThemeDefault.dll
C:\Program Files\Morpheus\MorphUltraCache.net
C:\Program Files\Morpheus\NeoWebCache.net
C:\Program Files\Morpheus\once.tmp
C:\Program Files\Morpheus\Proto.dll
C:\Program Files\Morpheus\python_LICENSE.txt
C:\Program Files\Morpheus\python23.dll
C:\Program Files\Morpheus\python23.zip
C:\Program Files\Morpheus\Schemas\application.xml
C:\Program Files\Morpheus\Schemas\application.xsd
C:\Program Files\Morpheus\Schemas\audio.xml
C:\Program Files\Morpheus\Schemas\audio.xsd
C:\Program Files\Morpheus\Schemas\document.xml
C:\Program Files\Morpheus\Schemas\document.xsd
C:\Program Files\Morpheus\Schemas\image.xml
C:\Program Files\Morpheus\Schemas\image.xsd
C:\Program Files\Morpheus\Schemas\morph.xml
C:\Program Files\Morpheus\Schemas\morph.xsd
C:\Program Files\Morpheus\Schemas\rom.xml
C:\Program Files\Morpheus\Schemas\rom.xsd
C:\Program Files\Morpheus\Schemas\video.xml
C:\Program Files\Morpheus\Schemas\video.xsd
C:\Program Files\Morpheus\select.pyd
C:\Program Files\Morpheus\SkinData\default\About.htm
C:\Program Files\Morpheus\SkinData\default\adnull.html
C:\Program Files\Morpheus\SkinData\default\Background.BMP
C:\Program Files\Morpheus\SkinData\default\bitzi-pattern.gif
C:\Program Files\Morpheus\SkinData\default\bitzi-tear.gif
C:\Program Files\Morpheus\SkinData\default\bitzi_perforation.gif
C:\Program Files\Morpheus\SkinData\default\bluebar.gif
C:\Program Files\Morpheus\SkinData\default\browser-divider.bmp
C:\Program Files\Morpheus\SkinData\default\browser-dpr-back.bmp
C:\Program Files\Morpheus\SkinData\default\browser-dpr-blank-32x17.bmp
C:\Program Files\Morpheus\SkinData\default\browser-dpr-blank-33x17.bmp
C:\Program Files\Morpheus\SkinData\default\browser-dpr-forward.bmp
C:\Program Files\Morpheus\SkinData\default\browser-dpr-home.bmp
C:\Program Files\Morpheus\SkinData\default\browser-dpr-refresh.bmp
C:\Program Files\Morpheus\SkinData\default\browser-dpr-stop.bmp
C:\Program Files\Morpheus\SkinData\default\browser-na-back.bmp
C:\Program Files\Morpheus\SkinData\default\browser-na-blank-32x17.bmp
C:\Program Files\Morpheus\SkinData\default\browser-na-blank-33x17.bmp
C:\Program Files\Morpheus\SkinData\default\browser-na-forward.bmp
C:\Program Files\Morpheus\SkinData\default\browser-na-home.bmp
C:\Program Files\Morpheus\SkinData\default\browser-na-refresh.bmp
C:\Program Files\Morpheus\SkinData\default\browser-na-stop.bmp
C:\Program Files\Morpheus\SkinData\default\browser-normal-back.bmp
C:\Program Files\Morpheus\SkinData\default\browser-normal-blank-32x17.bmp
C:\Program Files\Morpheus\SkinData\default\browser-normal-blank-33x17.bmp
C:\Program Files\Morpheus\SkinData\default\browser-normal-forward.bmp
C:\Program Files\Morpheus\SkinData\default\browser-normal-home.bmp
C:\Program Files\Morpheus\SkinData\default\browser-normal-refresh.bmp
C:\Program Files\Morpheus\SkinData\default\browser-normal-stop.bmp
C:\Program Files\Morpheus\SkinData\default\browser-over-back.bmp
C:\Program Files\Morpheus\SkinData\default\browser-over-forward.bmp
C:\Program Files\Morpheus\SkinData\default\browser-over-home.bmp
C:\Program Files\Morpheus\SkinData\default\browser-over-refresh.bmp
C:\Program Files\Morpheus\SkinData\default\browser-over-stop.bmp
C:\Program Files\Morpheus\SkinData\default\Button-Dark.bmp
C:\Program Files\Morpheus\SkinData\default\Button.bmp
C:\Program Files\Morpheus\SkinData\default\ButtonDown-dark.bmp
C:\Program Files\Morpheus\SkinData\default\ButtonDown.bmp
C:\Program Files\Morpheus\SkinData\default\ButtonDownMask.bmp
C:\Program Files\Morpheus\SkinData\default\ButtonMask.bmp
C:\Program Files\Morpheus\SkinData\default\chat.css
C:\Program Files\Morpheus\SkinData\default\chatcombo.bmp
C:\Program Files\Morpheus\SkinData\default\chatcombomask.bmp
C:\Program Files\Morpheus\SkinData\default\ChatHeader.bmp
C:\Program Files\Morpheus\SkinData\default\ChatSplitter.bmp
C:\Program Files\Morpheus\SkinData\default\checkbox_blank.bmp
C:\Program Files\Morpheus\SkinData\default\checkbox_blank_disabled.bmp
C:\Program Files\Morpheus\SkinData\default\checkbox_checked.bmp
C:\Program Files\Morpheus\SkinData\default\checkbox_checked_disabled.bmp
C:\Program Files\Morpheus\SkinData\default\Connecting.bmp
C:\Program Files\Morpheus\SkinData\default\Connecting_selected.bmp
C:\Program Files\Morpheus\SkinData\default\CurrentMediaStatic.bmp
C:\Program Files\Morpheus\SkinData\default\doc-morpheus.ico
C:\Program Files\Morpheus\SkinData\default\Downloads.bmp
C:\Program Files\Morpheus\SkinData\default\DownloadsPressed.bmp
C:\Program Files\Morpheus\SkinData\default\DragDropFiles.bmp
C:\Program Files\Morpheus\SkinData\default\eBay.bmp
C:\Program Files\Morpheus\SkinData\default\file.gif
C:\Program Files\Morpheus\SkinData\default\file_info_bg.gif
C:\Program Files\Morpheus\SkinData\default\fileavailability.html
C:\Program Files\Morpheus\SkinData\default\fileavailabilitytorrent.html
C:\Program Files\Morpheus\SkinData\default\filebitzi.html
C:\Program Files\Morpheus\SkinData\default\FileBitziWaiting.html
C:\Program Files\Morpheus\SkinData\default\filedetails.html
C:\Program Files\Morpheus\SkinData\default\filedetails.jpg
C:\Program Files\Morpheus\SkinData\default\filetipdetail.html
C:\Program Files\Morpheus\SkinData\default\flyoutnull.html
C:\Program Files\Morpheus\SkinData\default\Header.bmp
C:\Program Files\Morpheus\SkinData\default\header_chat.bmp
C:\Program Files\Morpheus\SkinData\default\header_chat_dp.bmp
C:\Program Files\Morpheus\SkinData\default\header_close.bmp
C:\Program Files\Morpheus\SkinData\default\header_close_dp.bmp
C:\Program Files\Morpheus\SkinData\default\header_help.bmp
C:\Program Files\Morpheus\SkinData\default\header_help_dp.bmp
C:\Program Files\Morpheus\SkinData\default\header_maximize.bmp
C:\Program Files\Morpheus\SkinData\default\header_maximize_dp.bmp
C:\Program Files\Morpheus\SkinData\default\header_minimize.bmp
C:\Program Files\Morpheus\SkinData\default\header_minimize_dp.bmp
C:\Program Files\Morpheus\SkinData\default\header_morpheusultra.bmp
C:\Program Files\Morpheus\SkinData\default\header_morpheusultra_dp.bmp
C:\Program Files\Morpheus\SkinData\default\header_preferences.bmp
C:\Program Files\Morpheus\SkinData\default\header_preferences_dp.bmp
C:\Program Files\Morpheus\SkinData\default\header_restore.bmp
C:\Program Files\Morpheus\SkinData\default\header_restore_dp.bmp
C:\Program Files\Morpheus\SkinData\default\HeaderBlock.bmp
C:\Program Files\Morpheus\SkinData\default\HeaderBlock.gif
C:\Program Files\Morpheus\SkinData\default\HeaderDowned.bmp
C:\Program Files\Morpheus\SkinData\default\HScrollBar.bmp
C:\Program Files\Morpheus\SkinData\default\HThumb.bmp
C:\Program Files\Morpheus\SkinData\default\image-morpheus.ico
C:\Program Files\Morpheus\SkinData\default\images\arrow.gif
C:\Program Files\Morpheus\SkinData\default\images\getmorpheusultra.gif
C:\Program Files\Morpheus\SkinData\default\images\monochrome_morpheus.gif
C:\Program Files\Morpheus\SkinData\default\images\monochrome_morpheus.jpg
C:\Program Files\Morpheus\SkinData\default\images\monochrome_morpheus_ultra.gif
C:\Program Files\Morpheus\SkinData\default\images\monochrome_morpheus_ultra.jpg
C:\Program Files\Morpheus\SkinData\default\images\welcome.gif
C:\Program Files\Morpheus\SkinData\default\Left.bmp
C:\Program Files\Morpheus\SkinData\default\LeftDown.bmp
C:\Program Files\Morpheus\SkinData\default\lightblue.gif
C:\Program Files\Morpheus\SkinData\default\ListSel.bmp
C:\Program Files\Morpheus\SkinData\default\logo.html
C:\Program Files\Morpheus\SkinData\default\logoUltra.html
C:\Program Files\Morpheus\SkinData\default\MainFrame.bmp
C:\Program Files\Morpheus\SkinData\default\MainFrameMask.bmp
C:\Program Files\Morpheus\SkinData\default\MenuHighlight.bmp
C:\Program Files\Morpheus\SkinData\default\MenuNormal.bmp
C:\Program Files\Morpheus\SkinData\default\Mini.bmp
C:\Program Files\Morpheus\SkinData\default\MiniDown.bmp
C:\Program Files\Morpheus\SkinData\default\MorphDlg.bmp
C:\Program Files\Morpheus\SkinData\default\MorphDlgMask.bmp
C:\Program Files\Morpheus\SkinData\default\player_mute.bmp
C:\Program Files\Morpheus\SkinData\default\player_mute_dp.bmp
C:\Program Files\Morpheus\SkinData\default\player_next.bmp
C:\Program Files\Morpheus\SkinData\default\player_next_dp.bmp
C:\Program Files\Morpheus\SkinData\default\player_next_mask.bmp
C:\Program Files\Morpheus\SkinData\default\player_pause.bmp
C:\Program Files\Morpheus\SkinData\default\player_pause_dp.bmp
C:\Program Files\Morpheus\SkinData\default\player_play.bmp
C:\Program Files\Morpheus\SkinData\default\player_play_dp.bmp
C:\Program Files\Morpheus\SkinData\default\player_prev.bmp
C:\Program Files\Morpheus\SkinData\default\player_prev_dp.bmp
C:\Program Files\Morpheus\SkinData\default\player_prev_mask.bmp
C:\Program Files\Morpheus\SkinData\default\player_sound.bmp
C:\Program Files\Morpheus\SkinData\default\player_sound_dp.bmp
C:\Program Files\Morpheus\SkinData\default\player_stop.bmp
C:\Program Files\Morpheus\SkinData\default\player_stop_dp.bmp
C:\Program Files\Morpheus\SkinData\default\PlayerDisplay.bmp
C:\Program Files\Morpheus\SkinData\default\playlist_add.bmp
C:\Program Files\Morpheus\SkinData\default\playlist_add_dp.bmp
C:\Program Files\Morpheus\SkinData\default\playlist_repeat.BMP
C:\Program Files\Morpheus\SkinData\default\playlist_repeat_dp.BMP
C:\Program Files\Morpheus\SkinData\default\playlist_shuffle.BMP
C:\Program Files\Morpheus\SkinData\default\playlist_shuffle_dp.BMP
C:\Program Files\Morpheus\SkinData\default\playlist_subtract.BMP
C:\Program Files\Morpheus\SkinData\default\playlist_subtract_dp.BMP
C:\Program Files\Morpheus\SkinData\default\PlayListComboBox.bmp
C:\Program Files\Morpheus\SkinData\default\PlayListItem.bmp
C:\Program Files\Morpheus\SkinData\default\PlayListSelectedItem.bmp
C:\Program Files\Morpheus\SkinData\default\PlayListTop.bmp
C:\Program Files\Morpheus\SkinData\default\PlayListViewBk.bmp
C:\Program Files\Morpheus\SkinData\default\PriceDownArrow.bmp
C:\Program Files\Morpheus\SkinData\default\PriceMask.bmp
C:\Program Files\Morpheus\SkinData\default\PriceRightArrow.bmp
C:\Program Files\Morpheus\SkinData\default\ProgressBackground.bmp
C:\Program Files\Morpheus\SkinData\default\ProgressComplete.bmp
C:\Program Files\Morpheus\SkinData\default\ProgressScale.bmp
C:\Program Files\Morpheus\SkinData\default\radio_blank.bmp
C:\Program Files\Morpheus\SkinData\default\radio_blank_disabled.bmp
C:\Program Files\Morpheus\SkinData\default\radio_checked.bmp
C:\Program Files\Morpheus\SkinData\default\radio_checked_disabled.bmp
C:\Program Files\Morpheus\SkinData\default\RectangleButton.bmp
C:\Program Files\Morpheus\SkinData\default\Research.bmp
C:\Program Files\Morpheus\SkinData\default\retry.html
C:\Program Files\Morpheus\SkinData\default\rom-morpheus.ico
C:\Program Files\Morpheus\SkinData\default\SchemeMenu.bmp
C:\Program Files\Morpheus\SkinData\default\SchemeMenuHL.bmp
C:\Program Files\Morpheus\SkinData\default\search_extendsearch.bmp
C:\Program Files\Morpheus\SkinData\default\search_extendsearch_dp.bmp
C:\Program Files\Morpheus\SkinData\default\search_filetype.bmp
C:\Program Files\Morpheus\SkinData\default\search_filetype_dp.bmp
C:\Program Files\Morpheus\SkinData\default\search_searchbutton.bmp
C:\Program Files\Morpheus\SkinData\default\search_searchbutton_dp.bmp
C:\Program Files\Morpheus\SkinData\default\search2start.html
C:\Program Files\Morpheus\SkinData\default\SearchClose.bmp
C:\Program Files\Morpheus\SkinData\default\SearchClosePressed.bmp
C:\Program Files\Morpheus\SkinData\default\SearchConnecting.bmp
C:\Program Files\Morpheus\SkinData\default\SearchDetailToolTip.html
C:\Program Files\Morpheus\SkinData\default\SearchesListBottom.bmp
C:\Program Files\Morpheus\SkinData\default\SearchesListMiddle.bmp
C:\Program Files\Morpheus\SkinData\default\SearchesListSelected.bmp
C:\Program Files\Morpheus\SkinData\default\SearchesListSingle.bmp
C:\Program Files\Morpheus\SkinData\default\SearchesListTop.bmp
C:\Program Files\Morpheus\SkinData\default\SearchesSplitter.bmp
C:\Program Files\Morpheus\SkinData\default\Skin.xml
C:\Program Files\Morpheus\SkinData\default\skincombo.bmp
C:\Program Files\Morpheus\SkinData\default\skincombomask.bmp
C:\Program Files\Morpheus\SkinData\default\Slider.bmp
C:\Program Files\Morpheus\SkinData\default\SmallClose.bmp
C:\Program Files\Morpheus\SkinData\default\SmallClosePressed.bmp
C:\Program Files\Morpheus\SkinData\default\spacer.gif
C:\Program Files\Morpheus\SkinData\default\SplitterButtonDown.bmp
C:\Program Files\Morpheus\SkinData\default\SplitterButtonDownPressed.bmp
C:\Program Files\Morpheus\SkinData\default\SplitterButtonUp.bmp
C:\Program Files\Morpheus\SkinData\default\SplitterButtonUpPressed.bmp
C:\Program Files\Morpheus\SkinData\default\standard.css
C:\Program Files\Morpheus\SkinData\default\StatusBar.bmp
C:\Program Files\Morpheus\SkinData\default\stopwatch.gif
C:\Program Files\Morpheus\SkinData\default\TabActive.bmp
C:\Program Files\Morpheus\SkinData\default\TabActiveMask.bmp
C:\Program Files\Morpheus\SkinData\default\TabInactive.bmp
C:\Program Files\Morpheus\SkinData\default\TabInactiveMask.bmp
C:\Program Files\Morpheus\SkinData\default\TabLedge.bmp
C:\Program Files\Morpheus\SkinData\default\TabLedgeInactive.bmp
C:\Program Files\Morpheus\SkinData\default\TabLedgeMask.bmp
C:\Program Files\Morpheus\SkinData\default\Tile.bmp
C:\Program Files\Morpheus\SkinData\default\tooltip.css
C:\Program Files\Morpheus\SkinData\default\tooltip.jpg
C:\Program Files\Morpheus\SkinData\default\tooltipApp.jpg
C:\Program Files\Morpheus\SkinData\default\tooltipAud.jpg
C:\Program Files\Morpheus\SkinData\default\tooltipDoc.jpg
C:\Program Files\Morpheus\SkinData\default\tooltipImg.jpg
C:\Program Files\Morpheus\SkinData\default\tooltipRom.jpg
C:\Program Files\Morpheus\SkinData\default\tooltipVid.jpg
C:\Program Files\Morpheus\SkinData\default\Tray.bmp
C:\Program Files\Morpheus\SkinData\default\TrayBottomPanel.bmp
C:\Program Files\Morpheus\SkinData\default\ui.xml
C:\Program Files\Morpheus\SkinData\default\video_fullscreen.bmp
C:\Program Files\Morpheus\SkinData\default\video_fullscreen_dp.bmp
C:\Program Files\Morpheus\SkinData\default\video_undock_dp.bmp
C:\Program Files\Morpheus\SkinData\default\VideoDisplayButtonsArea.bmp
C:\Program Files\Morpheus\SkinData\default\VScrollBar.bmp
C:\Program Files\Morpheus\SkinData\default\VSplitter.bmp
C:\Program Files\Morpheus\SkinData\default\VTabActive.bmp
C:\Program Files\Morpheus\SkinData\default\VTabInactive.bmp
C:\Program Files\Morpheus\SkinData\default\VTabMask.bmp
C:\Program Files\Morpheus\SkinData\default\VThumb.bmp
C:\Program Files\Morpheus\SkinData\default\welcome.html
C:\Program Files\Morpheus\SkinData\default\welcomenull.html
C:\Program Files\Morpheus\SkinData\default\WideStatic.bmp
C:\Program Files\Morpheus\SkinData\default\xml\canvas_configlistbottomitem.xml
C:\Program Files\Morpheus\SkinData\default\xml\canvas_configlistmiddleitem.xml
C:\Program Files\Morpheus\SkinData\default\xml\canvas_configlistselecteditem.xml
C:\Program Files\Morpheus\SkinData\default\xml\canvas_configlisttopitem.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_aboutdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_askdlg_onsearchresultdelete.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_askdlg_saveplaylists.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_askonexitdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_chat.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_childdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_configdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_connectingsearchdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_custombrowser.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_fileavailability.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_fileinformation.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_filterempty.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_getpasswddlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_install_sharedfolder.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_magnetcheckdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_magnethandledlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_mainframe.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_mainframebackground.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_morphdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_myfilespane.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_notconnectedsearchdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_playlistpane.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_prefantivirus.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_prefblock.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_prefchat.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_preffiletransfer.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_preffolders.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_prefgeneral.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_prefinternetconnection.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_prefmediaweb.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_prefp2pnetwork.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_prefparentalcontrol.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_prefproxy.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_prefskinsetup.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_refreshsharelistdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_searchespane.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_searchresultpane.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_setdefaultfilter.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_setpasswddlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_skinchange.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_skinmessagebox.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_torrentcheckdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_transferspane.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_traybottompanel.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_traywindow.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_videopane.xml
C:\Program Files\Morpheus\SkinData\default\xml\screen_xpfirewallcheckdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\Skin.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_background.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_chatheader.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_configlistview.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_currentmediastatic.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_downloadsbutton.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_header.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_hscrollbar.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_hthumb.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_mainframe.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_menu.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_morphdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_morpheusstdbutton.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_morpheusstdbuttondown.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_playerdisplay.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_playlistcombobox.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_playlisttop.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_playlistviewbackground.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_playlistviewitem.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_price.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_progressbarbackground.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_progressbarscale.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_rectanglebutton.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_searcheslistschema.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_searchessplitter.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_slider.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_statusbar.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_stretch.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_tabactive.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_tabinactive.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_tabledge.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_tile.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_tray.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_traybottompanel.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_vscrollbar.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_vsplitter.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_vtab.xml
C:\Program Files\Morpheus\SkinData\default\xml\skinlayout_vthumb.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_button_checkbox.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_button_darkbutton.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_button_radiobutton.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_button_rectanglebutton.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_button_usualbutton.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_checkbox_checkbox.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_checkbox_radiobutton.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_editcontrol_editbox.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_editcontrol_multilineeditbox.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_groupbox_roundrect.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_header_defaultheader.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_menu_chatmenu.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_menu_chatprefmenu.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_menu_headermenu.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_menu_helpmenu.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_menu_playlistmenu.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_menu_popupmenu.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_menu_schememenu.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_menu_searchescontextmenu.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_menu_tray.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_overlappedwindow_childdialog.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_overlappedwindow_morphdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_playlistview_default.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_progressbar_default.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_screen_morphdlg.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_scrollbar_defaultscrollbar.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_slider_default.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_splitter_horzsplitter4myfilespane.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_splitter_horzsplitter4searchresultpane.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_splitter_horzsplitter4transferspane.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_tabs_default.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_tabs_fileinformation.xml
C:\Program Files\Morpheus\SkinData\default\xml\style_vtabs_default.xml
C:\Program Files\Morpheus\SkinData\happy\About.htm
C:\Program Files\Morpheus\SkinData\happy\Background.BMP
C:\Program Files\Morpheus\SkinData\happy\bitzi-pattern.gif
C:\Program Files\Morpheus\SkinData\happy\bitzi-tear.gif
C:\Program Files\Morpheus\SkinData\happy\bitzi_perforation.gif
C:\Program Files\Morpheus\SkinData\happy\bluebar.gif
C:\Program Files\Morpheus\SkinData\happy\browser-divider.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-dpr-back.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-dpr-blank-32x17.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-dpr-blank-33x17.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-dpr-forward.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-dpr-home.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-dpr-refresh.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-dpr-stop.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-na-back.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-na-blank-32x17.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-na-blank-33x17.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-na-forward.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-na-home.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-na-refresh.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-na-stop.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-normal-back.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-normal-blank-32x17.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-normal-blank-33x17.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-normal-forward.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-normal-home.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-normal-refresh.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-normal-stop.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-over-back.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-over-forward.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-over-home.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-over-refresh.bmp
C:\Program Files\Morpheus\SkinData\happy\browser-over-stop.bmp
C:\Program Files\Morpheus\SkinData\happy\Button-Dark.bmp
C:\Program Files\Morpheus\SkinData\happy\Button.bmp
C:\Program Files\Morpheus\SkinData\happy\ButtonDown-dark.bmp
C:\Program Files\Morpheus\SkinData\happy\ButtonDown.bmp
C:\Program Files\Morpheus\SkinData\happy\ButtonDownMask.bmp
C:\Program Files\Morpheus\SkinData\happy\ButtonMask.bmp
C:\Program Files\Morpheus\SkinData\happy\chat.css
C:\Program Files\Morpheus\SkinData\happy\chatcombo.bmp
C:\Program Files\Morpheus\SkinData\happy\chatcombomask.bmp
C:\Program Files\Morpheus\SkinData\happy\ChatHeader.bmp
C:\Program Files\Morpheus\SkinData\happy\ChatSplitter.bmp
C:\Program Files\Morpheus\SkinData\happy\checkbox_blank.bmp
C:\Program Files\Morpheus\SkinData\happy\checkbox_blank_disabled.bmp
C:\Program Files\Morpheus\SkinData\happy\checkbox_checked.bmp
C:\Program Files\Morpheus\SkinData\happy\checkbox_checked_disabled.bmp
C:\Program Files\Morpheus\SkinData\happy\clock.swf
C:\Program Files\Morpheus\SkinData\happy\Connecting.bmp
C:\Program Files\Morpheus\SkinData\happy\Connecting_selected.bmp
C:\Program Files\Morpheus\SkinData\happy\CurrentMediaStatic.bmp
C:\Program Files\Morpheus\SkinData\happy\doc-morpheus.ico
C:\Program Files\Morpheus\SkinData\happy\Downloads.bmp
C:\Program Files\Morpheus\SkinData\happy\DownloadsPressed.bmp
C:\Program Files\Morpheus\SkinData\happy\eBay.bmp
C:\Program Files\Morpheus\SkinData\happy\file.gif
C:\Program Files\Morpheus\SkinData\happy\file_info_bg.gif
C:\Program Files\Morpheus\SkinData\happy\fileavailability.html
C:\Program Files\Morpheus\SkinData\happy\fileavailabilitytorrent.html
C:\Program Files\Morpheus\SkinData\happy\filebitzi.html
C:\Program Files\Morpheus\SkinData\happy\FileBitziWaiting.html
C:\Program Files\Morpheus\SkinData\happy\filedetails.html
C:\Program Files\Morpheus\SkinData\happy\filedetails.jpg
C:\Program Files\Morpheus\SkinData\happy\filetipdetail.html
C:\Program Files\Morpheus\SkinData\happy\Header.bmp
C:\Program Files\Morpheus\SkinData\happy\header_chat.bmp
C:\Program Files\Morpheus\SkinData\happy\header_chat_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\header_close.bmp
C:\Program Files\Morpheus\SkinData\happy\header_close_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\header_help.bmp
C:\Program Files\Morpheus\SkinData\happy\header_help_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\header_maximize.bmp
C:\Program Files\Morpheus\SkinData\happy\header_maximize_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\header_minimize.bmp
C:\Program Files\Morpheus\SkinData\happy\header_minimize_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\header_morpheusultra.bmp
C:\Program Files\Morpheus\SkinData\happy\header_morpheusultra_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\header_preferences.bmp
C:\Program Files\Morpheus\SkinData\happy\header_preferences_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\header_restore.bmp
C:\Program Files\Morpheus\SkinData\happy\header_restore_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\HeaderBlock.bmp
C:\Program Files\Morpheus\SkinData\happy\HeaderBlock.gif
C:\Program Files\Morpheus\SkinData\happy\HeaderDowned.bmp
C:\Program Files\Morpheus\SkinData\happy\HScrollBar.bmp
C:\Program Files\Morpheus\SkinData\happy\HThumb.bmp
C:\Program Files\Morpheus\SkinData\happy\image-morpheus.ico
C:\Program Files\Morpheus\SkinData\happy\images\getmorpheusultra.gif
C:\Program Files\Morpheus\SkinData\happy\images\monochrome_morpheus.gif
C:\Program Files\Morpheus\SkinData\happy\images\monochrome_morpheus_ultra.gif
C:\Program Files\Morpheus\SkinData\happy\Left.bmp
C:\Program Files\Morpheus\SkinData\happy\LeftDown.bmp
C:\Program Files\Morpheus\SkinData\happy\lightblue.gif
C:\Program Files\Morpheus\SkinData\happy\ListSel.bmp
C:\Program Files\Morpheus\SkinData\happy\logo.html
C:\Program Files\Morpheus\SkinData\happy\logoUltra.html
C:\Program Files\Morpheus\SkinData\happy\MainFrame.bmp
C:\Program Files\Morpheus\SkinData\happy\MainFrameMask.bmp
C:\Program Files\Morpheus\SkinData\happy\MenuHighlight.bmp
C:\Program Files\Morpheus\SkinData\happy\MenuNormal.bmp
C:\Program Files\Morpheus\SkinData\happy\Mini.bmp
C:\Program Files\Morpheus\SkinData\happy\MiniDown.bmp
C:\Program Files\Morpheus\SkinData\happy\MorphDlg.bmp
C:\Program Files\Morpheus\SkinData\happy\MorphDlgMask.bmp
C:\Program Files\Morpheus\SkinData\happy\player_mute.bmp
C:\Program Files\Morpheus\SkinData\happy\player_mute_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\player_next.bmp
C:\Program Files\Morpheus\SkinData\happy\player_next_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\player_next_mask.bmp
C:\Program Files\Morpheus\SkinData\happy\player_pause.bmp
C:\Program Files\Morpheus\SkinData\happy\player_pause_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\player_play.bmp
C:\Program Files\Morpheus\SkinData\happy\player_play_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\player_play_mask.bmp
C:\Program Files\Morpheus\SkinData\happy\player_prev.bmp
C:\Program Files\Morpheus\SkinData\happy\player_prev_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\player_prev_mask.bmp
C:\Program Files\Morpheus\SkinData\happy\player_sound.bmp
C:\Program Files\Morpheus\SkinData\happy\player_sound_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\player_sound_mask.bmp
C:\Program Files\Morpheus\SkinData\happy\player_stop.bmp
C:\Program Files\Morpheus\SkinData\happy\player_stop_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\player_stop_mask.bmp
C:\Program Files\Morpheus\SkinData\happy\PlayerDisplay.bmp
C:\Program Files\Morpheus\SkinData\happy\playlist_add.bmp
C:\Program Files\Morpheus\SkinData\happy\playlist_add_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\playlist_repeat.BMP
C:\Program Files\Morpheus\SkinData\happy\playlist_repeat_dp.BMP
C:\Program Files\Morpheus\SkinData\happy\playlist_shuffle.BMP
C:\Program Files\Morpheus\SkinData\happy\playlist_shuffle_dp.BMP
C:\Program Files\Morpheus\SkinData\happy\playlist_subtract.BMP
C:\Program Files\Morpheus\SkinData\happy\playlist_subtract_dp.BMP
C:\Program Files\Morpheus\SkinData\happy\PlayListComboBox.bmp
C:\Program Files\Morpheus\SkinData\happy\PlayListItem.bmp
C:\Program Files\Morpheus\SkinData\happy\PlayListSelectedItem.bmp
C:\Program Files\Morpheus\SkinData\happy\PlayListTop.bmp
C:\Program Files\Morpheus\SkinData\happy\PlayListViewBk.bmp
C:\Program Files\Morpheus\SkinData\happy\PriceDownArrow.bmp
C:\Program Files\Morpheus\SkinData\happy\PriceMask.bmp
C:\Program Files\Morpheus\SkinData\happy\PriceRightArrow.bmp
C:\Program Files\Morpheus\SkinData\happy\ProgressBackground.bmp
C:\Program Files\Morpheus\SkinData\happy\ProgressComplete.bmp
C:\Program Files\Morpheus\SkinData\happy\ProgressScale.bmp
C:\Program Files\Morpheus\SkinData\happy\radio_blank.bmp
C:\Program Files\Morpheus\SkinData\happy\radio_blank_disabled.bmp
C:\Program Files\Morpheus\SkinData\happy\radio_checked.bmp
C:\Program Files\Morpheus\SkinData\happy\radio_checked_disabled.bmp
C:\Program Files\Morpheus\SkinData\happy\RectangleButton.bmp
C:\Program Files\Morpheus\SkinData\happy\Research.bmp
C:\Program Files\Morpheus\SkinData\happy\retry.html
C:\Program Files\Morpheus\SkinData\happy\rom-morpheus.ico
C:\Program Files\Morpheus\SkinData\happy\SchemeMenu.bmp
C:\Program Files\Morpheus\SkinData\happy\SchemeMenuHL.bmp
C:\Program Files\Morpheus\SkinData\happy\search_extendsearch.bmp
C:\Program Files\Morpheus\SkinData\happy\search_extendsearch_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\search_filetype.bmp
C:\Program Files\Morpheus\SkinData\happy\search_filetype_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\search_searchbutton.bmp
C:\Program Files\Morpheus\SkinData\happy\search_searchbutton_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\search2start.html
C:\Program Files\Morpheus\SkinData\happy\SearchClose.bmp
C:\Program Files\Morpheus\SkinData\happy\SearchClosePressed.bmp
C:\Program Files\Morpheus\SkinData\happy\SearchConnecting.bmp
C:\Program Files\Morpheus\SkinData\happy\SearchDetailToolTip.html
C:\Program Files\Morpheus\SkinData\happy\SearchesListBottom.bmp
C:\Program Files\Morpheus\SkinData\happy\SearchesListMiddle.bmp
C:\Program Files\Morpheus\SkinData\happy\SearchesListSelected.bmp
C:\Program Files\Morpheus\SkinData\happy\SearchesListSingle.bmp
C:\Program Files\Morpheus\SkinData\happy\SearchesListTop.bmp
C:\Program Files\Morpheus\SkinData\happy\SearchesSplitter.bmp
C:\Program Files\Morpheus\SkinData\happy\Skin.xml
C:\Program Files\Morpheus\SkinData\happy\skincombo.bmp
C:\Program Files\Morpheus\SkinData\happy\skincombomask.bmp
C:\Program Files\Morpheus\SkinData\happy\Slider.bmp
C:\Program Files\Morpheus\SkinData\happy\Slider_02.bmp
C:\Program Files\Morpheus\SkinData\happy\Slider_02_mask.bmp
C:\Program Files\Morpheus\SkinData\happy\Slider_mask.bmp
C:\Program Files\Morpheus\SkinData\happy\SmallClose.bmp
C:\Program Files\Morpheus\SkinData\happy\SmallClosePressed.bmp
C:\Program Files\Morpheus\SkinData\happy\spacer.gif
C:\Program Files\Morpheus\SkinData\happy\SplitterButtonDown.bmp
C:\Program Files\Morpheus\SkinData\happy\SplitterButtonDownPressed.bmp
C:\Program Files\Morpheus\SkinData\happy\SplitterButtonUp.bmp
C:\Program Files\Morpheus\SkinData\happy\SplitterButtonUpPressed.bmp
C:\Program Files\Morpheus\SkinData\happy\standard.css
C:\Program Files\Morpheus\SkinData\happy\StatusBar.bmp
C:\Program Files\Morpheus\SkinData\happy\stopwatch.gif
C:\Program Files\Morpheus\SkinData\happy\TabActive.bmp
C:\Program Files\Morpheus\SkinData\happy\TabActiveMask.bmp
C:\Program Files\Morpheus\SkinData\happy\TabInactive.bmp
C:\Program Files\Morpheus\SkinData\happy\TabInactiveMask.bmp
C:\Program Files\Morpheus\SkinData\happy\TabLedge.bmp
C:\Program Files\Morpheus\SkinData\happy\TabLedgeInactive.bmp
C:\Program Files\Morpheus\SkinData\happy\TabLedgeMask.bmp
C:\Program Files\Morpheus\SkinData\happy\Tile.bmp
C:\Program Files\Morpheus\SkinData\happy\tooltip.css
C:\Program Files\Morpheus\SkinData\happy\tooltip.jpg
C:\Program Files\Morpheus\SkinData\happy\tooltipApp.jpg
C:\Program Files\Morpheus\SkinData\happy\tooltipAud.jpg
C:\Program Files\Morpheus\SkinData\happy\tooltipDoc.jpg
C:\Program Files\Morpheus\SkinData\happy\tooltipImg.jpg
C:\Program Files\Morpheus\SkinData\happy\tooltipRom.jpg
C:\Program Files\Morpheus\SkinData\happy\tooltipVid.jpg
C:\Program Files\Morpheus\SkinData\happy\Tray.bmp
C:\Program Files\Morpheus\SkinData\happy\TrayBottomPanel.bmp
C:\Program Files\Morpheus\SkinData\happy\ui.xml
C:\Program Files\Morpheus\SkinData\happy\video_fullscreen.bmp
C:\Program Files\Morpheus\SkinData\happy\video_fullscreen_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\video_undock_dp.bmp
C:\Program Files\Morpheus\SkinData\happy\VideoDisplayButtonsArea.bmp
C:\Program Files\Morpheus\SkinData\happy\VScrollBar.bmp
C:\Program Files\Morpheus\SkinData\happy\VSplitter.bmp
C:\Program Files\Morpheus\SkinData\happy\VTabActive.bmp
C:\Program Files\Morpheus\SkinData\happy\VTabInactive.bmp
C:\Program Files\Morpheus\SkinData\happy\VTabMask.bmp
C:\Program Files\Morpheus\SkinData\happy\VThumb.bmp
C:\Program Files\Morpheus\SkinData\happy\welcome.html
C:\Program Files\Morpheus\SkinData\happy\WideStatic.bmp
C:\Program Files\Morpheus\SkinData\happy\xml\canvas_configlistbottomitem.xml
C:\Program Files\Morpheus\SkinData\happy\xml\canvas_configlistmiddleitem.xml
C:\Program Files\Morpheus\SkinData\happy\xml\canvas_configlistselecteditem.xml
C:\Program Files\Morpheus\SkinData\happy\xml\canvas_configlisttopitem.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_aboutdlg.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_askdlg_onsearchresultdelete.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_askdlg_saveplaylists.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_askonexitdlg.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_chat.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_configdlg.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_fileinformation.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_getpasswddlg.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_install_sharedfolder.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_mainframe.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_myfilespane.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_playlistpane.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_prefantivirus.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_prefblock.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_prefchat.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_preffolders.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_prefgeneral.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_prefparentalcontrol.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_prefproxy.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_prefskinsetup.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_searchespane.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_searchresultpane.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_setpasswddlg.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_skinmessagebox.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_transferspane.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_traybottompanel.xml
C:\Program Files\Morpheus\SkinData\happy\xml\screen_videopane.xml
C:\Program Files\Morpheus\SkinData\happy\xml\Skin.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_configlistview.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_currentmediastatic.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_header.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_hscrollbar.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_mainframe.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_morphdlg.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_morpheusstdbutton.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_morpheusstdbuttondown.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_playerdisplay.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_playlistcombobox.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_playlisttop.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_searcheslistschema.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_slider.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_slider_02.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_tabactive.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_tabinactive.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_tabledge.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_vscrollbar.xml
C:\Program Files\Morpheus\SkinData\happy\xml\skinlayout_vtab.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_button_usualbutton.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_checkbox_checkbox.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_checkbox_radiobutton.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_editcontrol_editbox.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_editcontrol_multilineeditbox.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_groupbox_roundrect.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_header_defaultheader.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_playlistview_default.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_slider_default.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_slider_progress.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_tabs_default.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_tabs_fileinformation.xml
C:\Program Files\Morpheus\SkinData\happy\xml\style_vtabs_default.xml
C:\Program Files\Morpheus\Torrent.ico
C:\Program Files\Morpheus\UninstMorpheus.exe
C:\Program Files\Morpheus\version.tmp
C:\Program Files\Morpheus\Video.ico
C:\Program Files\Morpheus\WebCache.net
C:\Program Files\Morpheus\zlib.pyd
C:\VundoFix Backups
C:\VundoFix Backups\hsvgxplw.dll.bad
C:\VundoFix Backups\huovsqmq.exe.bad
C:\VundoFix Backups\ltqnaykb.dll.bad
C:\VundoFix Backups\ltqnaykb.dllbox.bad
C:\VundoFix Backups\qhjebsou.dll.bad
C:\VundoFix Backups\tleacmas.dll.bad
C:\VundoFix Backups\tleacmas.dllbox.bad
C:\WINDOWS\system32\dmahcmll.exe
C:\WINDOWS\system32\dpftsimk.ini
C:\WINDOWS\system32\gwkvxtlg.ini
C:\WINDOWS\system32\mtpqxkpx.ini
C:\WINDOWS\system32\pwywkgop.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-07 00:06 . 2007-12-07 00:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-03 14:53 . 2007-12-03 14:53 256 --a------ C:\WINDOWS\adaway.lic
2007-12-03 00:27 . 2007-12-03 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-03 00:19 . 2007-12-03 00:20 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-01 21:31 . 2005-11-28 11:34 194 --ahs---- C:\BOOT.BAK
2007-12-01 14:26 . 2007-10-04 17:14 136,260 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-12-01 14:22 . 2007-12-01 14:24 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\SystemRequirementsLab
2007-11-20 22:21 . 2007-11-20 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-11-20 21:56 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-11-20 21:44 . 2007-11-20 21:44 <DIR> d-------- C:\Program Files\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 00:48 --------- d-----w C:\Program Files\Steam
2007-12-05 00:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-03 09:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-03 08:27 --------- d-----w C:\Program Files\Lavasoft
2007-12-03 08:27 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Lavasoft
2007-12-03 08:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 07:48 --------- d-----w C:\Program Files\ComcastToolbar
2007-12-02 07:19 --------- d-----w C:\Documents and Settings\Jeff\Application Data\uTorrent
2007-11-17 04:32 --------- d-----w C:\Program Files\Starcraft
2007-11-14 02:31 --------- d-----w C:\Program Files\World of Warcraft
2007-11-13 08:12 --------- d-----w C:\Documents and Settings\Jeff\Application Data\U3
2007-11-13 06:08 --------- d-----w C:\Documents and Settings\Jeff\Application Data\HP
2007-10-26 03:59 --------- d-----w C:\Program Files\LucasArts
2007-10-26 03:54 --------- d-----w C:\Documents and Settings\Jeff\Application Data\InstallShield
2007-10-22 10:53 --------- d-----w C:\Program Files\HP
2007-10-22 10:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-22 10:52 --------- d-----w C:\Program Files\Common Files\HP
2007-10-22 10:48 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-22 10:48 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
.

((((((((((((((((((((((((((((( snapshot@2007-12-06_23.59.25.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-07 07:44:41 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-07 19:47:48 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-07 07:44:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-07 19:47:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-07 07:44:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-07 19:47:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-02 05:54:10 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-07 08:01:39 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-02 05:54:10 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-07 08:01:39 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-07 07:58:53 20,560 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2007-12-07 20:03:42 20,560 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="\WkDetect.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-08-09 14:41]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 02:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 04:00 C:\WINDOWS\system32\rundll32.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 C:\WINDOWS\system32\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 04:00 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-30 19:56:21]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-06-29 15:15:10]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2005-08-23 07:41:49]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 14:36:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 12:04:17
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 12:06:03 - machine was rebooted
.
--- E O F ---

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:15 PM, on 12/7/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

--
End of file - 5637 bytes

#6 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 07 December 2007 - 02:25 PM

Looks good :thumbup:

Try updating your Operating System , first you need to clean up your system.

Please download ATF Cleaner by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up

Then defragment your C: drive.
Go to Start> All Programs> Assessories> System Tools > Defragmenter. Highlight your C: drive and let her go, it could take the better part of an hour if you have not done this before

Then
open Internet Explorer and go to Tools> Windows Updates and go for it. You should install all updates including Servicwe Pack 2 and beyond.

You can download it directly from here or order the free CD from Microsoft.
http://www.microsoft...p2/default.mspx
http://support.micro...pr=windowsxpsp2 <-- Contact a support person

How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
TonyKlein CastleCops
Grinler BleepingComputer
GeeksTo Go
Dslreports

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.5
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 2.0.0.6 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.

Glad we could help

Safe Surfn
Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#7 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 19 December 2007 - 06:04 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme