Reply
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011
Accepted Solution

cpv.servefed.info

I have this pop up going on that trend has not stopped. When it happens it shows cpv.servefeed.info and then changes to the ad. I have scanned with everything on the market including paid Trend but nothing shows up. Pls help?

 

Please use plain text.
Epic Talent
malwarekiller
Posts: 3,835
Registered: ‎08-08-2011

Re: cpv.servefed.info

Welcome aboard! Posted Image

 Seems like a partial installation of Zaccess...

 

Download ComboFix from the any of the locations given in this website:

    • IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
      • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
      • Double click on ComboFix.exe & follow the prompts.
      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      Posted Image

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

      Posted Image

      Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

      When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply at your topic.

      NEXT

      Download AVPTool from Here to your desktop  
         
      Run the programme you have just downloaded to your desktop (it will be randomly named )  
        
      First we will run a virus scan   
       
      Click the cog in the upper right

       

       Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

       

       

       

      Allow AVP to delete all infections found
      Once it has finished select report tab (last tab)
      Select Detected threats report from the left and press Save button
      Save it to your desktop and attach to your next post 

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

Thanks for the reply. I cannot get ComboFix to run. It runs the first stage but when the computer reboots it freezes. I cannot keep Trend from restarting when the computer reboots so I am thinking this maybe causing the freeze.

Please use plain text.
Epic Talent
malwarekiller
Posts: 3,835
Registered: ‎08-08-2011

Re: cpv.servefed.info

Please go to safe mode and then try running combofix.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

Finally got ComboFix to run. Kaspersky ran fine. Here are the logs. Also still have the pop ups from cpv.servefeed.info after both programs ran.

 

ComboFix 12-02-07.01 - Robert 02/07/2012  22:41:22.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2815.1706 [GMT -5:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Firewall Booster *Disabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Robert\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Robert\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Robert\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Robert\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Robert\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Robert\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Robert\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Robert\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Robert\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-08 to 2012-02-08  )))))))))))))))))))))))))))))))
.
.
2012-02-08 03:51 . 2012-02-08 03:51    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-02-08 03:51 . 2012-02-08 03:51    --------    d-----w-    c:\users\daddy\AppData\Local\temp
2012-02-08 03:51 . 2012-02-08 03:51    --------    d-----w-    c:\users\Cathy\AppData\Local\temp
2012-02-08 03:51 . 2012-02-08 03:51    --------    d-----w-    c:\users\Barbara\AppData\Local\temp
2012-02-08 01:44 . 2012-02-08 01:44    --------    d-----w-    c:\programdata\Kaspersky Lab
2012-02-06 22:57 . 2012-02-06 22:57    626688    ----a-w-    c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-06 22:57 . 2012-02-06 22:57    548864    ----a-w-    c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-06 22:57 . 2012-02-06 22:57    479232    ----a-w-    c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-06 22:57 . 2012-02-06 22:57    45016    ----a-w-    c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-06 00:08 . 2012-02-06 00:08    --------    d-----w-    c:\users\Robert\AppData\Roaming\SUPERAntiSpyware.com
2012-02-06 00:08 . 2012-02-06 03:59    --------    d-----w-    c:\program files\SUPERAntiSpyware
2012-02-06 00:08 . 2012-02-06 00:08    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2012-02-05 17:30 . 2012-02-05 17:41    --------    d-----w-    C:\regbackupsccleaner
2012-01-29 03:54 . 2012-01-29 03:54    388096    ----a-w-    c:\users\Robert\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-29 03:54 . 2012-01-29 03:54    --------    d-----w-    c:\program files (x86)\Trend Micro
2012-01-28 01:57 . 2012-02-05 17:40    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2012-01-28 01:57 . 2012-01-28 01:58    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2012-01-23 02:44 . 2012-01-23 02:47    61440    ----a-w-    c:\windows\uninstall.exe
2012-01-21 16:06 . 2012-01-21 16:27    --------    d-----w-    C:\ntroot
2012-01-10 23:46 . 2011-10-26 05:22    366592    ----a-w-    c:\windows\system32\qdvd.dll
2012-01-10 23:46 . 2011-10-26 05:22    1572864    ----a-w-    c:\windows\system32\quartz.dll
2012-01-10 23:46 . 2011-10-26 04:28    1328640    ----a-w-    c:\windows\SysWow64\quartz.dll
2012-01-10 23:46 . 2011-10-26 04:28    514560    ----a-w-    c:\windows\SysWow64\qdvd.dll
2012-01-10 23:46 . 2011-11-17 07:14    1739160    ----a-w-    c:\windows\system32\ntdll.dll
2012-01-10 23:46 . 2011-11-17 05:41    1292592    ----a-w-    c:\windows\SysWow64\ntdll.dll
2012-01-10 23:46 . 2011-11-19 15:07    77312    ----a-w-    c:\windows\system32\packager.dll
2012-01-10 23:46 . 2011-11-19 14:06    67072    ----a-w-    c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2010-09-19 17:22    23152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-12-07 22:12 . 2011-12-07 22:12    68648    ----a-r-    c:\windows\SysWow64\IS3Hks5.dll
2011-12-07 22:12 . 2011-12-07 22:12    547880    ----a-r-    c:\windows\SysWow64\SZComp5.dll
2011-12-07 22:12 . 2011-12-07 22:12    482344    ----a-r-    c:\windows\SysWow64\SZBase5.dll
2011-12-07 22:12 . 2011-12-07 22:12    457768    ----a-r-    c:\windows\SysWow64\IS3DBA5.dll
2011-12-07 22:12 . 2011-12-07 22:12    30248    ----a-r-    c:\windows\SysWow64\IS3XDat5.dll
2011-12-07 22:12 . 2011-12-07 22:12    24616    ----a-r-    c:\windows\SysWow64\SZIO5.dll
2011-12-07 22:12 . 2011-12-07 22:12    134184    ----a-r-    c:\windows\SysWow64\IS3HTUI5.dll
2011-12-07 22:12 . 2011-12-07 22:12    740392    ----a-r-    c:\windows\SysWow64\IS3Base5.dll
2011-12-07 22:12 . 2011-12-07 22:12    392232    ----a-r-    c:\windows\SysWow64\IS3UI5.dll
2011-12-07 22:12 . 2011-12-07 22:12    232488    ----a-r-    c:\windows\SysWow64\IS3Win325.dll
2011-12-07 22:12 . 2011-12-07 22:12    105512    ----a-r-    c:\windows\SysWow64\IS3Inet5.dll
2011-12-07 22:12 . 2011-12-07 22:12    101416    ----a-r-    c:\windows\SysWow64\IS3Svc5.dll
2011-11-24 05:00 . 2011-12-14 14:24    3141632    ----a-w-    c:\windows\system32\win32k.sys
.

Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

(((((((((((((((((((((((((((((   SnapShot@2012-01-22_17.43.55   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-02 01:11 . 2011-11-17 05:35    96768              c:\windows\SysWOW64\sspicli.dll
- 2010-04-27 22:35 . 2009-12-11 07:36    96768              c:\windows\SysWOW64\sspicli.dll
+ 2012-02-02 01:11 . 2011-11-17 05:39    22016              c:\windows\SysWOW64\secur32.dll
- 2010-04-27 22:35 . 2009-12-11 07:39    22016              c:\windows\SysWOW64\secur32.dll
- 2009-07-14 04:54 . 2012-01-17 14:44    32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-08 00:07    32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-17 14:44    32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-08 00:07    32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-12 21:32 . 2012-02-08 03:54    52340              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-08 03:54    32292              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-08 00:41 . 2012-02-08 03:54    21584              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-918244078-1702145985-1200703881-1001_UserData.bin
+ 2012-02-02 01:11 . 2011-11-17 07:11    28672              c:\windows\system32\sspisrv.dll
- 2009-07-13 23:20 . 2009-07-14 01:41    28672              c:\windows\system32\sspisrv.dll
+ 2012-02-02 01:11 . 2011-11-17 07:11    28160              c:\windows\system32\secur32.dll
- 2009-07-13 23:50 . 2009-07-14 01:41    28160              c:\windows\system32\secur32.dll
+ 2012-02-02 01:11 . 2011-11-17 07:05    31232              c:\windows\system32\lsass.exe
- 2009-07-13 23:20 . 2009-07-14 01:39    31232              c:\windows\system32\lsass.exe
+ 2012-02-02 01:11 . 2011-11-17 07:17    95088              c:\windows\system32\drivers\ksecdd.sys
+ 2010-03-08 00:35 . 2012-02-08 03:05    16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-08 00:35 . 2012-01-11 23:30    16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-08 00:35 . 2012-02-08 03:05    32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-08 00:35 . 2012-01-11 23:30    32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-11 23:30    16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-08 03:05    16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-08 01:01 . 2012-02-08 03:53    16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-08 01:01 . 2012-01-22 17:43    16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-02-03 03:10    80352              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-08 01:01 . 2012-02-08 03:53    32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-08 01:01 . 2012-01-22 17:43    32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-08 01:01 . 2012-01-22 17:43    16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-08 01:01 . 2012-02-08 03:53    16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-26 18:34 . 2012-01-22 17:43    16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-26 18:34 . 2012-02-08 03:53    16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-26 18:34 . 2012-02-08 03:53    16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-26 18:34 . 2012-01-22 17:43    16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-22 17:43 . 2012-01-22 17:43    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-08 03:53 . 2012-02-08 03:53    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-08 03:53 . 2012-02-08 03:53    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-22 17:43 . 2012-01-22 17:43    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-15 23:38 . 2010-10-16 04:36    314368              c:\windows\SysWOW64\webio.dll
+ 2012-02-02 01:11 . 2011-11-17 05:39    314368              c:\windows\SysWOW64\webio.dll
+ 2012-02-02 01:11 . 2011-11-17 05:39    224768              c:\windows\SysWOW64\schannel.dll
+ 2009-07-14 04:54 . 2012-02-08 00:07    589824              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-17 14:44    589824              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-02 01:11 . 2011-11-17 07:12    395776              c:\windows\system32\webio.dll
- 2010-12-15 23:38 . 2010-10-16 05:19    395776              c:\windows\system32\webio.dll
+ 2012-02-02 01:11 . 2011-11-17 07:11    136192              c:\windows\system32\sspicli.dll
- 2009-07-13 23:20 . 2009-07-14 01:41    136192              c:\windows\system32\sspicli.dll
- 2010-10-14 19:05 . 2010-08-21 06:36    340992              c:\windows\system32\schannel.dll
+ 2012-02-02 01:11 . 2011-11-17 07:10    340992              c:\windows\system32\schannel.dll
+ 2009-07-14 02:36 . 2012-02-05 03:02    635574              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-21 01:41    635574              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-21 01:41    110290              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-05 03:02    110290              c:\windows\system32\perfc009.dat
+ 2012-02-02 01:11 . 2011-11-17 07:17    152432              c:\windows\system32\drivers\ksecpkg.sys
+ 2012-02-02 01:11 . 2011-11-17 07:15    460296              c:\windows\system32\drivers\cng.sys
- 2009-07-14 05:38 . 2011-05-01 00:53    262144              c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-02-02 01:47    262144              c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:12 . 2011-12-11 14:03    262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-02-02 01:32    262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-02-08 03:52    501772              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-22 17:42    501772              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-04-27 22:35 . 2009-12-11 09:24    1446912              c:\windows\system32\lsasrv.dll
+ 2012-02-02 01:11 . 2011-11-17 07:08    1446912              c:\windows\system32\lsasrv.dll
- 2009-07-14 04:45 . 2012-01-11 23:32    3801160              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-02-02 01:59    3801160              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-03-08 00:58 . 2012-01-17 17:20    5767440              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-03-08 00:58 . 2012-02-08 00:31    5767440              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-06 02:27 . 2012-02-08 03:52    1991184              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-918244078-1702145985-1200703881-1001-12288.dat
- 2011-04-06 02:27 . 2012-01-22 17:42    1991184              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-918244078-1702145985-1200703881-1001-12288.dat
+ 2012-01-29 03:50 . 2012-01-29 03:50    1402880              c:\windows\Installer\126c2da.msi
+ 2011-04-05 19:35 . 2012-01-04 22:15    52128560              c:\windows\SysWOW64\MRT.exe
- 2009-07-14 02:34 . 2012-01-22 16:48    10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-08 00:46    10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.

Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutlookMessenger"="c:\program files (x86)\Outlook Messenger\OutlookMessenger.exe" [2011-12-18 4300800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-10-08 5135216]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2010-02-19 1116656]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WowzaMediaServer;Wowza Media Server;c:\program files (x86)\Wowza Media Systems\Wowza Media Server 2.2.3\bin\wrapper.exe [2009-06-04 204800]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 Mezzmo;Mezzmo;c:\program files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe [2011-03-04 2562888]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S2 Virtual CDAudio Service;Virtual CDAudio Service;c:\program files (x86)\RapidSolution\Tunebite 7\VCDWriter\64\VCDAudioService.exe [2010-09-08 178544]
S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 00:02    114688    ----a-w-    c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\HPCeeScheduleForRobert.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCJtime.dll" [2006-11-21 31744]
"lxcjmon.exe"="c:\program files (x86)\Lexmark 8300 Series\lxcjmon.exe" [2007-05-08 205744]
"EzPrint"="c:\program files (x86)\Lexmark 8300 Series\ezprint.exe" [2007-05-08 103344]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.rr.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mxvlxq6s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1043669&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Informative Google Search
FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.

Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

------------------ LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,78,6b,2a,ce,ff,48,47,b6,91,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,78,6b,2a,ce,ff,48,47,b6,91,c1,\
.
[HKEY_USERS\S-1-5-21-918244078-1702145985-1200703881-1001\Software\id\Doom95\Config\è* (*]
"mouse_sensitivity"=dword:00000005
"sfx_volume"=dword:00000008
"music_volume"=dword:00000008
"show_messages"=dword:00000001
"key_right"=dword:0000004d
"key_left"=dword:0000004b
"key_up"=dword:00000048
"key_down"=dword:00000050
"key_strafeleft"=dword:00000033
"key_straferight"=dword:00000034
"key_fire"=dword:0000001d
"key_use"=dword:00000039
"key_strafe"=dword:00000038
"key_speed"=dword:00000036
"use_mouse"=dword:00000000
"full_screen"=dword:00000000
"full_keyboard"=dword:00000000
"mouseb_fire"=dword:00000000
"mouseb_strafe"=dword:00000001
"mouseb_forward"=dword:00000002
"use_joystick"=dword:00000000
"joyb_fire"=dword:00000000
"joyb_strafe"=dword:00000001
"joyb_use"=dword:00000003
"joyb_speed"=dword:00000002
"joy_id"=dword:00000000
"joy_axis_map"="yx "
"joy_feedback_DLL"=""
"joy_move_threshold"=dword:00000800
"joy_move_sensitivity"=dword:00000250
"joy_turn_threshold"=dword:00001000
"joy_turn_sensitivity"=dword:00000020
"joyb_fist_saw"=dword:ffffffff
"joyb_pistol"=dword:ffffffff
"joyb_shotgun"=dword:ffffffff
"joyb_chaingun"=dword:ffffffff
"joyb_missile"=dword:ffffffff
"joyb_plasma"=dword:ffffffff
"joyb_bfg"=dword:ffffffff
"joyb_inc"=dword:ffffffff
"joyb_dec"=dword:ffffffff
"screenblocks"=dword:00000009
"detaillevel"=dword:00000000
"snd_channels"=dword:00000003
"usegamma"=dword:00000000
"chatmacro0"="No"
"chatmacro1"="I'm ready to kick butt!"
"chatmacro2"="I'm OK."
"chatmacro3"="I'm not looking too good!"
"chatmacro4"="Help!"
"chatmacro5"="You suck!"
"chatmacro6"="Next time, scumbag..."
"chatmacro7"="Come here!"
"chatmacro8"="I'll take care of it."
"chatmacro9"="Yes"
.
[HKEY_USERS\S-1-5-21-918244078-1702145985-1200703881-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ce,57,0e,b5,53,d9,df,82,62,5c,84,fe,2c,5c,6d,c5,5a,06,44,35,1e,
   3f,bf,29,f2,34,ea,9b,e6,38,e7,f2,c2,ca,a4,f8,da,80,7f,3b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-918244078-1702145985-1200703881-1001_Classes\Wow6432Node\CLSID\{e15180d1-26bc-48da-b41f-41df78e36918}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012c
"Therad"=dword:0000001a
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.

Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

----------------------- Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-02-08  00:02:04 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-08 05:01
ComboFix2.txt  2012-01-22 18:53
.
Pre-Run: 149,564,719,104 bytes free
Post-Run: 149,514,145,792 bytes free
.
- - End Of File - - D88FDE4E5E99D7FB07054289BB1CE93A

Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

Kaspersky

 

Status: Quarantined   (events: 1)    
2/8/2012 11:15:52 AM    Quarantined    virus HEUR:Trojan.Script.Iframer    C:\Documents and Settings\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\KIE8CBXZ\preloader[1].js    High    
Status: Disinfected   (events: 11)    
2/8/2012 11:15:26 AM    Disinfected    Trojan program Trojan.Java.Agent.aw    C:\Documents and Settings\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\129855a-1f2502a0    High    
2/8/2012 11:15:26 AM    Disinfected    Trojan program Trojan.Java.Agent.aw    C:\Documents and Settings\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\129855a-1f2502a0/photo/Crop.class    High    
2/8/2012 11:15:25 AM    Disinfected    Trojan program Trojan-Downloader.Java.Agent.js    C:\Documents and Settings\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1e85d4b7-2d716c6e    High    
2/8/2012 11:15:25 AM    Disinfected    Trojan program Trojan-Downloader.Java.Agent.js    C:\Documents and Settings\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1e85d4b7-2d716c6e/mordor/saruman.class    High    
2/8/2012 11:15:26 AM    Disinfected    Trojan program Trojan.Java.Agent.aw    C:\Documents and Settings\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\129855a-1f2502a0/photo/Image.class    High    
2/8/2012 11:15:26 AM    Disinfected    Trojan program Trojan.Java.Agent.aw    C:\Documents and Settings\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\129855a-1f2502a0/photo/MultiZoom.class    High    
2/8/2012 11:15:26 AM    Disinfected    Trojan program Trojan.Java.Agent.aw    C:\Documents and Settings\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\129855a-1f2502a0/photo/Zoom.class    High    
2/8/2012 11:15:26 AM    Disinfected    Trojan program Exploit.Java.CVE-2010-0840.d    C:\Documents and Settings\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\217c7907-1de9193f    High    
2/8/2012 11:15:26 AM    Disinfected    Trojan program Exploit.Java.CVE-2010-0840.d    C:\Documents and Settings\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\217c7907-1de9193f/encode/ISO.class    High    
2/8/2012 11:25:18 AM    Disinfected    Trojan program Exploit.Linux.Lotoor.an    C:\Downloads\NT-1.4.1root_1.02.zip    High    
2/8/2012 11:25:18 AM    Disinfected    Trojan program Exploit.Linux.Lotoor.an    C:\Downloads\NT-1.4.1root_1.02.zip/rooting/bin/zergRush    High    
Status: Deleted   (events: 1)    
2/8/2012 12:09:14 PM    Deleted    Trojan program Exploit.Linux.Lotoor.an    C:\ntroot\zergRush    High    


Please use plain text.