Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan/adware/spyware Issues


  • Please log in to reply
7 replies to this topic

#1 PMad

PMad

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 13 August 2007 - 12:41 AM

Im having alot of problems with adware, spyware, downloaders, and trojans on this computer. I did a scan with McAfee, and it deleted over 100 trojans, and a bunch of other junk. Well just when i thought i had everything fixed, i watched 5 McAfee windows come up telling me its just deleted a trojan, which tells me there's a downloader on the computer since i had just finished scanning the computer 3 times. Ive used VundoFix, and deleted all kinds of files. After it finished i ran it again, and it didnt find anything, i ran HiJack This, and ComboFix. Here are the logs from HiJakcThis and ComboFix. Somebody please help me get rid of all the junk on here :flowers:


Logfile of HijackThis v1.99.1
Scan saved at 10:36:41 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nineman.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53D08093-5F9E-42E0-894E-8B25175F58BD} - C:\WINDOWS\ysssa.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BB00410-1CED-4859-A4B2-68764558291B}: NameServer = 204.119.27.52,204.119.27.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe









===========================================================================
===========================================================================
---------------------------------------------------------------------------------------------------------------------------------------









ComboFix 07-08-09.3 - "Jason" 2007-08-12 22:13:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.188 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\blocker.cur
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cursorcafe.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cursorcafeA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\games.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\gamesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\logo.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\logoxp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\moviesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\PopupBlocker.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\PopupBlockerHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\popupblockerhotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\popupblockerxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Reference.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\ReferenceHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\referencehotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\referencexp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\screensaverA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\Travel.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\blocker.cur
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\cursorcafe.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\cursorcafeA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\games.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\gamesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\logo.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\logoxp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\moviesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\PopupBlocker.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\PopupBlockerHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\popupblockerhotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\popupblockerxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\Reference.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\ReferenceHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\referencehotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\referencexp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\screensaverA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\Travel.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\JASONF~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\SA58YH64\www.broadcaster.com
C:\DOCUME~1\JASONF~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\SA58YH64\www.broadcaster.com\bc_video_vars.sol
C:\DOCUME~1\JASONF~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\JASONF~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\JASONF~1\APPLIC~1.\searchtoolbarcorp
C:\DOCUME~1\JASONF~1\APPLIC~1\..\err.log
C:\DOCUME~1\JASONF~1\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\JASONF~1\APPLIC~1\WinAntiVirus Pro 2006\Logs\update.log
C:\DOCUME~1\JASONF~1\APPLIC~1\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\DOCUME~1\JASONF~1\APPLIC~1\WinAntiVirus Pro 2006\Logs\winav.log
C:\DOCUME~1\JASONF~1\APPLIC~1\WinAntiVirus Pro 2006\PGE.dat
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\1055531.sdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\1065003.sdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\1385459.sdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\1385598.sdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\1386476.sdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\1389182.sdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\1399269.sdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\2896152.sdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\hstat\33ac.dat
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\20106
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\20128
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\20501
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\20517
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\20570
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\258537
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\26664
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\35047
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\371665
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\39289
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\42425
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\46021
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\4765
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\531510
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\578081
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\578140
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\59844
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\61837
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\64961
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\65933
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\66836
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\68370
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\73476
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\79079
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\82292
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\85062
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\90358
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\95666
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\95740
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\ustat\33ac.dat
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\ads.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\btntrans.idx
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\btntrans1.dat
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\business_promo.htm
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\buttondir.txt
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\components.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\default.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_new.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\icons2.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\keywords.idx
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\keywords1.dat
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\layout.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\progress.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\sales_buttons.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\theweb.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\top7.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\ads.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\btntrans.idx
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\btntrans1.dat
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\business_promo.htm
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\buttondir.txt
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\components.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\default.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz1.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz10.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz11.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz12.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz13.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz14.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz15.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz16.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz17.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz18.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz19.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz2.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz20.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz3.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz4.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz5.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz6.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz7.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz8.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_bidz9.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_Games.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_jemster.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_jemsteruk.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_jobsearch.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_new.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_premium.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_reun.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_weather.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\email-t1-bg.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\hotbar-premium.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\icons2.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\keywords.idx
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\keywords1.dat
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\layout.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\progress.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\sales_buttons.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\t2_bg.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\theweb.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\top7.cdf
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\2\tsd_bg.res
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\country.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\default.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Games\GamesOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Games\GamesOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Layouts\PreferencesLayout.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Layouts\PreferencesLayout.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Layouts\ToolbarLayout.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Manager\ManagerOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Movies\MoviesOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Movies\MoviesOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Reference\ReferenceOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Reference\ReferenceOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Screensavers\ScreensaversOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Screensavers\ScreensaversOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\SearchMatch\SearchMatchOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\WHITNE~1\APPLIC~1\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\WHITNE~1\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\WHITNE~1\APPLIC~1\WinAntiVirus Pro 2006\Logs\update.log
C:\DOCUME~1\WHITNE~1\APPLIC~1\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\DOCUME~1\WHITNE~1\APPLIC~1\WinAntiVirus Pro 2006\Logs\winav.log
C:\DOCUME~1\WHITNE~1\APPLIC~1\WinAntiVirus Pro 2006\PGE.dat
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\log.txt
C:\Program Files\Common Files\Companion Wizard\log.txt
C:\Program Files\Common Files\winantivirus pro 2006
C:\Program Files\HbTools
C:\Program Files\HbTools\Dell Photo AIO Printer 922\ConvDIB.dll
C:\Program Files\HbTools\Dell Photo AIO Printer 922\dlbtaior.dll
C:\Program Files\HbTools\Dell Photo AIO Printer 922\dlbtaiox.exe
C:\Program Files\HbTools\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\HbTools\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\HbTools\Dell Photo AIO Printer 922\dlbtgf.dll
C:\Program Files\HbTools\Dell Photo AIO Printer 922\dlbtjswr.dll
C:\Program Files\HbTools\Dell Photo AIO Printer 922\dlbtmcro.dll
C:\Program Files\HbTools\HbTools.log
C:\Program Files\vsadd-in
C:\Program Files\winantivirus pro 2006
C:\Program Files\WinAntiVirus Pro 2006\msvcp71.dll
C:\Program Files\winantivirus pro 2006\msvcp71.dll
C:\Program Files\winantivirus pro 2006\msvcr71.dll
C:\Program Files\WinAntiVirus Pro 2006\msvcr71.dll
C:\WINDOWS\system32\aasriuqu.dll
C:\WINDOWS\system32\fuuqswom.dll
C:\WINDOWS\system32\hicjtgrt.dll
C:\WINDOWS\SYSTEM32\jvovccak.ini
C:\WINDOWS\system32\kaccvovj.dll
C:\WINDOWS\SYSTEM32\mowsquuf.ini
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\DomainService
-------\FOPN
-------\vspf
-------\vspf_hk


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-12 22:12 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 21:50 <DIR> d-------- C:\hijackthis
2007-08-12 21:41 <DIR> d-------- C:\VundoFix Backups
2007-08-12 21:01 75,284 --a------ C:\WINDOWS\SYSTEM32\hvdaclia.exe
2007-08-12 20:58 <DIR> d-------- C:\DOCUME~1\WHITNE~1\APPLIC~1\SiteAdvisor
2007-08-12 20:52 75,284 --a------ C:\WINDOWS\SYSTEM32\ppgntjss.exe
2007-08-12 19:41 75,284 --a------ C:\WINDOWS\SYSTEM32\mneepnfm.exe
2007-08-12 17:58 75,284 --a------ C:\WINDOWS\SYSTEM32\oekstvwo.exe
2007-08-12 16:53 75,284 --a------ C:\WINDOWS\SYSTEM32\mbemcpra.exe
2007-08-12 15:41 <DIR> d-------- C:\Program Files\MSBuild
2007-08-12 15:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2007-08-12 15:32 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-12 15:28 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2007-08-12 15:27 <DIR> d-------- C:\b41ac839183650af72e96d3ec6
2007-08-12 14:52 36,352 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2007-08-12 14:52 288,768 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2007-08-12 14:52 116,736 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2007-08-12 14:41 75,284 --a------ C:\WINDOWS\SYSTEM32\lnptsbki.exe
2007-08-12 14:37 1,688,450 ---hs---- C:\WINDOWS\asssy.ini2
2007-08-12 14:23 <DIR> d-------- C:\DOCUME~1\JASONF~1\APPLIC~1\McAfee
2007-08-12 14:12 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-08-12 14:12 <DIR> d-------- C:\DOCUME~1\JASONF~1\APPLIC~1\SiteAdvisor
2007-08-12 14:10 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-08-12 14:07 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-08-12 14:07 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-08-12 14:07 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-08-12 14:07 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-08-12 14:07 170,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-08-12 14:06 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-08-12 14:04 <DIR> d-------- C:\Program Files\McAfee.com
2007-08-12 14:03 <DIR> d-------- C:\Program Files\McAfee
2007-08-12 14:03 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-08-12 14:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-12 13:20 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2007-08-12 13:20 21,504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2007-08-12 13:20 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2007-08-12 13:20 14,848 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
2007-08-12 13:20 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2007-08-12 13:20 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2007-08-08 08:34 75,284 --a------ C:\WINDOWS\SYSTEM32\kxbyvvag.exe
2007-08-03 19:24 121,876 --a------ C:\WINDOWS\SYSTEM32\jpubapgs.dll
2007-07-31 20:23 121,876 --a------ C:\WINDOWS\SYSTEM32\pyokcpoi.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 21:01 1700940 ---hs---- C:\WINDOWS\asssy.bak2
2007-08-12 20:57 --------- d-------- C:\Program Files\MSN Messenger
2007-08-12 14:00 --------- d-------- C:\Program Files\Dell Photo AIO Printer 922
2007-08-12 13:56 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-12 13:33 --------- d-------- C:\Program Files\Real
2007-08-12 13:33 --------- d-------- C:\Program Files\Common Files\Real
2007-08-12 13:27 --------- d-------- C:\DOCUME~1\JASONF~1\APPLIC~1\Lavasoft
2007-08-07 20:57 1739209 ---hs---- C:\WINDOWS\asssy.bak1
2007-08-03 18:11 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-05-20 08:35 280644 ---hs---- C:\WINDOWS\Fonts.\xepewb.dll
2007-05-16 08:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2006-10-30 22:41 0 --a------ C:\Program Files\Common Files\err.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53D08093-5F9E-42E0-894E-8B25175F58BD}]
C:\WINDOWS\ysssa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 09:43]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 12:45]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 05:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 05:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 05:36]
"ERS_check"="C:\Program Files\Common Files\ers_startupmon.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Jason Ford\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 11:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 11:04:12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\requester]
"C:\WINDOWS\system32\requester.10.exe"

R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys
R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys
R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys
R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys
R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 sermouse;Serial Mouse Driver;C:\WINDOWS\system32\DRIVERS\sermouse.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{377a5851-ea30-11db-8953-0011113656b2}]
AutoRun\command- F:\Autorun.exe /run
Shell00\Command- F:\Autorun.exe /run
Shell01\Command- F:\Autorun.exe /action
Shell02\Command- F:\Autorun.exe /uninstall


Contents of the 'Scheduled Tasks' folder
2007-08-04 23:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2005-01-05 22:45:59 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
2007-08-12 21:05:34 C:\WINDOWS\Tasks\McDefragTask.job - C:\WINDOWS\system32\DEFRAG.EXE
2007-08-12 21:05:33 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-08-13 05:22:10 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 22:21:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 22:24:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 22:23

--- E O F ---


(Sorry for posting in the wrong section, didnt see this section at all! After signing up it put me where i was and i posted there :thumbsup: )
Moved from the XP Forum. ~acklan~

Edited by PMad, 13 August 2007 - 12:55 AM.


BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:02 AM

Posted 13 August 2007 - 06:04 AM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {53D08093-5F9E-42E0-894E-8B25175F58BD} - C:\WINDOWS\ysssa.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Download: DelDomains.inf
Locate DelDomains.inf right-click and select: Install
Note: you will not see any on-screen action ...
This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.
Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplyed.

MySpace is not safe and I do not recommend it to anyone. You may also want to read these blogs:
MySpace malware -- for the unpatched
Hacked Ad Seen on MySpace Served Spyware to a Million
MySpace users hit by hacker virus

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\WINDOWS\SYSTEM32\hvdaclia.exe
C:\WINDOWS\SYSTEM32\ppgntjss.exe
C:\WINDOWS\SYSTEM32\mneepnfm.exe
C:\Program Files\Common Files\ers_startupmon.exe
C:\WINDOWS\SYSTEM32\oekstvwo.exe
C:\WINDOWS\SYSTEM32\mbemcpra.exe
C:\WINDOWS\SYSTEM32\kxbyvvag.exe
C:\WINDOWS\SYSTEM32\jpubapgs.dll
C:\WINDOWS\SYSTEM32\pyokcpoi.dll
C:\WINDOWS\asssy.bak2
C:\WINDOWS\asssy.bak1
C:\WINDOWS\system32\requester.10.exe

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° If prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the box --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

Reboot back into normal mode.

Please perform this online scan: Kaspersky Webscan
Note that this scanner will only work on Internet Explorer, so please use this browser for the scan.
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

#3 PMad

PMad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 13 August 2007 - 11:18 PM

Ok, so i did everything you said and i ran into one problem.. When i do that last online virus scan, my IE just closes at the end with no warnings, and no dialog boxes.. So i have no way of getting a log file, but it said it found 2 virus's.. I think both of them were the java JAR files but im not 100% certain, anyway here's the hijackthis log, please let me know what to do next, maybe i did something wrong


Logfile of HijackThis v1.99.1
Scan saved at 9:18:20 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nineman.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BB00410-1CED-4859-A4B2-68764558291B}: NameServer = 204.119.27.52,204.119.27.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:02 AM

Posted 14 August 2007 - 04:58 AM

Hi there, good work! :thumbsup:

Quite a lot of people have problems with online scanners, so I don't think it's anything to worry about.
If you saw infected .jar extensions (which are common) we need to remove them first,

Click Start > Control Panel.

Double-click the Java icon in the control panel.
The Java Control Panel appears.
Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.

Click Delete Files.
The Delete Temporary Files dialog box appears.

There are three options on this window to clear the cache.
- Delete Files
- View Applications
- View Applets
Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window.

Please visit Panda Online to carry out a virus scan.
Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.

When download is complete, click on Local Disks to start the scan.
When the scan completes, click the See Report button.
Click Save Report and save the file to your desktop.
Post the contents of the report in your next reply, along with a new Hijackthis log.

#5 PMad

PMad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 14 August 2007 - 09:22 PM

ok, panda virus scan closed on me the first 2 times but the 3rd time it stayed open and i got the log files. The first time panda scanned it found a bunch of virus's and deleted them, but they wont show in this log because it didnt find any the last 2 times. Heres the logs starting with hijackthis



Logfile of HijackThis v1.99.1
Scan saved at 7:20:20 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nineman.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BB00410-1CED-4859-A4B2-68764558291B}: NameServer = 204.119.27.52,204.119.27.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe










Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jason Ford\Cookies\jason_ford@2o7[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Ford\Cookies\jason_ford@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Ford\Cookies\jason_ford@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason Ford\Cookies\jason_ford@drivecleaner[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason Ford\Cookies\jason_ford@go[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jason Ford\Cookies\jason_ford@stats1.reliablestats[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jason Ford\Cookies\jason_ford@winantispyware[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Jason Ford\Desktop\ComboFix.exe[nircmd.exe]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@888[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@cassava[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@citi.bridgetrack[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@clickbank[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@counter.hitslink[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@errorsafe[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@go.drivecleaner[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@qksrv[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@stats.drivecleaner[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@target[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@www.burstbeacon[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@www.errorsafe[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@www.myaffiliateprogram[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@www.winantiviruspro[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney ford@www.winantivirus[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@drivecleaner[2].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@mysearch[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@stats1.reliablestats[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@statse.webtrendslive[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@systemdoctor[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@winantivirus[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@www.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Whitney Ford\Cookies\whitney_ford@www.systemdoctor[1].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Morpheus\morpheustoolbar.exe
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aasriuqu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fuuqswom.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kaccvovj.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\amqxoova.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\btehajqg.dll.bad
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\bxncksou.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\cwlcuvdf.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\diyixhpt.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\fecejoqd.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ghfhjnqq.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ghfwhfni.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\imsdtueo.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\lfcilyki.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\lonahfgq.dll.bad
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\mqsmptrl.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mxtrpcfs.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\myynyxyc.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nmwhmpye.dll.bad
Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\nqxjgwuy.exe.bad
Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\oytunxjh.exe.bad
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\pjpmwmee.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\prdstbbt.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\pvycguoq.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\qlcrojhn.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\qsvqbfon.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\rafuoojn.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\rlskcman.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\thseiwgp.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ysssa.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\Fonts\xepewb.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:application/altnet Not disinfected C:\WINDOWS\smdat32a.sys
Potentially unwanted tool:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM32\lnptsbki.exe

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:02 AM

Posted 15 August 2007 - 03:52 AM

Good work! Let's continue.. :thumbsup:

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\WINDOWS\SYSTEM32\lnptsbki.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\Fonts\xepewb.dll
C:\VundoFix Backups
C:\QooBox

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° If prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the box --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

Reboot back into normal mode and post a new Hijackthis log, and let me know how the PC is running.

#7 PMad

PMad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 15 August 2007 - 12:49 PM

Everything is running alot better now, but i have no clue if everything is fixed or not :thumbsup:

Also what would you consider the best antivirus/firewall/spyware/adware program to be? Right now im using McAfee Security Center, the one that came out last year...

Here's the log file:



Logfile of HijackThis v1.99.1
Scan saved at 10:46:05 AM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nineman.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BB00410-1CED-4859-A4B2-68764558291B}: NameServer = 204.119.27.52,204.119.27.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0134671187199436) (0134671187199436mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\013467~1.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:02 AM

Posted 15 August 2007 - 04:25 PM

Glad I could help! :flowers:
The latest log is looking clean!
Follow this list and your potential for being infected again will be reduced dramatically.
Personally, I find Kaspersky to be my antivirus program of choice, though you have to pay for it.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.
:thumbsup: If you wish to learn how to use HijackThis to remove malware, you might like to join the Malware Removal Training Program!

If you have any addition questions just ask...
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users