Jump to content

Malware wont run


Recommended Posts

My computer caught a virus before, but was cleaned. i'm pretty sure it caught another one now. Malware and McAfee were workin, but they stopped, i unistalled them then installed them again, but now they wont run. i used a usb to install them from another computer but they still wont run. I tried renaming Malware ,but it still wont open. PLEASE!! HELP ME!

DARAN D.

Link to post
Share on other sites

Hello DARAN! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install any software or hardware, while work on.

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.

Link to post
Share on other sites

I truly really appreciate your help Borislav and i apoligize for taking so long to respond, but my computer is really acting up, it only starts up some of the time now and I don't know why, but I cant get online using it. Is it possible to download combofix from a flash drive and copy past the log on a on the flash and send it?

Link to post
Share on other sites

i was able to get online and do the combofix procedure here's my log....it's attached also.

ComboFix 10-04-01.02 - JEREMI D 04/03/2010 4:04.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1573 [GMT -4:00]

Running from: c:\documents and settings\JEREMI D\Desktop\Combo-Fix.exe

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Created a new restore point

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

c:\documents and settings\All Users\Application Data\HotbarSA

c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA.dat

c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat

c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht

c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAau.dat

c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht

c:\documents and settings\All Users\Start Menu\PersonalAV

c:\documents and settings\All Users\Start Menu\Programs\Hotbar

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Games!.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Weather.lnk

c:\documents and settings\DONALD PATTON\Application Data\Desktopicon

c:\documents and settings\DONALD PATTON\Application Data\Desktopicon\eBayShortcuts.exe

c:\documents and settings\DONALD PATTON\Application Data\ShoppingReport

c:\documents and settings\DONALD PATTON\Application Data\ShoppingReport\cs\Config.xml

c:\documents and settings\DONALD PATTON\Application Data\ShoppingReport\cs\db\Aliases.dbs

c:\documents and settings\DONALD PATTON\Application Data\ShoppingReport\cs\db\Sites.dbs

c:\documents and settings\DONALD PATTON\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

c:\documents and settings\DONALD PATTON\Application Data\ShoppingReport\cs\report\aggr_storage.xml

c:\documents and settings\DONALD PATTON\Application Data\ShoppingReport\cs\report\send_storage.xml

c:\documents and settings\DONALD PATTON\Application Data\ShoppingReport\cs\res2\WhiteList.dbs

c:\documents and settings\DONALD PATTON\autorun.inf

c:\documents and settings\DONALD PATTON\Start Menu\Programs\QUAD Utilities

c:\documents and settings\DONALD PATTON\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk

c:\documents and settings\DONALD PATTON\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk

c:\documents and settings\JEREMI D\Application Data\Hotbar

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\1.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\3340762.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\3404705.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\3709044.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\3852296.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\3894692.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\600583.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\648971.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\651008.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\668887.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\772095.sdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\domains.txt

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\1000019675

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\104622

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\11174

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\11213

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\116977

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\11891

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\126694

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\1424

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\1491

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\15541

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\1614

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\173081

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\18906

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\198406

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\20106

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\20128

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\218419

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\218859

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\22254

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\223130

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\228229

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\230333

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\237759

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\24098

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\24362

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\252531

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\25810

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\26656

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\26797

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\268125

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\27503

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\278975

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\28062

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\288733

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\29115

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\297534

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\308876

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\30999

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\31828

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\32024

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\32046

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\324616

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\32602

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\32634

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\3416

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\342421

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\34739

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\36598

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\37250

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\38733

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\39245

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\39897

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\40256

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\403305

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\41999

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\42083

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\42351

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\423530

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\42425

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\43120

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\43331

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\43719

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\44228

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\44458

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\449624

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\45351

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\455392

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\45833

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\46021

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\471072

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\472967

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\4765

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\476910

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\477253

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\482360

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\484453

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\488149

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\507892

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\512635

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\514137

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\52335

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\5246

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\532492

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\53312

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\53481

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\539565

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\539752

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\54473

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\549635

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\54984

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\552212

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\55725

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\557784

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\559400

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\559580

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\569524

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\579123

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\57942

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\580792

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\585345

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\59221

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\59844

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\604347

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\622354

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\6304

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\63770

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\64495

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\64605

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\650494

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\6558

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\65770

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\67215

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\67464

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\67895

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\68040

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\68670

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\69263

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\69622

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\71009

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\71340

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\73282

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\738258

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\744513

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\744977

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\745019

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\745082

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\745201

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\745263

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\745452

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\74576

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\747936

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\748176

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\748330

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\748368

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\750039

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\750924

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\752302

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753230

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753250

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753590

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753627

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753634

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\78592

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\78600

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\79246

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\80026

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\80815

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\81010

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\81093

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\81561

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\82292

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\8282

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\83706

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\8443

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\85083

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\85445

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\85522

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\85547

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\86173

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\890

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\89462

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\89658

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\90361

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\91238

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\91276

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\91986

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\92190

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\92930

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\93113

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\93226

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\93899

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\95825

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\98248

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\98250

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\98395

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat\391c.dat

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat\391d.dat

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\ads.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\btntrans.idx

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\btntrans1.dat

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\business_promo.htm

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\buttondir.txt

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\components.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\cursors.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_1000.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_2000.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_3000.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_bar.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_bbar1.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_logos.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_other.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_weather.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\default.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_511745-514279.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz1.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz10.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz11.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz12.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz13.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz14.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz15.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz16.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz17.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz18.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz19.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz2.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz20.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz3.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz4.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz5.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz6.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz7.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz8.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz9.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_categorize.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_comparison.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_explorer-Mails.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_explorer-people.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_favorites.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Games.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Hide.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_hotbarcom.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Hotmail.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_hsskin.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemster.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemsterie.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemsteruk.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jobsearch.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Mails.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_new.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_premium.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_reun.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_ringtones.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_SearchBoxTrapper.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_searchfor.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_searchgo.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_weather.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_yellowpages.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\editblbuttons.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\email-def-511724-548964.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\email-def-511724-9595.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\email-t1-bg.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\gamesmenu.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\gamesMenu.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\hb_ie_menu.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar-premium.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar_promo.htm

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\icons2.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\ie_games_icon.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\ie_video.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\keywords.idx

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\keywords1.dat

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\layout.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\linkpathlegal.txt

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\more.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\new_games.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\progress.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\s_icons_buttons.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\sales_buttons.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\sdfmodifier.xml

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\t2_bg.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\theweb.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\top7.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\Top7_theweb.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\tsd_bg.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\1\weathericon.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\ads.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans.idx

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans1.dat

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\business_promo.htm

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\buttondir.txt

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\components.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\cursors.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_1000.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_2000.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_3000.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bar.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bbar1.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_logos.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_other.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_weather.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\default.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_511745-514279.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz1.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz10.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz11.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz12.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz13.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz14.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz15.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz16.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz17.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz18.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz19.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz2.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz20.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz3.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz4.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz5.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz6.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz7.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz8.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz9.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_categorize.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_comparison.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-Mails.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-people.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_favorites.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Games.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hide.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hotbarcom.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hotmail.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hsskin.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemster.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsterie.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsteruk.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jobsearch.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Mails.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_new.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_premium.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_reun.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_ringtones.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_SearchBoxTrapper.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchfor.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchgo.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_weather.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_yellowpages.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\editblbuttons.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-548964.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-9595.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\email-t1-bg.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesmenu.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesMenu.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\hb_ie_menu.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar_promo.htm

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\icons2.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_games_icon.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_video.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords.idx

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords1.dat

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\layout.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\linkpathlegal.txt

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\more.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\new_games.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\progress.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\s_icons_buttons.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\sales_buttons.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\sdfmodifier.xml

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\t2_bg.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\theweb.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\top7.cdf

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\Top7_theweb.mnu

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\tsd_bg.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\2\weathericon.res

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ads.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans1.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\business_promo.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\cursors.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bar.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\default.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\editblbuttons.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\email-t1-bg.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\gamesmenu.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hb_ie_menu.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar-premium.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar_promo.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\icons2.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_games_icon.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_video.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords1.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\layout.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\more.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\progress.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\s_icons_buttons.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sales_buttons.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.txt

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sdfmodifier.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\t2_bg.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\top7.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\weathericon.xip

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\history

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\Weather_XML\Default

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\Weather_XML\Genera1

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\Weather_XML\General

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\WeatherDPA\Links

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\WeatherDPA\radar-big.jpg

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\WeatherDPA\radar-small

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\WeatherDPA\satellite-big.jpg

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\WeatherDPA\satellite-small

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences

c:\documents and settings\JEREMI D\Application Data\Hotbar\Weather\WeatherStartup.xml

c:\documents and settings\JEREMI D\Application Data\WeatherDPA

c:\documents and settings\JEREMI D\Local Settings\Temporary Internet Files\a1gyd.jpg

c:\documents and settings\JEREMI D\Local Settings\Temporary Internet Files\mOK6Py.jpg

c:\documents and settings\JEREMI D\Local Settings\Temporary Internet Files\ts01S.jpg

c:\documents and settings\JEREMI D\Local Settings\Temporary Internet Files\Vrw2168r.jpg

c:\documents and settings\MARQUEIA DAVIS\Application Data\ShoppingReport

c:\documents and settings\MARQUEIA DAVIS\Application Data\ShoppingReport\cs\Config.xml

c:\documents and settings\MARQUEIA DAVIS\Application Data\ShoppingReport\cs\db\Aliases.dbs

c:\documents and settings\MARQUEIA DAVIS\Application Data\ShoppingReport\cs\db\Sites.dbs

c:\documents and settings\MARQUEIA DAVIS\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

c:\documents and settings\MARQUEIA DAVIS\Application Data\ShoppingReport\cs\report\aggr_storage.xml

c:\documents and settings\MARQUEIA DAVIS\Application Data\ShoppingReport\cs\report\send_storage.xml

c:\documents and settings\MARQUEIA DAVIS\Application Data\ShoppingReport\cs\res2\WhiteList.dbs

C:\Documents

c:\program files\Common Files\Uninstall

c:\program files\QUAD Utilities

c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log

c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner website.url

c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe

c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles

c:\program files\QUAD Utilities\QUAD RegistryCleaner\uninst.exe

c:\program files\QUAD Utilities\QUAD RegistryCleaner\Vista Scheduler.dll

c:\windows\AegisP.inf

c:\windows\AppPatch\AcAdProc.dll

c:\windows\system32\drivers\MSIVXrumpkalsmqgodsmvjsstngnitdlriapy.sys

c:\windows\system32\drivers\ndisrd.sys

c:\windows\system32\drivers\UACwtsdjntilr.sys

c:\windows\system32\MSIVXcount

c:\windows\system32\MSIVXnketvgdnjyrwopyqldyjenawjhgbiwro.dll

c:\windows\system32\MSIVXurycydbpaxonsdhxpbrogfeljdfoqdwm.dll

c:\windows\system32\ndisapi.dll

c:\windows\system32\UACbdqooruhtk.dat

c:\windows\system32\UACerotpqhwxj.dll

c:\windows\system32\uacinit.dll

c:\windows\system32\UACkluhsxdlvr.db

c:\windows\system32\UAClknkospsba.dll

c:\windows\system32\UACniypyifmur.dll

c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_MSIVXserv.sys

-------\Legacy_MSIVXserv.sys

-------\Service_UACd.sys

-------\Legacy_UACd.sys

-------\Legacy_NDISRD

-------\Service_NDISRD

-------\Legacy_SeekService_Service

-------\Service_SeekService Service

((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))

.

2010-03-29 21:36 . 2010-03-29 21:37 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-03-29 07:24 . 2010-03-29 07:24 -------- d-----w- c:\program files\RocketDock

2010-03-29 06:55 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 06:55 . 2010-03-29 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-29 06:55 . 2010-03-29 06:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-29 06:55 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-29 06:51 . 2010-03-29 06:51 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

2010-03-29 06:15 . 2009-09-01 00:07 91672 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-03-29 06:15 . 2009-09-01 00:07 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-03-29 06:15 . 2009-09-01 00:07 70728 ----a-w- c:\windows\system32\mfevtps.exe

2010-03-29 06:15 . 2009-09-01 00:07 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-03-29 06:15 . 2009-09-01 00:07 63728 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2010-03-29 06:15 . 2009-09-01 00:07 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-03-29 06:15 . 2009-09-01 00:07 343664 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-03-29 06:15 . 2010-03-29 06:15 -------- d-----w- c:\program files\Common Files\McAfee

2010-03-29 06:14 . 2010-03-29 06:15 -------- d-----w- c:\program files\McAfee

2010-03-29 06:14 . 2010-03-29 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-03-29 04:30 . 2010-03-29 04:30 -------- d-----w- c:\documents and settings\JEREMI D\Local Settings\Application Data\AOL

2010-03-11 01:39 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-03 08:47 . 2009-01-03 19:56 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-04-03 08:47 . 2008-07-26 04:33 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-04-03 07:46 . 2009-09-10 23:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-04-03 07:28 . 2009-01-03 19:57 17408 -c--a-w- c:\windows\system32\rpcnetp.dll

2010-03-29 07:11 . 2008-07-26 03:52 81264 ----a-w- c:\windows\system32\nvModes.dat

2010-03-29 07:01 . 2009-09-10 23:35 -------- d-----w- c:\program files\SpywareBlaster

2010-03-29 05:24 . 2008-07-26 04:31 -------- d-----w- c:\program files\CyberLink

2010-03-29 05:24 . 2008-07-26 04:10 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-29 05:24 . 2009-02-06 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2010-03-29 05:23 . 2009-01-11 06:26 -------- d-----w- c:\program files\NCH Swift Sound

2010-03-29 05:17 . 2009-01-11 06:24 -------- d-----w- c:\program files\NCH Software

2010-03-29 05:16 . 2009-12-24 06:41 -------- d-----w- c:\program files\MediaMonkey

2010-03-29 04:36 . 2009-12-28 00:31 -------- d-----w- c:\program files\DebugMode

2010-03-29 04:35 . 2009-04-04 00:18 -------- d-----w- c:\program files\AVS4YOU

2010-03-29 04:35 . 2009-04-04 00:18 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-03-29 04:31 . 2009-04-16 01:43 -------- d-----w- c:\program files\Common Files\AOL

2010-03-29 04:20 . 2010-02-07 07:14 -------- d-----w- c:\program files\DivX

2010-03-12 03:28 . 2009-01-11 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-03-07 06:08 . 2009-11-18 03:17 -------- d-----w- c:\documents and settings\JEREMI D\Application Data\Skype

2010-03-07 05:09 . 2009-11-18 03:19 -------- d-----w- c:\documents and settings\JEREMI D\Application Data\skypePM

2010-03-04 05:36 . 2010-03-04 05:36 -------- d-----w- c:\documents and settings\JEREMI D\Application Data\Blender Foundation

2010-03-04 02:32 . 2010-03-04 02:32 -------- d-----w- c:\documents and settings\JEREMI D\Application Data\AVS4YOU

2010-02-25 06:24 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-19 22:37 . 2010-02-19 22:37 -------- d-----w- c:\program files\Opera

2010-02-08 21:16 . 2009-11-26 23:20 -------- d-----w- c:\documents and settings\JEREMI D\Application Data\LimeWire

2010-02-08 21:16 . 2009-01-18 06:16 -------- d-----w- c:\program files\LimeWire

2010-02-08 05:35 . 2010-02-08 05:35 -------- d-----w- c:\program files\iTunes

2010-02-08 05:35 . 2010-02-08 05:35 -------- d-----w- c:\program files\iPod

2010-02-08 05:35 . 2009-01-18 06:26 -------- d-----w- c:\program files\Common Files\Apple

2010-02-08 05:09 . 2010-02-08 05:09 10752 ----a-w- c:\windows\DCEBoot.exe

2010-02-07 01:54 . 2010-02-07 01:54 -------- d-----w- c:\program files\QuickTime

2010-02-05 20:43 . 2009-09-21 20:03 13160 ----a-w- c:\windows\system32\Upgrd.exe

2010-02-05 20:43 . 2006-12-01 23:37 56680 ----a-w- c:\windows\system32\rpcnet.exe

2010-01-23 00:51 . 2010-01-23 00:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2009-09-01 00:07 . 2010-03-29 06:15 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]

2009-05-08 19:00 86016 ----a-w- c:\program files\oovootb\oovoodx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-05-08 86016]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-26 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-04-16 02:49 159744 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2008-02-22 17:43 1245184 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-12-20 11:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]

2009-05-27 20:46 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2007-05-31 20:50 67584 ----a-w- c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]

2009-11-25 23:24 18440376 ----a-w- c:\program files\ooVoo\ooVoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\ooVoo\\ooVoo.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [4/29/2009 8:07 PM 21256]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/29/2010 2:15 AM 70728]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/15/2009 9:43 PM 24652]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]

S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [12/28/2009 2:00 AM 25728]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/29/2010 2:15 AM 65448]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com?o=15450&l=dis

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-zpx19.tmp - c:\windows\system32\zpx19.tmp

HKCU-Run-SecureFighter - c:\program files\SecureFighter Software\SecureFighter\SecureFighter.exe

HKCU-Run-XtraRichi - c:\program files\Richi\Richi_Skype_Com.exe

MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll

MSConfigStartUp-PDVDDXSrv - c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

AddRemove-QUAD RegistryCleaner - c:\program files\QUAD Utilities\QUAD RegistryCleaner\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-03 04:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

XtraRichi = c:\program files\Richi\Richi_Skype_Com.exe /OnStartUp???????????????????-??|8????? *???? ??|h??|????a??|Nj?w?j?w??N?????????????????????@?????????????????N?????????h???????p???x??w?j?w?????j?w?k?w?????????p?w???????????????????????????????1???????????|r?

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,2a,9e,28,e1,c3,23,48,bd,4c,83,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,2a,9e,28,e1,c3,23,48,bd,4c,83,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1256)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(3824)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\program files\RocketDock\RocketDock.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\rpcnet.exe

c:\windows\system32\StacSV.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\McAfee\VirusScan Enterprise\mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-04-03 04:56:43 - machine was rebooted

ComboFix-quarantined-files.txt 2010-04-03 08:56

Pre-Run: 40,033,665,024 bytes free

Post-Run: 41,018,568,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B6A9ADA217ADDBE404B4524C8F8CC6D7

Link to post
Share on other sites

also here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 5:16:43 AM, on 4/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\rpcnet.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15450&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2080726

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe

O4 - S-1-5-18 Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 10708 bytes

Link to post
Share on other sites

Here is the add-remove programs log

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AuthenTec Fingerprint Sensor Minimum Install

biolsp patch

Bluetooth Stack for Windows by Toshiba

Bonjour

Browser Address Error Redirector

Conexant HDA D330 MDC V.92 Modem

Critical Update for Windows Media Player 11 (KB959772)

Debut Video Capture Software

Dell Drivers MSI

Dell Embassy Trust Suite by Wave Systems

Dell Touchpad

Digital Line Detect

EMBASSY Security Setup

ESC Home Page Plugin

Gemalto

GemSafe Standard Edition 5.1

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

HTC Driver

HTC Sync

Intel® PROSet/Wireless Software

IntelliSonic Speech Enhancement

iTunes

Java 6 Update 14

Java 6 Update 5

Logitech Desktop Messenger

Logitech QuickCam

Logitech QuickCam Driver Package

Malwarebytes' Anti-Malware

McAfee Agent

McAfee VirusScan Enterprise

mCore

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

mIWA

mLogView

mMHouse

MobileMe Control Panel

Modem Diagnostic Tool

mPfMgr

mPfWiz

mProSafe

mSCfg

MSN

mSSO

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

mWlsSafe

mWMI

mZConfig

NCH Toolbox

NetWaiting

ooVoo

ooVoo Toolbar (Remove Toolbar Only)

Opera 10.10

PhotoStage Slideshow Producer

QUAD RegistryCleaner v.1.5.97

QuickSet

QuickTime

RocketDock 1.3.5

Roxio Activation Module

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler 3

Roxio Update Manager

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB978380)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978706)

SeekService 1.0 build 139

Skype web features

Skype

Link to post
Share on other sites

Step 1:

Please uninstall the following applications:

Adobe Reader 9.1

Spelling Dictionaries Support For Adobe Reader 9

ooVoo Toolbar (Remove Toolbar Only)

After finish our work, please download and install the latest version of Adobe Reader from:

http://www.adobe.com

Step 2:

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3:

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 4:

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

* JavaRa log

* MalwareBytes' Anti-Malware log

* HijackThis log (new)

Link to post
Share on other sites

Here are the three logs:

JavaRa

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Apr 03 15:23:04 2010

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

------------------------------------

Finished reporting.

Malwarebytes' Log

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/3/2010 4:35:57 PM

mbam-log-2010-04-03 (16-35-57).txt

Scan type: Quick Scan

Objects scanned: 139315

Time elapsed: 24 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SecureFighter (Rogue.SecureFighter) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:

(No malicious items detected)

Hiackthis Log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 4:37:53 PM, on 4/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\rpcnet.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15450&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2080726

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - S-1-5-18 Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 9644 bytes

Link to post
Share on other sites

Your version of MalwareBytes' Anti-Malware and your database version is old, so:

  1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  2. Restart your computer (very important).
  3. Download and run this utility: mbam-clean.exe
  4. It will ask to restart your computer (please allow it to).
  5. Download the latest verison 1.45 from: http://www.malwarebytes.org/mbam.php
  6. Install it.

Then:

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply with new fresh HJT log.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

sorry i took so long here is the malware log

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3954

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/4/2010 9:38:50 PM

mbam-log-2010-04-04 (21-38-50).txt

Scan type: Quick scan

Objects scanned: 128398

Time elapsed: 21 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekservice (Adware.SeekService) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\SeekService (Adware.SeekService) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\JEREMI D\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\SeekService (Adware.SeekService) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\SeekService\seekservice.dll (Adware.SeekService) -> Quarantined and deleted successfully.

C:\Program Files\SeekService\seekservice.exe (Adware.SeekService) -> Quarantined and deleted successfully.

C:\Program Files\SeekService\uninstall.exe (Adware.SeekService) -> Quarantined and deleted successfully.

HJT LOG

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 9:48:29 PM, on 4/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\rpcnet.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15450&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2080726

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - S-1-5-18 Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 9483 bytes

Link to post
Share on other sites

its starting up and lettinme open my programs up. My internets a little slow, but ill just download a different browser. It looks pretty good to me, and i cant tell you how much i appreciate you walking through these steps with me. GOD Bless you!

Daran D.

Link to post
Share on other sites

Good work, Daran! All the best and I want you to you! :)

About the browser: I'm using Opera 10.51 Final and I'm very pleased, because 10.50 is very fast. I see that you use 10.10, not quite so fast in comparison with newer versions of Opera. Could uninstall your Opera and to download the latest version from here:

http://www.opera.com/download/

The fastest browser in my opinion remains, Google Chrome. I am very pleased with him too! It is times faster, safer, lighter and smaller in size.

http://www.google.com/chrome

Some final steps:

Step 1:

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2:

Please manually delete: mbam-clean ; JavaRa ;

Step 3:

Some malware preventions:

http://miekiemoes.blogspot.com/2008/02/how...nt-malware.html

For slow computer:

http://miekiemoes.blogspot.com/2008/02/hel...er-is-slow.html

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.