Trojan virus - Free Antivirus Forum

Trojan virus

BullGuard Antivirus Forum > Virus Removal > Removal Help > Trojan virus

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

kprincess
New Member

Date Joined May 2008
Total Posts : 5

Posted 5-10-2008 6:37 (GMT +2)

I had it pop up earlier, but now it's gone. I'm making sure it's still not hiding in there somewhere. did the 3 logs:

HIJACK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:23 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ira.NONE-B2F9530204\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 6937 bytes

ANTI SPYWARE

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/09/2008 at 08:52 PM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 01:45:32

Memory items scanned : 481
Memory threats detected : 0
Registry items scanned : 5877
Registry threats detected : 133
File items scanned : 26691
File threats detected : 158

Adware.HotBar/ShopperReports (Low Risk)
HKLM\Software\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32#ThreadingModel
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\ProgID
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\TypeLib
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\VersionIndependentProgID
C:\PROGRAM FILES\SHOPPINGREPORT\BIN\2.5.0\SHOPPINGREPORT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

Adware.Zango/ShoppingReport
HKLM\Software\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32#ThreadingModel
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\TypeLib
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID
HKU\S-1-5-21-1202660629-789336058-1957994488-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
HKCR\ShoppingReport.HbAx
HKCR\ShoppingReport.HbAx\CLSID
HKCR\ShoppingReport.HbAx\CurVer
HKCR\ShoppingReport.HbAx.1
HKCR\ShoppingReport.HbAx.1\CLSID
HKCR\ShoppingReport.HbInfoBand
HKCR\ShoppingReport.HbInfoBand\CLSID
HKCR\ShoppingReport.HbInfoBand\CurVer
HKCR\ShoppingReport.HbInfoBand.1
HKCR\ShoppingReport.HbInfoBand.1\CLSID
HKCR\ShoppingReport.IEButton
HKCR\ShoppingReport.IEButton\CLSID
HKCR\ShoppingReport.IEButton\CurVer
HKCR\ShoppingReport.IEButton.1
HKCR\ShoppingReport.IEButton.1\CLSID
HKCR\ShoppingReport.IEButtonA
HKCR\ShoppingReport.IEButtonA\CLSID
HKCR\ShoppingReport.IEButtonA\CurVer
HKCR\ShoppingReport.IEButtonA.1
HKCR\ShoppingReport.IEButtonA.1\CLSID
HKCR\ShoppingReport.RprtCtrl
HKCR\ShoppingReport.RprtCtrl\CLSID
HKCR\ShoppingReport.RprtCtrl\CurVer
HKCR\ShoppingReport.RprtCtrl.1
HKCR\ShoppingReport.RprtCtrl.1\CLSID
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Control
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32#ThreadingModel
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Programmable
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\TypeLib
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Version
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32#ThreadingModel
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\Programmable
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\TypeLib
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32#ThreadingModel
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\Programmable
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\TypeLib
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\FLAGS
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version
HKU\S-1-5-21-1202660629-789336058-1957994488-1005\Software\ShoppingReport
HKLM\Software\ShoppingReport
HKLM\Software\ShoppingReport#affid
HKLM\Software\ShoppingReport#Version
HKLM\Software\ShoppingReport#ProductName
HKLM\Software\ShoppingReport#requestor
HKLM\Software\ShoppingReport#SG_Not_Set
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#Publisher
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Default Visible
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ButtonText
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#HotIcon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Icon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ClsidExtension
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension
C:\Program Files\ShoppingReport\Bin\2.5.0
C:\Program Files\ShoppingReport\Bin
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\ShoppingReport
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\db
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\dwld
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\report
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs\res1
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport\cs
C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ShoppingReport
C:\WINDOWS\Prefetch\UNINST.EXE-038710B9.pf

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{68218620-3D65-43F6-AD47-D38D84B5412A}

Adware.180solutions/ZangoSearch
C:\Program Files\Zango\bin\10.3.37.0\HostOE.dll
C:\Program Files\Zango\bin\10.3.37.0\ZangoSAHook.dll
C:\Program Files\Zango\bin\10.3.37.0
C:\Program Files\Zango\bin
C:\Program Files\Zango
C:\DOCUMENTS AND SETTINGS\IRA.NONE-B2F9530204\DESKTOP\SETUP(2).EXE
C:\DOCUMENTS AND SETTINGS\IRA.NONE-B2F9530204\DESKTOP\SETUP.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068208.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068209.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068210.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068211.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068212.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068213.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068215.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068216.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068218.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068221.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068222.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068223.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068224.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068234.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068235.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398\A0068237.DLL
C:\WINDOWS\Prefetch\SETUP(2).EXE-2788C317.pf
C:\WINDOWS\Prefetch\SETUP.EXE-111D821D.pf

Adware.Tracking Cookie
C:\Documents and Settings\admin\Cookies\admin@2o7.txt
C:\Documents and Settings\admin\Cookies\admin@a.websponsors.txt
C:\Documents and Settings\admin\Cookies\admin@ad.yieldmanager.txt
C:\Documents and Settings\admin\Cookies\admin@adbrite.txt
C:\Documents and Settings\admin\Cookies\admin@adinterax.txt
C:\Documents and Settings\admin\Cookies\admin@adlegend.txt
C:\Documents and Settings\admin\Cookies\admin@adopt.euroclick.txt
C:\Documents and Settings\admin\Cookies\admin@adopt.specificclick.txt
C:\Documents and Settings\admin\Cookies\admin@adrevolver.txt
C:\Documents and Settings\admin\Cookies\admin@adrevolver.txt
C:\Documents and Settings\admin\Cookies\admin@ads.adbrite.txt
C:\Documents and Settings\admin\Cookies\admin@ads.addynamix.txt
C:\Documents and Settings\admin\Cookies\admin@ads.monster.txt
C:\Documents and Settings\admin\Cookies\admin@ads.pointroll.txt
C:\Documents and Settings\admin\Cookies\admin@adserve.webtoolcafe.txt
C:\Documents and Settings\admin\Cookies\admin@adserver.txt
C:\Documents and Settings\admin\Cookies\admin@adserving.autotrader.txt
C:\Documents and Settings\admin\Cookies\admin@advertising.txt
C:\Documents and Settings\admin\Cookies\admin@aff.primaryads.txt
C:\Documents and Settings\admin\Cookies\admin@anad.tacoda.txt
C:\Documents and Settings\admin\Cookies\admin@anat.tacoda.txt
C:\Documents and Settings\admin\Cookies\admin@apmebf.txt
C:\Documents and Settings\admin\Cookies\admin@atdmt.txt
C:\Documents and Settings\admin\Cookies\admin@atlassian.122.2o7.txt
C:\Documents and Settings\admin\Cookies\admin@atwola.txt
C:\Documents and Settings\admin\Cookies\admin@bluestreak.txt
C:\Documents and Settings\admin\Cookies\admin@bs.serving-sys.txt
C:\Documents and Settings\admin\Cookies\admin@burstnet.txt
C:\Documents and Settings\admin\Cookies\admin@casalemedia.txt
C:\Documents and Settings\admin\Cookies\admin@clickaider.txt
C:\Documents and Settings\admin\Cookies\admin@clickbank.txt
C:\Documents and Settings\admin\Cookies\admin@clicksor.txt
C:\Documents and Settings\admin\Cookies\admin@coolsavings.txt
C:\Documents and Settings\admin\Cookies\admin@counter2.hitslink.txt
C:\Documents and Settings\admin\Cookies\admin@cs.sexcounter.txt
C:\Documents and Settings\admin\Cookies\admin@data4.perf.overture.txt
C:\Documents and Settings\admin\Cookies\admin@doubleclick.txt
C:\Documents and Settings\admin\Cookies\admin@drivecleaner.txt
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wjkykoczacp.stats.esomniture.txt
C:\Documents and Settings\admin\Cookies\admin@edge.ru4.txt
C:\Documents and Settings\admin\Cookies\admin@ehg-bestbuy.hitbox.txt
C:\Documents and Settings\admin\Cookies\admin@ehg-mit.hitbox.txt
C:\Documents and Settings\admin\Cookies\admin@ehg-seagate.hitbox.txt
C:\Documents and Settings\admin\Cookies\admin@ehg-yahoo.hitbox.txt
C:\Documents and Settings\admin\Cookies\admin@fastclick.txt
C:\Documents and Settings\admin\Cookies\admin@hearstmagazines.112.2o7.txt
C:\Documents and Settings\admin\Cookies\admin@hitbox.txt
C:\Documents and Settings\admin\Cookies\admin@kelleybluebook.112.2o7.txt
C:\Documents and Settings\admin\Cookies\admin@lynxtrack.txt
C:\Documents and Settings\admin\Cookies\admin@media.adrevolver.txt
C:\Documents and Settings\admin\Cookies\admin@mediaplex.txt
C:\Documents and Settings\admin\Cookies\admin@microsoftgamestudio.112.2o7.txt
C:\Documents and Settings\admin\Cookies\admin@overture.txt
C:\Documents and Settings\admin\Cookies\admin@perf.overture.txt
C:\Documents and Settings\admin\Cookies\admin@prospect.adbureau.txt
C:\Documents and Settings\admin\Cookies\admin@questionmarket.txt
C:\Documents and Settings\admin\Cookies\admin@realmedia.txt
C:\Documents and Settings\admin\Cookies\admin@revsci.txt
C:\Documents and Settings\admin\Cookies\admin@richmedia.yahoo.txt
C:\Documents and Settings\admin\Cookies\admin@rotator.dex.adjuggler.txt
C:\Documents and Settings\admin\Cookies\admin@screensavers.txt
C:\Documents and Settings\admin\Cookies\admin@serving-sys.txt
C:\Documents and Settings\admin\Cookies\admin@specificclick.txt
C:\Documents and Settings\admin\Cookies\admin@spylog.txt
C:\Documents and Settings\admin\Cookies\admin@statcounter.txt
C:\Documents and Settings\admin\Cookies\admin@statse.webtrendslive.txt
C:\Documents and Settings\admin\Cookies\admin@tacoda.txt
C:\Documents and Settings\admin\Cookies\admin@thunderbolt.adjuggler.txt
C:\Documents and Settings\admin\Cookies\admin@totallybaby.advertserve.txt
C:\Documents and Settings\admin\Cookies\admin@track.bestbuy.txt
C:\Documents and Settings\admin\Cookies\admin@trafficmp.txt
C:\Documents and Settings\admin\Cookies\admin@tribal.advertserve.txt
C:\Documents and Settings\admin\Cookies\admin@tribalfusion.txt
C:\Documents and Settings\admin\Cookies\admin@www.burstbeacon.txt
C:\Documents and Settings\admin\Cookies\admin@www.burstnet.txt
C:\Documents and Settings\admin\Cookies\admin@www.drivecleaner.txt
C:\Documents and Settings\admin\Cookies\admin@www.popuptraffic.txt
C:\Documents and Settings\admin\Cookies\admin@zedo.txt
C:\Documents and Settings\Dad\Cookies\dad@2o7.txt
C:\Documents and Settings\Dad\Cookies\dad@a.tribalfusion.txt
C:\Documents and Settings\Dad\Cookies\dad@ad.yieldmanager.txt
C:\Documents and Settings\Dad\Cookies\dad@adrevolver.txt
C:\Documents and Settings\Dad\Cookies\dad@ads.pointroll.txt
C:\Documents and Settings\Dad\Cookies\dad@adserver.txt
C:\Documents and Settings\Dad\Cookies\dad@adserving.autotrader.txt
C:\Documents and Settings\Dad\Cookies\dad@adultfriendfinder.txt
C:\Documents and Settings\Dad\Cookies\dad@advertising.txt
C:\Documents and Settings\Dad\Cookies\dad@anad.tacoda.txt
C:\Documents and Settings\Dad\Cookies\dad@anat.tacoda.txt
C:\Documents and Settings\Dad\Cookies\dad@atdmt.txt
C:\Documents and Settings\Dad\Cookies\dad@bs.serving-sys.txt
C:\Documents and Settings\Dad\Cookies\dad@casalemedia.txt
C:\Documents and Settings\Dad\Cookies\dad@doubleclick.txt
C:\Documents and Settings\Dad\Cookies\dad@ehg-segaofamerica.hitbox.txt
C:\Documents and Settings\Dad\Cookies\dad@fastclick.txt
C:\Documents and Settings\Dad\Cookies\dad@flixbanner.bearshare.txt
C:\Documents and Settings\Dad\Cookies\dad@hitbox.txt
C:\Documents and Settings\Dad\Cookies\dad@media.fastclick.txt
C:\Documents and Settings\Dad\Cookies\dad@mediaplex.txt
C:\Documents and Settings\Dad\Cookies\dad@msnportal.112.2o7.txt
C:\Documents and Settings\Dad\Cookies\dad@perf.overture.txt
C:\Documents and Settings\Dad\Cookies\dad@questionmarket.txt
C:\Documents and Settings\Dad\Cookies\dad@realmedia.txt
C:\Documents and Settings\Dad\Cookies\dad@revsci.txt
C:\Documents and Settings\Dad\Cookies\dad@serving-sys.txt
C:\Documents and Settings\Dad\Cookies\dad@specificclick.txt
C:\Documents and Settings\Dad\Cookies\dad@tacoda.txt
C:\Documents and Settings\Dad\Cookies\dad@tribalfusion.txt
C:\Documents and Settings\Dad\Cookies\dad@www.clickxchange.txt
C:\Documents and Settings\Dad\Cookies\dad@zedo.txt

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\START MENU\PROGRAMS\BEARSHARE.LNK
C:\DOCUMENTS AND SETTINGS\IRA.NONE-B2F9530204\DESKTOP\BEARSHARE.LNK
C:\WINDOWS\Prefetch\BEARSHARE.EXE-2A0C795D.pf

COMBOFIX

ComboFix 08-05-09.1 - Ira 2008-05-09 21:01:17.1 - NTFSx86
Running from: C:\Documents and Settings\Ira.NONE-B2F9530204\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Natalya\Application Data\HbTools
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\1055531.sdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\819382.sdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\847519.sdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\hstat\33ba.dat
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18721
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\251949
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\258537
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\371665
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51988
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578150
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59844
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61837
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68019
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87555
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87584
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\97734
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\33ba.dat
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\country.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2reg.txt
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2reg.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte10_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte11_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte12_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte13_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte14_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte19_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte20_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte21_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\030104_emte9_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\030203lib_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102angel_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102bigluf_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102bigsmile_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102birthday_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102cheers_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102flo_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102good_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102jump_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102king_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102lough_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102luf_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102smile_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102smiled_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102sor_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102thanx_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\033102uhu_1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\040103ahh_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\040103wow_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\040104_emi2_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\042102_1134_112_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\050103big_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\050103gig_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\050103hm_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\050103nomail_emoti_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\050103norm_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema15_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema16_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema17_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema18_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema19_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema20_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema21_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema24_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema25_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema26_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema30_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema33_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\060104_ema34_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\062802hippi_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\062802jumpie_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\080402argh_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\080402oops_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\080402ouch_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\082502no_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\082502yes_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_boring1_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_confused_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_crying_ugly_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_fantastic_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_feel_better_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_gimme_break_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_heehee_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_hlopaet_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_ign_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_lol_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_no_comment_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_peace_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_smashing_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\110103_talk2thehand_prv.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\block_sm.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\block_sm2.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\block_smli.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\block_smli2.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\blocked.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\blocked2.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\btn_add-but.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\btn_back-but.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\btn_left_cut_enabled_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\btn_left_enabled_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\btn_left_pressed_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\btn_middle_enabled_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\btn_middle_pressed_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\btn_right_cut_enabled_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\btn_right_enabled_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\btn_right_pressed_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\business_promo.htm
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\buttondir.txt
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\components.cdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\css_cattree.css
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\css_flashpreview.css
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\css2_main.css
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\css2_pagingmodule.css
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\css2_topbuttons.css
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\delete.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\edit_clear_sound.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\edit_fs.htm
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\edit_select.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-543450.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-591943.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-592579.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511724-9696.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-511745-514279.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-bcards.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-ecards.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-emoticons.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-estationery.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-funny.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-help.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-images.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-info.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-more.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-my.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-new.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-new2.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-options.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-people.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-photo.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-tell.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-temp.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-text.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def-email-voice.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-def.cdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-premium-email-premium.mnu
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-t1-bg.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\email-temp-bg.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\estatationery.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\flashpreview.htm
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\fs3.htm
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\hotbar_promo.htm
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_checked_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_close_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_close_pressed_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_edit_preview.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_edit_send.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_flash_preview.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_recently_used.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_remove_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_remove_pressed_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_sand-clock2.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_tell_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_tell_pressed_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_tree_null.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_unchecked_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\icon_unchecked_pressed_1.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\img_barlayout.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\img_barlayout2.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\img_barlayout4.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\img_corner_left.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\img_local_logo.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\js2_basetemplate.js
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\js2_hbgroups.js
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\js2_hbobject3.js
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\js2_hbobjectset3.js
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\js2_hotbarwrapper.js
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\js2_iteratorsandreaders3nf.js
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\js2_pagingmoduleobj3.js
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\js2_texts3.js
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\js2_xmltree3nf.js
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\layout.cdf
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\linkpathlegal.txt
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\n.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\nav_b_2.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\nav_bb_2.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\nav_f_2.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\nav_ff_2.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\progress.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\sales_buttons.res
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\searchbtn.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\submit.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tab_bg.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tab_bga.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tab_bgia.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tab_l.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tab_la.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tab_lia.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tab_r.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tab_ra.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tab_ria.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tree_dots.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tree_minus.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\tree_plus.gif
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\treedata_animations.xml
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\treedata_backgrounds.xml
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\treedata_ecards.xml
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\treedata_emoticons.xml
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\treedata_notifiers.xml
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\1\treedata_text.xml
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\business_promo.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\buttondir.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\code.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\email-def.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\email-temp-bg.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\images.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\layout.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\localcontent.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\progress.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Natalya\Application Data\HbTools\v3.0\HostOL\static\DownLoad\treexml.xip
C:\WINDOWS\system32\jpskgwhu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qrsru.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-09 19:06 . 2008-05-09 19:06 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-05-09 19:05 . 2008-05-09 19:05 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-05-09 19:05 . 2008-05-09 19:05 <DIR> d----c--- C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\SUPERAntiSpyware.com
2008-05-09 18:58 . 2008-05-09 18:58 <DIR> d----c--- C:\Program Files\CCleaner
2008-04-10 17:01 . 2008-04-10 17:03 <DIR> d----c--- C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ZoomBrowser EX
2008-04-10 16:58 . 2008-04-10 16:58 <DIR> d----c--- C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\CANON INC
2008-04-10 16:58 . 2008-04-10 17:01 <DIR> d----c--- C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\CameraWindowDC
2008-04-10 16:46 . 2008-04-10 16:46 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\ZoomBrowser
2008-04-10 16:45 . 2008-04-10 16:56 <DIR> d----c--- C:\Program Files\Canon
2008-04-10 16:44 . 2008-04-10 16:44 <DIR> d----c--- C:\Program Files\Common Files\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 03:57 --------- dc----w C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\OpenOffice.org2
2008-05-10 02:05 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 23:36 --------- dc----w C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\AVG7
2008-05-05 13:44 --------- dc----w C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\Blackberry Desktop
2008-05-03 01:59 --------- dc-h--w C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\ijjigame
2008-05-03 01:57 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-03-31 15:14 --------- dc----w C:\Documents and Settings\Ira.NONE-B2F9530204\Application Data\Sony Corporation
2008-03-29 22:56 --------- dc----w C:\Program Files\Sony
2008-03-25 01:24 --------- dc----w C:\Documents and Settings\admin\Application Data\AVG7
2008-03-19 09:47 1,845,248 -c--a-w C:\WINDOWS\system32\win32k.sys
2008-02-21 01:57 54,608 -c--a-w C:\WINDOWS\system32\xfcodec.dll
2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 -c--a-w C:\WINDOWS\system32\wininet.dll
2007-05-16 07:51 5,632 -csha-w C:\Program Files\Thumbs.db
2002-09-12 22:02 819,200 -c--a-w C:\Program Files\SAFlashPlayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:36 579584]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 12:43 228088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-22 08:27 219136]

C:\Documents and Settings\Ira.NONE-B2F9530204\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 17:45:48 393216]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Natalya\\My Documents\\111\\empires2.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Microsoft Games\\Dungeon Siege\\dungeonsiege.exe"=
"C:\\Program Files\\Microsoft Games\\Dungeon Siege\\DSLOA.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Documents and Settings\\Ira.NONE-B2F9530204\\My Documents\\Ira's Pictures\\My Pictures\\Signs&&People\\Graphics\\Age Of Empires\\empires2.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Ira.NONE-B2F9530204\\My Documents\\WoW-2.0.0-enUS-Installer-downloader.exe"=
"C:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2002-06-10 14:20]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 14:21]
S3 LVVI500A;LVVI500A Service;C:\WINDOWS\system32\DRIVERS\lvvi500a.sys [2002-06-10 14:24]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 11:24]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 21:12:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-09 21:18:51
ComboFix-quarantined-files.txt 2008-05-10 04:18:47

Pre-Run: 4,568,190,976 bytes free
Post-Run: 4,945,866,752 bytes free

494 --- E O F --- 2008-04-11 10:06:44

kprincess
New Member

Date Joined May 2008
Total Posts : 5

Posted 5-10-2008 6:43 (GMT +2)

thank you in advance, you guys are great!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 5-10-2008 6:47 (GMT +2)

Hello

Looks clean to Me. How are things running ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

kprincess
New Member

Date Joined May 2008
Total Posts : 5

Posted 5-10-2008 7:04 (GMT +2)

hmm, kind of slow, but that's probably just my crap computer.
I don't know. earlier I jumped on and AVG said that there was some kind of trojan swimming around in there and avg never finished scanning, so I never deleted anything from that program..
but I guess if you don't see anything, it should be okay

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 5-10-2008 7:19 (GMT +2)

It looks okay smile

However, I suggest you run drweb -just to be sure:

Download DrWebCureit:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the "drweb-cureit.exe" and click "Start" in the prompt window that will open , asking "start the express scan now".

It will first make a quick scan of your system, let it clean what it find, and when it says "done"

Click on the Options->Change settings.

Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Rename

Click – Apply - OK

Click on Scan Tab. Move dot from Express scan to Complete Scan. Click on The Green arrow to the right. It will now scan your drive(s), say yes to all

After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Post drweb log, and tell if there improvements ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

kprincess
New Member

Date Joined May 2008
Total Posts : 5

Posted 5-10-2008 9:59 (GMT +2)

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.1.3;Probably BACKDOOR.Trojan;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1;Probably BACKDOOR.Trojan;;
02EA6B56.dll;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Virtumod.223;Deleted.;
1A0804F7.exe;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
22E92B32.exe;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Click.715;Deleted.;
287C570F.exe;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.Winad;Renamed.;
39782FBE.exe;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.SaveNow;Renamed.;
4D3020C0.dll;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Virtumod;Deleted.;
5634507B.exe\data001;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\5634507B.exe;Adware.PeerNet;;
5634507B.exe;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
621D1DBC.jpg;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DnsChange;Deleted.;
64110A6F.dll;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Virtumod.223;Deleted.;
7B6D37CA.tmp;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.BetterInternet;Renamed.;
7B7A5FBB.exe\data001;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\7B7A5FBB.exe;Adware.PeerNet;;
7B7A5FBB.exe;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
7B7A5FBB.tmp;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.nCase;Renamed.;
7B7D09B8.exe;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.SaveNow;Renamed.;
7B8033B4.fr8;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.Winad;Renamed.;
RunMSC.dll;C:\Program Files\BearShare;Adware.SearchAid.40;Renamed.;
A0068206.dll;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP398;Adware.Shoper;Renamed.;
A0068588.dll;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP402;Adware.Shoper;Renamed.;
A0068592.exe\data001;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP402\A0068592.exe;Adware.Zango;;
A0068592.exe;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP402;Archive contains infected objects;Moved.;
A0068593.exe\data001;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP402\A0068593.exe;Adware.Zango;;
A0068593.exe;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP402;Archive contains infected objects;Moved.;
A0068707.bat;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Probably SCRIPT.Virus;;
A0069601.dll;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Trojan.Virtumod.223;Deleted.;
A0069602.exe;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Trojan.Swizzor;Deleted.;
A0069603.exe;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Trojan.Click.715;Deleted.;
A0069604.exe;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Adware.Winad;Renamed.;
A0069605.exe;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Adware.SaveNow;Renamed.;
A0069606.dll;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Trojan.Virtumod;Deleted.;
A0069607.exe\data001;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403\A0069607.exe;Adware.PeerNet;;
A0069607.exe;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Archive contains infected objects;Moved.;
A0069608.dll;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Trojan.Virtumod.223;Deleted.;
A0069609.exe\data001;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403\A0069609.exe;Adware.PeerNet;;
A0069609.exe;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Archive contains infected objects;Moved.;
A0069610.exe;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Adware.SaveNow;Renamed.;
A0069616.dll;C:\System Volume Information\_restore{D5D44FD0-B0A6-4D7D-9048-6D1FCD5C502C}\RP403;Adware.SearchAid.40;Renamed.;
aypdhfqd.dll.bad;C:\VundoFix Backups;BackDoor.Iterator;Deleted.;

found some stuff?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 5-11-2008 5:39 (GMT +2)

I need feedback on how things are running ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

kprincess
New Member

Date Joined May 2008
Total Posts : 5

Posted 5-17-2008 5:44 (GMT +2)

it's a lot slower now.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 5-17-2008 1:22 (GMT +2)

Ok.

Please post new hijackthis log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Monday, September 08, 2008 3:09 AM (GMT +2)
There are a total of 61.872 posts in 15.440 threads.
In the last 3 days there were 16 new threads and 64 reply posts. View Active Threads