Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby lynch1013 » May 1st, 2009, 10:49 am

Onecare live scan found W32\Hiloti!A Trojan infected files are windows\coctine.dll and windows\azaqehexopakenup.dll. Tried deleting did not work, just came back.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:57 AM, on 5/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Exterminate It!\ExterminateIt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CooperativeAdvertiser - {1BD2970F-9DB9-F23A-1AEF-71A27DE17CAF} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Kxowudoray] rundll32.exe "C:\WINDOWS\azaqehexopakenup.dll",e
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8351179304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8363263671
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 7776 bytes
lynch1013
Active Member
 
Posts: 7
Joined: May 1st, 2009, 10:24 am
Advertisement
Register to Remove

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby Shaba » May 3rd, 2009, 2:56 am

Hi lynch1013

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby lynch1013 » May 6th, 2009, 2:17 am

Sorry I went away for a few days.
Ok ran combfix here's txt

ComboFix 09-05-05.03 - Garry 05/05/2009 22:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.283 [GMT -7:00]
Running from: c:\documents and settings\Garry\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Garry\Application Data\0200000087d34525573C.manifest
c:\documents and settings\Garry\Application Data\0200000087d34525573O.manifest
c:\documents and settings\Garry\Application Data\0200000087d34525573P.manifest
c:\documents and settings\Garry\Application Data\0200000087d34525573S.manifest
c:\documents and settings\Liddy\Application Data\0200000087d34525573C.manifest
c:\documents and settings\Liddy\Application Data\0200000087d34525573O.manifest
c:\documents and settings\Liddy\Application Data\0200000087d34525573P.manifest
c:\documents and settings\Liddy\Application Data\0200000087d34525573S.manifest
c:\documents and settings\Liddy\Application Data\FunWebProducts
c:\documents and settings\Liddy\Application Data\FunWebProducts\Data\Liddy\avatar.dat
c:\documents and settings\Liddy\Application Data\FunWebProducts\Data\Liddy\zbucks.dat
c:\documents and settings\Liddy\Application Data\FunWebProducts\Data\Liddy\zevents.dat
c:\documents and settings\siSTy\Application Data\0200000087d34525573C.manifest
c:\documents and settings\siSTy\Application Data\0200000087d34525573O.manifest
c:\documents and settings\siSTy\Application Data\0200000087d34525573P.manifest
c:\documents and settings\siSTy\Application Data\0200000087d34525573S.manifest
c:\documents and settings\siSTy\Application Data\FunWebProducts
c:\documents and settings\siSTy\Application Data\FunWebProducts\Data\siSTy\avatar.dat
c:\documents and settings\siSTy\Application Data\FunWebProducts\Data\siSTy\zbucks.dat
c:\documents and settings\siSTy\Application Data\FunWebProducts\Data\siSTy\zevents.dat
c:\windows\coctine.dll
c:\windows\oraxopakenupiy.dll
c:\windows\system32\Cache
c:\windows\system32\GroupPolicy000.dat
c:\windows\wmlib42c.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-05-06 06:00 . 2009-05-06 06:00 -------- d-----w c:\documents and settings\LocalService\Application Data\McAfee
2009-05-01 14:19 . 2009-05-01 14:19 -------- d-----w c:\program files\Trend Micro
2009-05-01 12:04 . 2009-05-01 16:27 -------- d-----w c:\program files\Exterminate It!
2009-05-01 05:56 . 2009-05-01 10:05 -------- d-----w c:\documents and settings\Garry\Tracing
2009-05-01 04:51 . 2009-05-01 10:13 -------- d-----w c:\program files\Windows Live Safety CenterRebootActions
2009-05-01 04:43 . 2009-02-07 01:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-05-01 04:42 . 2009-05-01 04:42 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-01 04:41 . 2006-11-29 20:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-01 04:40 . 2009-05-01 04:40 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-01 04:38 . 2009-05-01 04:38 -------- d-----w c:\program files\Microsoft
2009-05-01 04:37 . 2009-05-01 04:37 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-01 04:36 . 2009-05-01 04:43 -------- d-----w c:\program files\Windows Live
2009-05-01 02:40 . 2009-05-01 02:40 -------- d-----w c:\windows\system32\XPSViewer
2009-05-01 02:40 . 2009-05-01 02:40 -------- d-----w c:\program files\MSBuild
2009-05-01 02:39 . 2009-05-01 02:39 -------- d-----w c:\program files\Reference Assemblies
2009-05-01 02:37 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-01 02:37 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-01 02:37 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-01 02:37 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-01 02:37 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-01 02:37 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-01 02:37 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-01 02:37 . 2009-05-01 02:39 -------- d-----w C:\3371d1fb6d0a7c560a58718e
2009-05-01 01:50 . 2009-05-01 10:13 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-30 21:05 . 2009-04-30 21:21 -------- d-----w c:\documents and settings\Liddy\Application Data\LimeWire
2009-04-30 20:34 . 2009-04-30 20:34 -------- d-----w c:\documents and settings\hoes\Application Data\Windows Search
2009-04-30 20:31 . 2009-04-30 20:31 -------- d-----w c:\documents and settings\hoes\Local Settings\Application Data\Identities
2009-04-30 20:18 . 2009-04-30 20:18 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-30 20:17 . 2009-04-30 20:17 13104 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 20:12 . 2009-04-30 20:12 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-30 19:26 . 2009-04-30 19:26 -------- d-----w c:\documents and settings\Administrator\Application Data\Windows Search
2009-04-30 19:13 . 2009-04-30 19:21 -------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-04-30 19:13 . 2009-04-30 21:32 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-30 18:55 . 2009-04-30 18:55 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-30 18:48 . 2009-04-30 18:48 -------- d-----w c:\documents and settings\Administrator\Application Data\MySpace
2009-04-30 18:30 . 2006-02-28 12:00 8704 ----a-w c:\windows\system32\infoctrs.dll
2009-04-30 18:30 . 2006-02-28 12:00 56320 ----a-w c:\windows\system32\convlog.exe
2009-04-30 18:30 . 2006-02-28 12:00 6144 ----a-w c:\windows\system32\admxprox.dll
2009-04-30 18:30 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\simptcp.dll
2009-04-30 18:28 . 2009-04-30 18:28 -------- d-----w c:\windows\system32\msmq
2009-04-30 18:27 . 2009-04-30 18:32 -------- d-----w C:\Inetpub
2009-04-30 18:18 . 2009-04-30 18:18 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-04-30 07:23 . 2009-04-30 07:23 -------- d-----w c:\documents and settings\Liddy\Application Data\alot
2009-04-29 23:53 . 2009-04-29 23:53 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Yahoo
2009-04-29 22:41 . 2009-04-29 22:41 -------- d-----w c:\documents and settings\siSTy\Application Data\U3
2009-04-29 07:47 . 2009-04-29 07:47 -------- d-sh--w c:\windows\ftpcache
2009-04-29 07:34 . 2009-04-29 07:47 -------- d-----w c:\program files\ThisIsVegas
2009-04-28 19:11 . 2009-04-28 19:13 -------- d-----w c:\documents and settings\siSTy\Application Data\VTExtra
2009-04-28 19:08 . 2009-04-28 19:11 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\VTShared
2009-04-28 19:08 . 2009-04-28 19:10 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\GoldenCasino
2009-04-28 19:08 . 2009-04-28 19:08 -------- d-----w c:\documents and settings\siSTy\Application Data\InstallShield
2009-04-28 19:04 . 2009-04-29 07:19 -------- d-----w c:\documents and settings\All Users\Application Data\MGS
2009-04-28 19:04 . 2009-04-28 19:04 -------- d-----w c:\documents and settings\All Users\Application Data\Microgaming
2009-04-28 19:04 . 2009-04-28 19:04 -------- d-----w C:\MicroGaming
2009-04-27 22:30 . 2009-04-30 02:48 -------- d-----w c:\documents and settings\siSTy\Application Data\alot
2009-04-24 06:14 . 2009-04-24 06:14 -------- d-sh--w c:\documents and settings\hoes\PrivacIE
2009-04-24 06:14 . 2009-04-24 06:14 -------- d-----w c:\documents and settings\hoes\Application Data\Yahoo!
2009-04-24 06:14 . 2009-04-24 06:14 127 ----a-w c:\documents and settings\hoes\Local Settings\Application Data\fusioncache.dat
2009-04-24 06:13 . 2009-04-24 06:13 13104 ----a-w c:\documents and settings\hoes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 06:13 . 2009-04-24 06:13 -------- d-----w c:\documents and settings\hoes\Application Data\McAfee
2009-04-24 06:13 . 2009-04-30 06:51 -------- d-----w c:\documents and settings\hoes\Local Settings\Application Data\ApplicationHistory
2009-04-24 02:09 . 2009-04-27 02:10 -------- d-----w c:\documents and settings\All Users\Application Data\FaceOnBody
2009-04-24 02:09 . 2009-04-27 02:10 -------- d-----w c:\program files\FaceOnBody
2009-04-23 06:35 . 2009-04-23 06:35 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\{6286D04A-9110-4BD7-A62E-A78FBB29DC38}
2009-04-22 06:35 . 2009-04-22 06:35 -------- d-----w c:\documents and settings\Garry\Local Settings\Application Data\{95F5F18D-D209-4F1D-887A-2AF430F2DD0F}
2009-04-19 22:19 . 2009-04-19 22:19 -------- d-----w c:\documents and settings\Garry\Application Data\Windows Search
2009-04-18 13:00 . 2009-04-18 13:04 -------- dc-h--w c:\windows\ie8
2009-04-17 05:39 . 2009-04-17 05:39 128 ----a-w c:\documents and settings\Liddy\Local Settings\Application Data\fusioncache.dat
2009-04-16 23:55 . 2009-04-16 23:55 81920 ----a-w c:\windows\ALCFDRTM.EXE
2009-04-16 23:15 . 2009-04-16 23:15 -------- d-----w c:\documents and settings\siSTy\Application Data\Unity
2009-04-16 23:10 . 2009-04-16 23:10 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Unity
2009-04-16 23:10 . 2009-04-16 23:10 -------- d-----w c:\program files\Unity
2009-04-16 22:21 . 2009-04-16 22:21 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-16 06:01 . 2009-04-16 06:01 -------- d-----w c:\documents and settings\Liddy\Application Data\McAfee
2009-04-16 06:00 . 2009-04-30 17:53 -------- d-----w c:\documents and settings\Liddy\Local Settings\Application Data\ApplicationHistory
2009-04-15 17:02 . 2009-04-15 17:02 128 ----a-w c:\documents and settings\siSTy\Local Settings\Application Data\fusioncache.dat
2009-04-15 14:18 . 2009-04-15 14:18 128 ----a-w c:\documents and settings\Garry\Local Settings\Application Data\fusioncache.dat
2009-04-15 14:18 . 2009-05-06 06:04 -------- d-----w c:\documents and settings\Garry\Local Settings\Application Data\ApplicationHistory
2009-04-15 13:31 . 2009-04-15 14:19 -------- d-----w c:\documents and settings\Garry\Application Data\McAfee
2009-04-15 08:04 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:04 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:04 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 08:04 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:04 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:04 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:04 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:04 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:04 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:03 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 08:03 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 02:02 . 2009-04-15 02:02 -------- d-sh--w c:\documents and settings\Garry\PrivacIE
2009-04-14 19:24 . 2009-04-14 19:24 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-14 18:25 . 2006-03-03 15:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-04-14 18:19 . 2007-12-02 19:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-04-14 18:19 . 2007-11-22 13:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-04-14 18:19 . 2007-11-22 13:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-04-14 18:19 . 2007-07-13 13:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-04-14 18:18 . 2009-04-14 18:18 -------- d-----w c:\program files\McAfee.com
2009-04-14 18:18 . 2009-04-14 18:19 -------- d-----w c:\program files\Common Files\McAfee
2009-04-14 18:18 . 2009-04-16 23:28 -------- d-----w c:\program files\McAfee
2009-04-14 08:21 . 2009-04-15 17:02 -------- d-----w c:\documents and settings\siSTy\Application Data\McAfee
2009-04-14 01:59 . 2009-04-21 22:53 -------- d-----w c:\documents and settings\Liddy\Local Settings\Application Data\Apple Computer
2009-04-13 02:44 . 2009-04-13 02:44 -------- d-----w c:\documents and settings\siSTy\Application Data\Windows Search
2009-04-12 22:41 . 2009-04-12 22:41 -------- d-sh--w c:\documents and settings\siSTy\PrivacIE
2009-04-12 21:11 . 2009-04-19 19:27 -------- d-----w c:\documents and settings\Garry\Local Settings\Application Data\Apple Computer
2009-04-12 20:43 . 2009-04-27 06:36 -------- d-----w c:\documents and settings\siSTy\Application Data\Apple Computer
2009-04-12 20:42 . 2009-03-19 23:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-12 20:42 . 2008-04-17 19:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-12 20:42 . 2009-04-12 20:42 -------- d-----w c:\program files\iPod
2009-04-12 20:42 . 2009-04-12 20:42 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-12 20:42 . 2009-04-12 20:42 -------- d-----w c:\program files\iTunes
2009-04-12 20:41 . 2009-04-12 20:41 -------- d-----w c:\program files\Bonjour
2009-04-12 20:41 . 2009-04-12 20:41 -------- d-----w c:\program files\QuickTime
2009-04-12 20:41 . 2009-04-12 20:42 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-12 20:40 . 2009-04-12 20:40 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Apple
2009-04-12 20:40 . 2009-04-12 20:40 -------- d-----w c:\program files\Apple Software Update
2009-04-12 20:40 . 2009-04-12 20:42 -------- d-----w c:\program files\Common Files\Apple
2009-04-12 20:40 . 2009-04-12 20:40 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-12 20:39 . 2009-04-18 11:17 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Apple Computer
2009-04-12 18:36 . 2009-04-12 18:36 -------- d-sh--w c:\documents and settings\Liddy\PrivacIE
2009-04-12 04:45 . 2009-04-12 04:45 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-12 04:44 . 2009-04-12 04:44 -------- d-sh--w c:\documents and settings\Garry\IETldCache
2009-04-12 00:56 . 2009-04-12 00:56 -------- d-sh--w c:\documents and settings\siSTy\IETldCache
2009-04-12 00:07 . 2009-04-12 00:07 -------- d-sh--w c:\documents and settings\Liddy\IETldCache
2009-04-11 05:30 . 2009-04-18 13:05 -------- d-----w c:\windows\ie8updates

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 05:55 . 2009-03-30 00:41 13688 ----a-w c:\documents and settings\Garry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 20:44 . 2006-02-28 12:00 144384 ----a-w c:\windows\azaqehexopakenup.dll
2009-04-30 08:49 . 2009-03-30 23:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-30 08:48 . 2009-04-04 07:49 -------- d-----w c:\program files\Oberon Media
2009-04-29 21:01 . 2009-03-30 11:31 -------- d-----w c:\program files\LimeWire
2009-04-28 19:08 . 2009-03-29 18:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 21:25 . 2009-04-05 21:25 615 ----a-w c:\windows\system32\Z84xvpU.vbs
2009-04-05 06:18 . 2009-03-29 18:11 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-05 01:14 . 2009-04-05 01:14 615 ----a-w c:\windows\system32\CB4fzCu.vbs
2009-04-04 07:49 . 2009-04-04 07:49 -------- d-----w c:\program files\Common Files\Oberon Media
2009-04-04 07:49 . 2009-04-04 07:49 -------- d-----w c:\program files\Chill
2009-04-02 05:32 . 2009-04-02 05:31 -------- d-----w c:\program files\Yahoo!
2009-03-30 23:24 . 2009-03-30 11:31 -------- d-----w c:\program files\Java
2009-03-30 03:57 . 2009-03-30 03:57 -------- d-----w c:\program files\support.com
2009-03-30 03:56 . 2009-03-30 03:56 -------- d-----w c:\program files\Common Files\SupportSoft
2009-03-30 03:48 . 2009-03-29 20:05 -------- d-----w c:\program files\Network Associates
2009-03-29 20:05 . 2009-03-29 20:05 -------- d-----w c:\program files\Common Files\Cisco Systems
2009-03-29 19:55 . 2009-03-29 19:55 0 ----a-w c:\windows\nsreg.dat
2009-03-29 19:52 . 2009-03-29 19:52 -------- d-----w c:\program files\CyberLink
2009-03-29 19:52 . 2009-03-29 18:21 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-29 18:31 . 2009-03-29 18:31 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-03-29 18:31 . 2009-03-29 18:31 -------- d-----w c:\program files\SystemRequirementsLab
2009-03-29 18:21 . 2009-03-29 18:21 -------- d-----w c:\program files\Realtek
2009-03-29 18:21 . 2009-03-29 18:21 315392 ----a-w c:\windows\HideWin.exe
2009-03-29 18:20 . 2009-03-29 18:20 -------- d-----w c:\program files\Intel
2009-03-29 18:20 . 2009-03-29 18:20 4608 ----a-w c:\windows\system32\PCIUtil.sys
2009-03-29 18:13 . 2009-03-29 18:13 -------- d-----w c:\program files\microsoft frontpage
2009-03-29 18:12 . 2006-02-28 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-29 18:09 . 2009-03-29 18:09 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-09 12:19 . 2009-03-30 11:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2006-02-28 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2006-02-28 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2006-02-28 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2006-02-28 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2006-02-28 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2006-02-28 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2006-02-28 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2006-02-28 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2006-02-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-12 09:00 . 2009-03-29 18:40 36352 ------w C:\WGASetup.exe
2009-02-09 12:10 . 2006-02-28 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2006-02-28 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2006-02-28 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2006-02-28 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2006-02-28 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 02:03 . 2009-02-07 02:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-07 01:52 . 2009-02-07 01:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2006-02-28 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2006-02-28 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2006-02-28 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"Kxowudoray"="c:\windows\azaqehexopakenup.dll" [2009-04-30 144384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Garry^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Garry\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/30/2009 9:43 PM 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/29/2009 11:22 AM 547744]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-14 20:32]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-14 20:32]

2009-05-06 c:\windows\Tasks\User_Feed_Synchronization-{B315AF5C-FD06-425B-B081-FED34C0F3250}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

2009-05-06 c:\windows\Tasks\User_Feed_Synchronization-{C4EEECEF-397D-47BC-9622-B070F920CECF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-A00F3CE6D - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Garry\Application Data\Mozilla\Firefox\Profiles\nxur4pjx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=
FF - plugin: c:\documents and settings\Garry\Application Data\Mozilla\Firefox\Profiles\nxur4pjx.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 23:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2060)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\searchindexer.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-05-06 23:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-06 06:09

Pre-Run: 22,502,514,688 bytes free
Post-Run: 22,493,204,480 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

366 --- E O F --- 2009-05-01 11:15
lynch1013
Active Member
 
Posts: 7
Joined: May 1st, 2009, 10:24 am

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby lynch1013 » May 6th, 2009, 2:20 am

Sorry here is hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:21 PM, on 5/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8351179304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8363263671
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 7231 bytes
lynch1013
Active Member
 
Posts: 7
Joined: May 1st, 2009, 10:24 am

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby Shaba » May 6th, 2009, 2:39 am

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby lynch1013 » May 6th, 2009, 2:45 pm

uninstall txt

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Apple Mobile Device Support
Apple Software Update
Bonjour
Casino Classic
Choice Guard
Comcast High-Speed Internet Install Wizard
Critical Update for Windows Media Player 11 (KB959772)
Exterminate It!
FaceOnBody
Golden Riviera Casino
GoldenCasino
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 11.2.0.69
iTunes
Java(TM) 6 Update 13
Jewel Quest Mysteries
Junk Mail filter update
LimeWire 5.1.2
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.10)
MSVCRT
MySpaceIM
Next Generation Visualisations
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SweetIM for Messenger 2.6
System Requirements Lab
The Treasures of Mystery Island
This Is Vegas
Unity Web Player
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar
lynch1013
Active Member
 
Posts: 7
Joined: May 1st, 2009, 10:24 am

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby Shaba » May 6th, 2009, 2:55 pm

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.1.2


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall log scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby lynch1013 » May 8th, 2009, 6:45 am

After uninstall new log


Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Apple Mobile Device Support
Apple Software Update
Bonjour
Casino Classic
Choice Guard
Comcast High-Speed Internet Install Wizard
Critical Update for Windows Media Player 11 (KB959772)
Exterminate It!
FaceOnBody
Golden Riviera Casino
GoldenCasino
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 11.2.0.69
iTunes
Java(TM) 6 Update 13
Jewel Quest Mysteries
Junk Mail filter update
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.10)
MSVCRT
MySpaceIM
Next Generation Visualisations
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SweetIM for Messenger 2.6
System Requirements Lab
The Treasures of Mystery Island
This Is Vegas
Unity Web Player
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar
lynch1013
Active Member
 
Posts: 7
Joined: May 1st, 2009, 10:24 am

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby Shaba » May 8th, 2009, 7:29 am

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\windows\azaqehexopakenup.dll
c:\windows\system32\Z84xvpU.vbs
c:\windows\system32\CB4fzCu.vbs

Folder::
c:\documents and settings\Liddy\Application Data\LimeWire
c:\program files\LimeWire

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
Driver::



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby lynch1013 » May 8th, 2009, 8:24 am

ok created txt and ran scan


ComboFix 09-05-07.A0 - Garry 05/08/2009 4:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.220 [GMT -7:00]
Running from: c:\documents and settings\Garry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Garry\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

FILE ::
c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\windows\azaqehexopakenup.dll
c:\windows\system32\CB4fzCu.vbs
c:\windows\system32\Z84xvpU.vbs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\documents and settings\Liddy\Application Data\LimeWire
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid1092.log
c:\program files\LimeWire\hs_err_pid1204.log
c:\program files\LimeWire\hs_err_pid12524.log
c:\program files\LimeWire\hs_err_pid1736.log
c:\program files\LimeWire\hs_err_pid1768.log
c:\program files\LimeWire\hs_err_pid1828.log
c:\program files\LimeWire\hs_err_pid1980.log
c:\program files\LimeWire\hs_err_pid1992.log
c:\program files\LimeWire\hs_err_pid2112.log
c:\program files\LimeWire\hs_err_pid2120.log
c:\program files\LimeWire\hs_err_pid2432.log
c:\program files\LimeWire\hs_err_pid2620.log
c:\program files\LimeWire\hs_err_pid2700.log
c:\program files\LimeWire\hs_err_pid2824.log
c:\program files\LimeWire\hs_err_pid3408.log
c:\program files\LimeWire\hs_err_pid3588.log
c:\program files\LimeWire\hs_err_pid3664.log
c:\program files\LimeWire\hs_err_pid3892.log
c:\program files\LimeWire\hs_err_pid4020.log
c:\program files\LimeWire\hs_err_pid4052.log
c:\program files\LimeWire\hs_err_pid4180.log
c:\program files\LimeWire\hs_err_pid5284.log
c:\program files\LimeWire\hs_err_pid5376.log
c:\program files\LimeWire\hs_err_pid5384.log
c:\program files\LimeWire\hs_err_pid5836.log
c:\program files\LimeWire\hs_err_pid608.log
c:\program files\LimeWire\hs_err_pid7904.log
c:\windows\system32\CB4fzCu.vbs
c:\windows\system32\Z84xvpU.vbs

.
((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.

2009-05-06 06:00 . 2009-05-06 06:00 -------- d-----w c:\documents and settings\LocalService\Application Data\McAfee
2009-05-01 14:19 . 2009-05-01 14:19 -------- d-----w c:\program files\Trend Micro
2009-05-01 12:04 . 2009-05-06 07:48 -------- d-----w c:\program files\Exterminate It!
2009-05-01 05:56 . 2009-05-01 10:05 -------- d-----w c:\documents and settings\Garry\Tracing
2009-05-01 04:51 . 2009-05-01 10:13 -------- d-----w c:\program files\Windows Live Safety CenterRebootActions
2009-05-01 04:43 . 2009-02-07 01:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-05-01 04:42 . 2009-05-01 04:42 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-01 04:41 . 2006-11-29 20:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-01 04:40 . 2009-05-01 04:40 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-01 04:38 . 2009-05-01 04:38 -------- d-----w c:\program files\Microsoft
2009-05-01 04:37 . 2009-05-01 04:37 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-01 04:36 . 2009-05-01 04:43 -------- d-----w c:\program files\Windows Live
2009-05-01 02:40 . 2009-05-01 02:40 -------- d-----w c:\windows\system32\XPSViewer
2009-05-01 02:40 . 2009-05-01 02:40 -------- d-----w c:\program files\MSBuild
2009-05-01 02:39 . 2009-05-01 02:39 -------- d-----w c:\program files\Reference Assemblies
2009-05-01 02:37 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-01 02:37 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-01 02:37 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-01 02:37 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-01 02:37 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-01 02:37 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-01 02:37 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-01 02:37 . 2009-05-01 02:39 -------- d-----w C:\3371d1fb6d0a7c560a58718e
2009-05-01 01:50 . 2009-05-06 06:28 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-30 20:34 . 2009-04-30 20:34 -------- d-----w c:\documents and settings\hoes\Application Data\Windows Search
2009-04-30 20:31 . 2009-04-30 20:31 -------- d-----w c:\documents and settings\hoes\Local Settings\Application Data\Identities
2009-04-30 20:18 . 2009-04-30 20:18 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-30 20:12 . 2009-04-30 20:12 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-30 19:26 . 2009-04-30 19:26 -------- d-----w c:\documents and settings\Administrator\Application Data\Windows Search
2009-04-30 19:13 . 2009-04-30 19:21 -------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-04-30 19:13 . 2009-04-30 21:32 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-30 18:55 . 2009-04-30 18:55 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-30 18:48 . 2009-04-30 18:48 -------- d-----w c:\documents and settings\Administrator\Application Data\MySpace
2009-04-30 18:30 . 2006-02-28 12:00 8704 ----a-w c:\windows\system32\infoctrs.dll
2009-04-30 18:30 . 2006-02-28 12:00 56320 ----a-w c:\windows\system32\convlog.exe
2009-04-30 18:30 . 2006-02-28 12:00 6144 ----a-w c:\windows\system32\admxprox.dll
2009-04-30 18:30 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\simptcp.dll
2009-04-30 18:28 . 2009-04-30 18:28 -------- d-----w c:\windows\system32\msmq
2009-04-30 18:27 . 2009-04-30 18:32 -------- d-----w C:\Inetpub
2009-04-30 18:18 . 2009-04-30 18:18 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-04-30 07:23 . 2009-04-30 07:23 -------- d-----w c:\documents and settings\Liddy\Application Data\alot
2009-04-29 23:53 . 2009-04-29 23:53 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Yahoo
2009-04-29 22:41 . 2009-04-29 22:41 -------- d-----w c:\documents and settings\siSTy\Application Data\U3
2009-04-29 07:47 . 2009-04-29 07:47 -------- d-sh--w c:\windows\ftpcache
2009-04-29 07:34 . 2009-04-29 07:47 -------- d-----w c:\program files\ThisIsVegas
2009-04-28 19:11 . 2009-04-28 19:13 -------- d-----w c:\documents and settings\siSTy\Application Data\VTExtra
2009-04-28 19:08 . 2009-04-28 19:11 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\VTShared
2009-04-28 19:08 . 2009-04-28 19:10 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\GoldenCasino
2009-04-28 19:08 . 2009-04-28 19:08 -------- d-----w c:\documents and settings\siSTy\Application Data\InstallShield
2009-04-28 19:04 . 2009-04-29 07:19 -------- d-----w c:\documents and settings\All Users\Application Data\MGS
2009-04-28 19:04 . 2009-04-28 19:04 -------- d-----w c:\documents and settings\All Users\Application Data\Microgaming
2009-04-28 19:04 . 2009-04-28 19:04 -------- d-----w C:\MicroGaming
2009-04-27 22:30 . 2009-04-30 02:48 -------- d-----w c:\documents and settings\siSTy\Application Data\alot
2009-04-24 06:14 . 2009-04-24 06:14 -------- d-sh--w c:\documents and settings\hoes\PrivacIE
2009-04-24 06:14 . 2009-04-24 06:14 -------- d-----w c:\documents and settings\hoes\Application Data\Yahoo!
2009-04-24 06:14 . 2009-04-24 06:14 127 ----a-w c:\documents and settings\hoes\Local Settings\Application Data\fusioncache.dat
2009-04-24 06:13 . 2009-04-24 06:13 13104 ----a-w c:\documents and settings\hoes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 06:13 . 2009-04-24 06:13 -------- d-----w c:\documents and settings\hoes\Application Data\McAfee
2009-04-24 06:13 . 2009-04-30 06:51 -------- d-----w c:\documents and settings\hoes\Local Settings\Application Data\ApplicationHistory
2009-04-24 02:09 . 2009-04-27 02:10 -------- d-----w c:\documents and settings\All Users\Application Data\FaceOnBody
2009-04-24 02:09 . 2009-04-27 02:10 -------- d-----w c:\program files\FaceOnBody
2009-04-23 06:35 . 2009-04-23 06:35 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\{6286D04A-9110-4BD7-A62E-A78FBB29DC38}
2009-04-22 06:35 . 2009-04-22 06:35 -------- d-----w c:\documents and settings\Garry\Local Settings\Application Data\{95F5F18D-D209-4F1D-887A-2AF430F2DD0F}
2009-04-19 22:19 . 2009-04-19 22:19 -------- d-----w c:\documents and settings\Garry\Application Data\Windows Search
2009-04-18 13:00 . 2009-04-18 13:04 -------- dc-h--w c:\windows\ie8
2009-04-17 05:39 . 2009-04-17 05:39 128 ----a-w c:\documents and settings\Liddy\Local Settings\Application Data\fusioncache.dat
2009-04-16 23:55 . 2009-04-16 23:55 81920 ----a-w c:\windows\ALCFDRTM.EXE
2009-04-16 23:15 . 2009-04-16 23:15 -------- d-----w c:\documents and settings\siSTy\Application Data\Unity
2009-04-16 23:10 . 2009-04-16 23:10 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Unity
2009-04-16 23:10 . 2009-04-16 23:10 -------- d-----w c:\program files\Unity
2009-04-16 22:21 . 2009-04-16 22:21 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-16 06:01 . 2009-04-16 06:01 -------- d-----w c:\documents and settings\Liddy\Application Data\McAfee
2009-04-16 06:00 . 2009-04-30 17:53 -------- d-----w c:\documents and settings\Liddy\Local Settings\Application Data\ApplicationHistory
2009-04-15 17:02 . 2009-04-15 17:02 128 ----a-w c:\documents and settings\siSTy\Local Settings\Application Data\fusioncache.dat
2009-04-15 14:18 . 2009-04-15 14:18 128 ----a-w c:\documents and settings\Garry\Local Settings\Application Data\fusioncache.dat
2009-04-15 14:18 . 2009-05-07 11:23 -------- d-----w c:\documents and settings\Garry\Local Settings\Application Data\ApplicationHistory
2009-04-15 13:31 . 2009-04-15 14:19 -------- d-----w c:\documents and settings\Garry\Application Data\McAfee
2009-04-15 08:04 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:04 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:04 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 08:04 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:04 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:04 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:04 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:04 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:04 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:03 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 08:03 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 02:02 . 2009-04-15 02:02 -------- d-sh--w c:\documents and settings\Garry\PrivacIE
2009-04-14 19:24 . 2009-04-14 19:24 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-14 18:25 . 2006-03-03 15:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-04-14 18:19 . 2007-12-02 19:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-04-14 18:19 . 2007-11-22 13:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-04-14 18:19 . 2007-11-22 13:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-04-14 18:19 . 2007-07-13 13:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-04-14 18:18 . 2009-04-14 18:18 -------- d-----w c:\program files\McAfee.com
2009-04-14 18:18 . 2009-04-14 18:19 -------- d-----w c:\program files\Common Files\McAfee
2009-04-14 18:18 . 2009-04-16 23:28 -------- d-----w c:\program files\McAfee
2009-04-14 08:21 . 2009-04-15 17:02 -------- d-----w c:\documents and settings\siSTy\Application Data\McAfee
2009-04-14 01:59 . 2009-04-21 22:53 -------- d-----w c:\documents and settings\Liddy\Local Settings\Application Data\Apple Computer
2009-04-13 02:44 . 2009-04-13 02:44 -------- d-----w c:\documents and settings\siSTy\Application Data\Windows Search
2009-04-12 22:41 . 2009-04-12 22:41 -------- d-sh--w c:\documents and settings\siSTy\PrivacIE
2009-04-12 21:11 . 2009-04-19 19:27 -------- d-----w c:\documents and settings\Garry\Local Settings\Application Data\Apple Computer
2009-04-12 20:43 . 2009-04-27 06:36 -------- d-----w c:\documents and settings\siSTy\Application Data\Apple Computer
2009-04-12 20:42 . 2009-03-19 23:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-12 20:42 . 2008-04-17 19:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-12 20:42 . 2009-04-12 20:42 -------- d-----w c:\program files\iPod
2009-04-12 20:42 . 2009-04-12 20:42 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-12 20:42 . 2009-04-12 20:42 -------- d-----w c:\program files\iTunes
2009-04-12 20:41 . 2009-04-12 20:41 -------- d-----w c:\program files\Bonjour
2009-04-12 20:41 . 2009-04-12 20:41 -------- d-----w c:\program files\QuickTime
2009-04-12 20:41 . 2009-04-12 20:42 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-12 20:40 . 2009-04-12 20:40 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Apple
2009-04-12 20:40 . 2009-04-12 20:40 -------- d-----w c:\program files\Apple Software Update
2009-04-12 20:40 . 2009-04-12 20:42 -------- d-----w c:\program files\Common Files\Apple
2009-04-12 20:40 . 2009-04-12 20:40 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-12 20:39 . 2009-04-18 11:17 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Apple Computer
2009-04-12 18:36 . 2009-04-12 18:36 -------- d-sh--w c:\documents and settings\Liddy\PrivacIE
2009-04-12 04:45 . 2009-04-12 04:45 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-12 04:44 . 2009-04-12 04:44 -------- d-sh--w c:\documents and settings\Garry\IETldCache
2009-04-12 00:56 . 2009-04-12 00:56 -------- d-sh--w c:\documents and settings\siSTy\IETldCache
2009-04-12 00:07 . 2009-04-12 00:07 -------- d-sh--w c:\documents and settings\Liddy\IETldCache
2009-04-11 05:30 . 2009-04-18 13:05 -------- d-----w c:\windows\ie8updates
2009-04-11 05:27 . 2009-04-18 13:05 -------- d--h--w c:\windows\msdownld.tmp
2009-04-11 04:54 . 2009-04-30 04:39 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\ApplicationHistory

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 05:55 . 2009-03-30 00:41 13688 ----a-w c:\documents and settings\Garry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 08:49 . 2009-03-30 23:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-30 08:48 . 2009-04-04 07:49 -------- d-----w c:\program files\Oberon Media
2009-04-28 19:08 . 2009-03-29 18:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 07:08 . 2009-04-08 07:07 -------- d-----w c:\program files\Shockwave.com
2009-04-05 06:18 . 2009-03-29 18:11 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-04 07:49 . 2009-04-04 07:49 -------- d-----w c:\program files\Common Files\Oberon Media
2009-04-04 07:49 . 2009-04-04 07:49 -------- d-----w c:\program files\Chill
2009-04-02 05:32 . 2009-04-02 05:31 -------- d-----w c:\program files\Yahoo!
2009-03-30 23:24 . 2009-03-30 11:31 -------- d-----w c:\program files\Java
2009-03-30 03:57 . 2009-03-30 03:57 -------- d-----w c:\program files\support.com
2009-03-30 03:56 . 2009-03-30 03:56 -------- d-----w c:\program files\Common Files\SupportSoft
2009-03-30 03:48 . 2009-03-29 20:05 -------- d-----w c:\program files\Network Associates
2009-03-29 20:05 . 2009-03-29 20:05 -------- d-----w c:\program files\Common Files\Cisco Systems
2009-03-29 19:55 . 2009-03-29 19:55 0 ----a-w c:\windows\nsreg.dat
2009-03-29 19:52 . 2009-03-29 19:52 -------- d-----w c:\program files\CyberLink
2009-03-29 19:52 . 2009-03-29 18:21 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-29 18:31 . 2009-03-29 18:31 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-03-29 18:31 . 2009-03-29 18:31 -------- d-----w c:\program files\SystemRequirementsLab
2009-03-29 18:21 . 2009-03-29 18:21 -------- d-----w c:\program files\Realtek
2009-03-29 18:21 . 2009-03-29 18:21 315392 ----a-w c:\windows\HideWin.exe
2009-03-29 18:20 . 2009-03-29 18:20 -------- d-----w c:\program files\Intel
2009-03-29 18:20 . 2009-03-29 18:20 4608 ----a-w c:\windows\system32\PCIUtil.sys
2009-03-29 18:13 . 2009-03-29 18:13 -------- d-----w c:\program files\microsoft frontpage
2009-03-29 18:12 . 2006-02-28 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-29 18:09 . 2009-03-29 18:09 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-09 12:19 . 2009-03-30 11:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2006-02-28 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2006-02-28 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2006-02-28 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2006-02-28 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2006-02-28 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2006-02-28 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2006-02-28 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2006-02-28 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2006-02-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-12 09:00 . 2009-03-29 18:40 36352 ------w C:\WGASetup.exe
2009-02-09 12:10 . 2006-02-28 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2006-02-28 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2006-02-28 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2006-02-28 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2006-02-28 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-06_06.07.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-07 11:23 . 2009-05-07 11:23 16384 c:\windows\Temp\Perflib_Perfdata_4ec.dat
+ 2009-05-07 12:11 . 2009-05-07 12:11 16384 c:\windows\Temp\Perflib_Perfdata_414.dat
+ 2009-05-07 11:23 . 2009-05-07 11:23 16384 c:\windows\Temp\Perflib_Perfdata_40c.dat
+ 2009-03-29 18:16 . 2009-05-08 10:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-29 18:16 . 2009-05-06 05:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-29 18:16 . 2009-05-08 10:29 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-29 18:16 . 2009-05-06 05:41 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"HijackThis startup scan"="c:\program files\Trend Micro\HijackThis\HijackThis.exe" [2009-05-01 396288]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Garry^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Garry\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/30/2009 9:43 PM 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/29/2009 11:22 AM 547744]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-14 20:32]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-14 20:32]

2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{B315AF5C-FD06-425B-B081-FED34C0F3250}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{C4EEECEF-397D-47BC-9622-B070F920CECF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Garry\Application Data\Mozilla\Firefox\Profiles\nxur4pjx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=
FF - plugin: c:\documents and settings\Garry\Application Data\Mozilla\Firefox\Profiles\nxur4pjx.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 04:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-08 4:47
ComboFix-quarantined-files.txt 2009-05-08 11:47
ComboFix2.txt 2009-05-06 06:10

Pre-Run: 22,492,708,864 bytes free
Post-Run: 22,478,381,056 bytes free

333 --- E O F --- 2009-05-01 11:15
lynch1013
Active Member
 
Posts: 7
Joined: May 1st, 2009, 10:24 am

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby Shaba » May 8th, 2009, 9:47 am

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby lynch1013 » May 9th, 2009, 1:34 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, May 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 09, 2009 00:54:04
Records in database: 2147441
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 77809
Threat name: 5
Infected objects: 81
Suspicious objects: 0
Duration of the scan: 01:28:03


File name / Threat name / Threats count
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP27\A0015233.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP27\A0015237.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP27\A0015246.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP27\A0015248.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP42\A0025266.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP42\A0025270.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP42\A0025279.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP42\A0025280.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP42\A0025281.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP42\A0025286.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP45\A0027316.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP45\A0027320.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP45\A0027329.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP45\A0027331.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP45\A0027332.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP48\A0028549.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP48\A0028553.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP48\A0028562.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP48\A0028564.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP48\A0028565.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0030622.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0030626.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0030635.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0030637.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0030638.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0030642.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0031612.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0031616.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0031625.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0031627.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP49\A0031628.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP50\A0034605.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP50\A0034609.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP50\A0034618.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP50\A0034620.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP50\A0034621.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP53\A0034999.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP53\A0035003.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP53\A0035012.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP53\A0035014.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP53\A0035015.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP53\A0035218.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP53\A0035222.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP53\A0035231.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP53\A0035233.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP53\A0035234.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP54\A0036091.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP54\A0036095.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP54\A0036104.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP54\A0036106.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP54\A0036107.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP57\A0038172.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP57\A0038176.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP57\A0038185.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP57\A0038187.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP57\A0038188.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP58\A0038279.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP58\A0038283.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP58\A0038292.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP58\A0038294.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP58\A0038295.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP59\A0039336.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP59\A0039340.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP59\A0039348.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP59\A0039351.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP60\A0041322.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP60\A0041326.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP60\A0041335.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP60\A0041336.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP60\A0041346.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP61\A0041389.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP61\A0041393.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP61\A0041401.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP61\A0041402.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP61\A0041407.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP65\A0044520.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP65\A0044535.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP65\A0044539.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP65\A0044548.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP65\A0044551.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ff 1
C:\System Volume Information\_restore{3AD4B52A-5B03-44EA-AF07-B7BD93687D4B}\RP65\A0044591.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fg 1

The selected area was scanned.


HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:44 PM, on 5/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8351179304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8363263671
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 7141 bytes
lynch1013
Active Member
 
Posts: 7
Joined: May 1st, 2009, 10:24 am

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby Shaba » May 9th, 2009, 3:22 am

That looks good :)

Those are all in system restore which will get flushed during final instructions.

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help W32\Hiloti.gen!A I can't get rid of it!!!! Help!!

Unread postby Shaba » May 14th, 2009, 10:17 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware