Security toolbar 7.1 help! [CLOSED]

Need a geek? You've come to the right place! Geeks to Go offers free, quality technical support, in a non-technical way. Volunteers are waiting to help. Friendly, technology experts who have knowledge to share, and find reward in helping others. Feel free to browse the site as a guest. However, to reply to a topic, or start a new one, you'll need to register (also removes advertising). New here? Visit our Welcome Guide. Infected with a Virus, Spyware, or Trojan? Read our Malware and Spyware Cleaning Guide.

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Security toolbar 7.1 help! [CLOSED], i have this toolbar on IE explorer and it causes popups and error mess

Options

df8665 View Member Profile	Jun 19 2008, 10:30 AM Post #1
New Member Posts: 6 OS: windows xp	this IS MY HIJACKTHIS LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:57 PM, on 6/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F3 - REG:win.ini: load=C:\DOCUME~1\Guest\LOCALS~1\Temp\jkkll.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL O2 - BHO: (no name) - {6B93B362-B100-4DAF-B5BF-EDE30DB5BCF3} - C:\WINDOWS\system32\awvvt.dll (file missing) O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\ljjihgh.dll (file missing) O2 - BHO: (no name) - {98EC6181-56D9-4D79-9FBE-326BC51ED84d} - C:\WINDOWS\system32\sqtvtxio.dll O2 - BHO: (no name) - {A4C0A972-A0A4-47D8-B4F9-590B0C46CC07} - C:\WINDOWS\system32\sqtvtxio.dll O2 - BHO: (no name) - {A7260504-9D09-4E36-BD74-8ED3FFF888E2} - C:\DOCUME~1\Guest\LOCALS~1\Temp\jkkll.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mpxzkrai.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\fcyyyyw.dll O2 - BHO: {d52a0167-cff8-c26b-ed64-4c2f4014811c} - {c1184104-f2c4-46de-b62c-8ffc7610a25d} - C:\WINDOWS\system32\uvmkdkob.dll O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mpxzkrai.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm035YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.8/ttinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{9EAB07CD-279A-4C52-B5E8-3FBA25EC8D36}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{A6343AA9-5CD0-4715-9210-0AF642D57EAD}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{D4EC93FC-8E14-45EE-A72B-EFC40D0ECD9D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D10538-B052-4819-A0D1-5E08B0F3272D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{FB684270-F371-4E9D-9226-97152B418883}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD908A54-F663-45A8-8B73-E007C80A4583}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.18 85.255.112.67 O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.18 85.255.112.67 O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing) O20 - Winlogon Notify: fcyyyyw - C:\WINDOWS\SYSTEM32\fcyyyyw.dll O20 - Winlogon Notify: ljjihgh - ljjihgh.dll (file missing) O20 - Winlogon Notify: mpxzkrai - C:\WINDOWS\SYSTEM32\mpxzkrai.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

andrewuk View Member Profile	Jun 19 2008, 12:17 PM Post #2
Trusted Helper Posts: 4,319 From: London, UK OS: XP	Hi df8665 welcome to geekstogo if you have already downloaded combofix then could you delete the current version of combofix you have and then follow these instructions: Please visit this web page for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall andrewuk

df8665 View Member Profile	Jun 19 2008, 11:04 PM Post #3
New Member Posts: 6 OS: windows xp	thanks for the help, this my combofix log ComboFix 08-06-19.1 - HP_Administrator 2008-06-19 23:58:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1561 [GMT -4:00] Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 C:\Documents and Settings\All Users\Application Data\SeekmoSA C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht C:\Documents and Settings\Guest\Application Data\Seekmo C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\1058131.sdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\1066422.sdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\1306306.sdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\1320424.sdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884480.sdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\3340762.sdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\3855406.sdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\625696.sdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\952211.sdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10587 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\117759 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15541 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20128 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20304 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20549 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25469 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26656 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26763 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27414 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27503 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29642 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\297534 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32418 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\345676 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35047 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39850 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3986 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4142 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4157 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43377 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4382 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4442 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44484 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\45351 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4763 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\477109 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\531510 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53923 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\56463 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\578081 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\578140 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\579123 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\579718 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58478 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59598 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59844 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59913 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\606379 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61207 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64495 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64517 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\65770 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69325 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73387 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\74398 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744786 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744819 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744881 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745415 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745434 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748368 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748380 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\751209 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\76208 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\78600 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79246 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\82292 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\85055 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\85062 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\89500 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\90358 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\94407 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\95777 C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\35ac.dat C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\avatar.dat C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\register.dat C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\zbucks.dat C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\F2SDLY79\www.broadcaster.com C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\HP_Administrator\Application Data\Seekmo C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1055780.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1058131.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1066422.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1391215.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1407182.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\148733.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\221540.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\2530568.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884426.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884480.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\2901962.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3783087.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852407.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\48657.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\718676.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\965522.sdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10807 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\116250 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\11891 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\141199 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15090 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\153363 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1590 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\159529 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16176 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16204 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1670 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\168167 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17040 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18909 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\19814 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20357 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20549 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20570 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21060 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22254 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22257 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22913 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23149 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23849 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\24341 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\24996 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\251492 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27505 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\286256 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30854 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32148 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32276 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32418 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3338 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34107 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34174 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34237 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\346468 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34952 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35000 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\361427 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39245 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41115 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43719 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44293 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4442 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\455641 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\459338 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\475788 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51495 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51666 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52248 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5358 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\54220 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\54469 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\547723 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58804 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59139 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\604347 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61207 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64404 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64605 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\65770 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\66836 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67226 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69263 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\70375 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\70650 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\713199 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73282 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\733622 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73387 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744726 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744786 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744934 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744999 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745019 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745148 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745175 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745326 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748329 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\7521 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\752651 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753094 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\75743 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\75746 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79806 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79972 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79989 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\81566 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\82120 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\82292 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\8443 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\85522 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86090 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86587 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86993 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\872 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\873 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\90358 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93921 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\94230 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\94778 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\95803 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\95825 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\95828 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\97964 C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\35ae.dat C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\35af.dat C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Program Files\ActivationManager C:\Program Files\ActivationManager\ActivationManager.dll C:\Program Files\ActivationManager\Uninstall.exe C:\Program Files\dobe~1 C:\Program Files\FunWebProducts C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings\setting2.htm C:\Program Files\MyWebSearch\bar\Settings\settings.dat C:\Program Files\network monitor C:\Program Files\PlayMP3z C:\Program Files\PlayMP3z\PlayMP3.exe C:\Program Files\PlayMP3z\uninstall.exe C:\WINDOWS\BMdf27997d.xml C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\mbols~1 C:\WINDOWS\pskt.ini C:\WINDOWS\system32\aawhtsby.dll C:\WINDOWS\system32\acbeg.bak1 C:\WINDOWS\system32\acbeg.ini C:\WINDOWS\system32\adayoqvs.dll C:\WINDOWS\system32\afddynot.ini C:\WINDOWS\system32\aghwvxbw.dll C:\WINDOWS\system32\alnqpvpm.ini C:\WINDOWS\system32\amsukven.ini C:\WINDOWS\system32\amtyemyx.ini C:\WINDOWS\system32\anqtyptc.dll C:\WINDOWS\system32\apcjhugw.ini C:\WINDOWS\system32\app.exe C:\WINDOWS\system32\apxxubdi.ini C:\WINDOWS\system32\aqgasdnu.dll C:\WINDOWS\system32\arnlbfic.ini C:\WINDOWS\system32\arypruiu.dll C:\WINDOWS\system32\asmrbrkm.dll C:\WINDOWS\system32\atreeykp.dll C:\WINDOWS\system32\avcytebw.ini C:\WINDOWS\system32\axfnhqqj.dll C:\WINDOWS\system32\aypkwxmw.dll C:\WINDOWS\system32\bblepttb.ini C:\WINDOWS\system32\bdthlevh.dll C:\WINDOWS\system32\bgafudpp.dll C:\WINDOWS\system32\biwijsdj.dll C:\WINDOWS\system32\blssaekq.dll C:\WINDOWS\system32\bluyjudv.dll C:\WINDOWS\system32\blwqfdhm.ini C:\WINDOWS\system32\bmiodqxn.dll C:\WINDOWS\system32\bnakpexy.ini C:\WINDOWS\system32\brexfuvq.dll C:\WINDOWS\system32\brfntgtd.ini C:\WINDOWS\system32\brrwiqlh.dll C:\WINDOWS\system32\bskmdvig.ini C:\WINDOWS\system32\btlwhtxv.dll C:\WINDOWS\system32\bttpelbb.dll C:\WINDOWS\system32\bumcdyhu.ini C:\WINDOWS\system32\bwdqwrhi.dll C:\WINDOWS\system32\bwrumorb.ini C:\WINDOWS\system32\cbadd.ini C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\ceattqda.dll C:\WINDOWS\system32\cfevdwmr.ini C:\WINDOWS\system32\chdilhmw.dll C:\WINDOWS\system32\chigksad.dll C:\WINDOWS\system32\chtrsxpw.dll C:\WINDOWS\system32\chwqbmpr.dll C:\WINDOWS\system32\cifblnra.dll C:\WINDOWS\system32\cipscylp.ini C:\WINDOWS\system32\cjgrlnov.dll C:\WINDOWS\system32\cjjjajcg.dll C:\WINDOWS\system32\cmddavkt.ini C:\WINDOWS\system32\cmubprsd.ini C:\WINDOWS\system32\cnvqtqjx.dll C:\WINDOWS\system32\codifrun.dll C:\WINDOWS\system32\coignwli.dll C:\WINDOWS\system32\cqbcihnx.ini C:\WINDOWS\system32\crpurapc.dll C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\ctsgdffn.dll C:\WINDOWS\system32\cupccxhg.ini C:\WINDOWS\system32\cwfcqrcx.dll C:\WINDOWS\system32\cwuljjyg.ini C:\WINDOWS\system32\cwxcitfa.dll C:\WINDOWS\system32\datmoasj.dll C:\WINDOWS\system32\davakwbp.ini C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddayv.dll C:\WINDOWS\system32\ddcyv.dll C:\WINDOWS\system32\ddirnhom.dll C:\WINDOWS\system32\ddnhmoju.dll C:\WINDOWS\system32\dgbstjcl.dll C:\WINDOWS\system32\dgccbpup.ini C:\WINDOWS\system32\djbgaceg.dll C:\WINDOWS\system32\djesdjuh.dll C:\WINDOWS\system32\djiciboq.ini C:\WINDOWS\system32\djycpemj.ini C:\WINDOWS\system32\dmfctxsp.dll C:\WINDOWS\system32\dnebcwvk.dll C:\WINDOWS\system32\doxmpxfw.dll C:\WINDOWS\system32\dpanouuo.dll C:\WINDOWS\system32\dquctjdn.dll C:\WINDOWS\system32\drhiwqdx.dll C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\drokfmui.dll C:\WINDOWS\system32\dtegmcvp.dll C:\WINDOWS\system32\dtgtnfrb.dll C:\WINDOWS\system32\dvebbweq.dll C:\WINDOWS\system32\dvexbvqj.dll C:\WINDOWS\system32\dvpkwgvh.dll C:\WINDOWS\system32\dyqsffpn.ini C:\WINDOWS\system32\ebvrbdcu.dll C:\WINDOWS\system32\edlvjkej.ini C:\WINDOWS\system32\eekkbdtb.dll C:\WINDOWS\system32\eeqidsgn.dll C:\WINDOWS\system32\efkxwncy.dll C:\WINDOWS\system32\efviqbkg.dll C:\WINDOWS\system32\egmqungp.dll C:\WINDOWS\system32\ehvtwbxy.dll C:\WINDOWS\system32\ejxdxudg.dll C:\WINDOWS\system32\eqdnxwdj.dll C:\WINDOWS\system32\eqnfqqte.dll C:\WINDOWS\system32\esiyupin.dll C:\WINDOWS\system32\etvvmcrl.dll C:\WINDOWS\system32\etyuagnq.ini C:\WINDOWS\system32\eubewb

andrewuk View Member Profile	Jun 20 2008, 12:58 AM Post #4
Trusted Helper Posts: 4,319 From: London, UK OS: XP	your combofix log got cut off (seems combofix has deleted plenty of infections ). the forum has a limit of how long each post is, so could you post the rest of the combofix log.......you may have to post it over several posts. andrewuk

df8665 View Member Profile	Jun 20 2008, 01:11 AM Post #5
New Member Posts: 6 OS: windows xp	C:\WINDOWS\system32\euijjauj.ini C:\WINDOWS\system32\eurcakkk.dll C:\WINDOWS\system32\eybwsqyu.ini C:\WINDOWS\system32\faduoytw.dll C:\WINDOWS\system32\fcxijhfm.ini C:\WINDOWS\system32\fcyyyyw.dll C:\WINDOWS\system32\fdbnsclt.ini C:\WINDOWS\system32\fewrkioe.dll C:\WINDOWS\system32\fggmvoje.dll C:\WINDOWS\system32\fijibfjx.ini C:\WINDOWS\system32\fkibprpj.ini C:\WINDOWS\system32\fmuvaqia.dll C:\WINDOWS\system32\fonwbnkm.dll C:\WINDOWS\system32\forqjoyr.ini C:\WINDOWS\system32\fsfaawis.ini C:\WINDOWS\system32\futpdvfs.ini C:\WINDOWS\system32\fwhtltqv.dll C:\WINDOWS\system32\fwnecapt.ini C:\WINDOWS\system32\fxaktfae.ini C:\WINDOWS\system32\fywwbjye.dll C:\WINDOWS\system32\gdxjuhyi.dll C:\WINDOWS\system32\gebca.dll C:\WINDOWS\system32\gebcy.dll C:\WINDOWS\system32\gfgiftnj.dll C:\WINDOWS\system32\gfyhersf.dll C:\WINDOWS\system32\ghnruger.ini C:\WINDOWS\system32\ghrauuvl.dll C:\WINDOWS\system32\ghxccpuc.dll C:\WINDOWS\system32\gjixtrli.dll C:\WINDOWS\system32\gjvkbsns.dll C:\WINDOWS\system32\gldncmji.ini C:\WINDOWS\system32\gtelmhrd.dll C:\WINDOWS\system32\guccbepd.dll C:\WINDOWS\system32\gyjjluwc.dll C:\WINDOWS\system32\hecjlcxn.dll C:\WINDOWS\system32\hejeqmpu.dll C:\WINDOWS\system32\hlnxhchu.dll C:\WINDOWS\system32\hnkelqlh.dll C:\WINDOWS\system32\hnupglno.dll C:\WINDOWS\system32\hptwjcxv.ini C:\WINDOWS\system32\hpuxyfiw.dll C:\WINDOWS\system32\hpxpxhxu.dll C:\WINDOWS\system32\hqkulbot.ini C:\WINDOWS\system32\hriailwr.dll C:\WINDOWS\system32\hvgwkpvd.ini C:\WINDOWS\system32\hwdfmnom.dll C:\WINDOWS\system32\hwltjkdv.ini C:\WINDOWS\system32\idbuxxpa.dll C:\WINDOWS\system32\idoiurop.ini C:\WINDOWS\system32\ieyogmdx.dll C:\WINDOWS\system32\igpueciy.ini C:\WINDOWS\system32\ihrwqdwb.ini C:\WINDOWS\system32\ihwxqjrb.dll C:\WINDOWS\system32\iidylrij.ini C:\WINDOWS\system32\ijdlsutw.dll C:\WINDOWS\system32\ijkmp.bak1 C:\WINDOWS\system32\ijkmp.ini C:\WINDOWS\system32\ikxiwpnv.dll C:\WINDOWS\system32\ilrtxijg.ini C:\WINDOWS\system32\imeocdwx.dll C:\WINDOWS\system32\ipindcbl.ini C:\WINDOWS\system32\ipljibgn.dll C:\WINDOWS\system32\iptnkcvj.dll C:\WINDOWS\system32\iqkjbhpc.ini C:\WINDOWS\system32\iqlpcsgl.dll C:\WINDOWS\system32\iqsifejb.dll C:\WINDOWS\system32\irylnflv.ini C:\WINDOWS\system32\ithxcmnw.dll C:\WINDOWS\system32\iumfkord.ini C:\WINDOWS\system32\ivnvejvm.ini C:\WINDOWS\system32\ivtxuued.dll C:\WINDOWS\system32\iwqqespu.ini C:\WINDOWS\system32\iyeecweo.dll C:\WINDOWS\system32\iyhqoqyp.dll C:\WINDOWS\system32\iyhujxdg.ini C:\WINDOWS\system32\jdsjiwib.ini C:\WINDOWS\system32\jdwxndqe.ini C:\WINDOWS\system32\jekjvlde.dll C:\WINDOWS\system32\jirlydii.dll C:\WINDOWS\system32\jkhgbvqc.ini C:\WINDOWS\system32\jlfdgpir.dll C:\WINDOWS\system32\jlgcfhfm.dll C:\WINDOWS\system32\jlnillrs.ini C:\WINDOWS\system32\jlppwymm.ini C:\WINDOWS\system32\jmjqfvyx.ini C:\WINDOWS\system32\jmlbxjbv.dll C:\WINDOWS\system32\jmrqbfqp.ini C:\WINDOWS\system32\jnxcpbcu.dll C:\WINDOWS\system32\jqmcirau.ini C:\WINDOWS\system32\jqqhnfxa.ini C:\WINDOWS\system32\jqvbxevd.ini C:\WINDOWS\system32\jsaomtad.ini C:\WINDOWS\system32\jtlkdgob.dll C:\WINDOWS\system32\jtvkmlon.dll C:\WINDOWS\system32\juajjiue.dll C:\WINDOWS\system32\jxawfvvg.dll C:\WINDOWS\system32\jxtqgxdv.dll C:\WINDOWS\system32\kahyycci.dll C:\WINDOWS\system32\kdhwr.exe C:\WINDOWS\system32\kdyviugl.dll C:\WINDOWS\system32\kffqcius.ini C:\WINDOWS\system32\kfyoyfis.ini C:\WINDOWS\system32\khcgtwqk.ini C:\WINDOWS\system32\kicuyqpx.dll C:\WINDOWS\system32\kifbsluf.dll C:\WINDOWS\system32\kjodaale.dll C:\WINDOWS\system32\kjqdmlem.ini C:\WINDOWS\system32\kkkacrue.ini C:\WINDOWS\system32\kohkpidi.dll C:\WINDOWS\system32\kopgmfeo.dll C:\WINDOWS\system32\kqwtgchk.dll C:\WINDOWS\system32\krbywpum.dll C:\WINDOWS\system32\krchvmkt.dll C:\WINDOWS\system32\ksegluoj.dll C:\WINDOWS\system32\ksensrmm.ini C:\WINDOWS\system32\kunuapik.dll C:\WINDOWS\system32\kvaomjds.ini C:\WINDOWS\system32\kvasjxan.ini C:\WINDOWS\system32\kwfhavtb.ini C:\WINDOWS\system32\ladhdavv.dll C:\WINDOWS\system32\lbcdnipi.dll C:\WINDOWS\system32\lgjwtbnl.ini C:\WINDOWS\system32\lhopttin.dll C:\WINDOWS\system32\livokipi.dll C:\WINDOWS\system32\lkeeacyq.dll C:\WINDOWS\system32\lkefimfv.dll C:\WINDOWS\system32\lmhbbwwn.dll C:\WINDOWS\system32\lppjokaj.ini C:\WINDOWS\system32\lshtbjpn.ini C:\WINDOWS\system32\lspchouw.dll C:\WINDOWS\system32\lvcccrmf.dll C:\WINDOWS\system32\lvuuarhg.ini C:\WINDOWS\system32\lxcyqkom.dll C:\WINDOWS\system32\lxqrbdtx.ini C:\WINDOWS\system32\mcofkiha.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mdmwcmcx.ini C:\WINDOWS\system32\mdnlctpk.dll C:\WINDOWS\system32\mdtpykef.dll C:\WINDOWS\system32\mfhfcglj.ini C:\WINDOWS\system32\mfhjixcf.dll C:\WINDOWS\system32\mgqtfiei.dll C:\WINDOWS\system32\mhdfqwlb.dll C:\WINDOWS\system32\mjgnnlkh.ini C:\WINDOWS\system32\mknbwnof.ini C:\WINDOWS\system32\monmfdwh.ini C:\WINDOWS\system32\mosuqvvm.dll C:\WINDOWS\system32\mpvpqnla.dll C:\WINDOWS\system32\mpxzkrai.dll C:\WINDOWS\system32\mqrppjag.dll C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\mtbscmew.dll C:\WINDOWS\system32\mualsfox.ini C:\WINDOWS\system32\mvjevnvi.dll C:\WINDOWS\system32\mwonhbla.dll C:\WINDOWS\system32\myqqnmuf.dll C:\WINDOWS\system32\naxjsavk.dll C:\WINDOWS\system32\nbpmyndx.ini C:\WINDOWS\system32\nevkusma.dll C:\WINDOWS\system32\nffdgstc.ini C:\WINDOWS\system32\nfibrfpx.dll C:\WINDOWS\system32\ngbijlpi.ini C:\WINDOWS\system32\nipuyise.ini C:\WINDOWS\system32\nlnfnodt.ini C:\WINDOWS\system32\nmfubvlc.dll C:\WINDOWS\system32\nolmkvtj.ini C:\WINDOWS\system32\nopksjyt.dll C:\WINDOWS\system32\npffsqyd.dll C:\WINDOWS\system32\nxqdoimb.ini C:\WINDOWS\system32\o03PrEz C:\WINDOWS\system32\o03PrEz\o03PrEz1080.exe C:\WINDOWS\system32\oablejvo.ini C:\WINDOWS\system32\obfmisdu.dll C:\WINDOWS\system32\ocvwewak.dll C:\WINDOWS\system32\oewceeyi.ini C:\WINDOWS\system32\ogflbhye.dll C:\WINDOWS\system32\ojoefyvt.dll C:\WINDOWS\system32\olpvvsts.dll C:\WINDOWS\system32\oltbqdyp.dll C:\WINDOWS\system32\oodqmils.dll C:\WINDOWS\system32\oqedcuuq.dll C:\WINDOWS\system32\oqkxmqlx.dll C:\WINDOWS\system32\osrsutsp.ini C:\WINDOWS\system32\otsqjgsy.ini C:\WINDOWS\system32\ouuonapd.ini C:\WINDOWS\system32\ovdcxpuj.dll C:\WINDOWS\system32\ovfviuye.dll C:\WINDOWS\system32\owidtjdy.dll C:\WINDOWS\system32\oyogugqp.dll C:\WINDOWS\system32\pbwkavad.dll C:\WINDOWS\system32\pbxvddct.ini C:\WINDOWS\system32\peigkexx.dll C:\WINDOWS\system32\peyjboir.dll C:\WINDOWS\system32\pguuwvqq.ini C:\WINDOWS\system32\phlvlffa.dll C:\WINDOWS\system32\pidbxqrk.ini C:\WINDOWS\system32\pldfxdmr.dll C:\WINDOWS\system32\plycspic.dll C:\WINDOWS\system32\pmgkkety.ini C:\WINDOWS\system32\pmkjg.dll C:\WINDOWS\system32\pmkji.dll C:\WINDOWS\system32\pmnscrkm.dll C:\WINDOWS\system32\pnfefmwm.dll C:\WINDOWS\system32\pngdpeii.dll C:\WINDOWS\system32\pnkkyqjh.ini C:\WINDOWS\system32\pnngdrbu.ini C:\WINDOWS\system32\poiyhmtl.ini C:\WINDOWS\system32\poruiodi.dll C:\WINDOWS\system32\pouniakm.dll C:\WINDOWS\system32\pqfbqrmj.dll C:\WINDOWS\system32\pqgugoyo.ini C:\WINDOWS\system32\prkcqbnr.dll C:\WINDOWS\system32\ps.exe C:\WINDOWS\system32\pstusrso.dll C:\WINDOWS\system32\psxtcfmd.ini C:\WINDOWS\system32\pudiapxa.dll C:\WINDOWS\system32\pvhvrlyl.dll C:\WINDOWS\system32\pvvghcoe.ini C:\WINDOWS\system32\pyqoqhyi.ini C:\WINDOWS\system32\qckodcvi.dll C:\WINDOWS\system32\qdklptod.dll C:\WINDOWS\system32\qdsyauug.dll C:\WINDOWS\system32\qfkcuvjt.dll C:\WINDOWS\system32\qhcekdhy.dll C:\WINDOWS\system32\qiwftwqf.ini C:\WINDOWS\system32\qngauyte.dll C:\WINDOWS\system32\qnolvqmb.dll C:\WINDOWS\system32\qobicijd.dll C:\WINDOWS\system32\qpwjajxw.dll C:\WINDOWS\system32\qqvwuugp.dll C:\WINDOWS\system32\qtgiuvem.ini C:\WINDOWS\system32\quqeyyjy.dll C:\WINDOWS\system32\qvufxerb.ini C:\WINDOWS\system32\qwokwdpo.dll C:\WINDOWS\system32\qxuwemds.ini C:\WINDOWS\system32\racle~1 C:\WINDOWS\system32\rartcydj.dll C:\WINDOWS\system32\rdqcxvju.ini C:\WINDOWS\system32\riobjyep.ini C:\WINDOWS\system32\ripgdflj.ini C:\WINDOWS\system32\ritwjijf.ini C:\WINDOWS\system32\rjpcpstx.ini C:\WINDOWS\system32\rkqedtdl.ini C:\WINDOWS\system32\rlelihyu.dll C:\WINDOWS\system32\rmdxfdlp.ini C:\WINDOWS\system32\rmftgtpt.dll C:\WINDOWS\system32\rmjkqxyt.dll C:\WINDOWS\system32\rmwdvefc.dll C:\WINDOWS\system32\rntxgrls.dll C:\WINDOWS\system32\rpctfpfv.ini C:\WINDOWS\system32\rpmbqwhc.ini C:\WINDOWS\system32\rqnivxvt.dll C:\WINDOWS\system32\rsiwjsfr.ini C:\WINDOWS\system32\rsnuloub.dll C:\WINDOWS\system32\rtxhnaue.dll C:\WINDOWS\system32\ruybbluf.dll C:\WINDOWS\system32\rwliairh.ini C:\WINDOWS\system32\rxqxdkmw.dll C:\WINDOWS\system32\ryojqrof.dll C:\WINDOWS\system32\saiptvwd.dll C:\WINDOWS\system32\sasijvif.dll C:\WINDOWS\system32\sdjmoavk.dll C:\WINDOWS\system32\sdmewuxq.dll C:\WINDOWS\system32\sfvdptuf.dll C:\WINDOWS\system32\sgjtwcky.dll C:\WINDOWS\system32\shrierxu.ini C:\WINDOWS\system32\shsftxqx.dll C:\WINDOWS\system32\sjgujrrh.dll C:\WINDOWS\system32\slimqdoo.ini C:\WINDOWS\system32\slrgxtnr.ini C:\WINDOWS\system32\sqtvtxio.dll C:\WINDOWS\system32\srllinlj.dll C:\WINDOWS\system32\ssqpo.dll C:\WINDOWS\system32\stidiveq.dll C:\WINDOWS\system32\stsvvplo.ini C:\WINDOWS\system32\stwuponv.dll C:\WINDOWS\system32\subankwx.dll C:\WINDOWS\system32\suhwalit.ini C:\WINDOWS\system32\suxtkhnl.dll C:\WINDOWS\system32\svxajvia.dll C:\WINDOWS\system32\sxbgvpec.dll C:\WINDOWS\system32\taehlean.ini C:\WINDOWS\system32\tandwnsy.dll C:\WINDOWS\system32\tbvejojp.dll C:\WINDOWS\system32\texrcahj.dll C:\WINDOWS\system32\tkmvhcrk.ini C:\WINDOWS\system32\tlcsnbdf.dll C:\WINDOWS\system32\tlrnckxv.dll C:\WINDOWS\system32\tmskwbbj.dll C:\WINDOWS\system32\toblukqh.dll C:\WINDOWS\system32\tonyddfa.dll C:\WINDOWS\system32\tosbaxbv.dll C:\WINDOWS\system32\tosmmvpo.dll C:\WINDOWS\system32\tpacenwf.dll C:\WINDOWS\system32\tptgtfmr.ini C:\WINDOWS\system32\ttrrypgg.dll C:\WINDOWS\system32\tvmdspwu.dll C:\WINDOWS\system32\tvvwa.bak1 C:\WINDOWS\system32\tvvwa.bak2 C:\WINDOWS\system32\tvvwa.ini C:\WINDOWS\system32\tvvwa.ini2 C:\WINDOWS\system32\tvvwa.tmp C:\WINDOWS\system32\tvxvinqr.ini C:\WINDOWS\system32\tvyfeojo.ini C:\WINDOWS\system32\tyjskpon.ini C:\WINDOWS\system32\tyxqkjmr.ini C:\WINDOWS\system32\uaricmqj.dll C:\WINDOWS\system32\uarilixw.dll C:\WINDOWS\system32\ubrdgnnp.dll C:\WINDOWS\system32\ucbpcxnj.ini C:\WINDOWS\system32\uciusvnr.dll C:\WINDOWS\system32\ueeeslyt.dll C:\WINDOWS\system32\ufwmxvex.ini C:\WINDOWS\system32\ugkdlftf.dll C:\WINDOWS\system32\ugnfivav.ini C:\WINDOWS\system32\uguiwrqj.dll C:\WINDOWS\system32\uhydcmub.dll C:\WINDOWS\system32\uipcveug.dll C:\WINDOWS\system32\ujomhndd.ini C:\WINDOWS\system32\ukslowxt.dll C:\WINDOWS\system32\ulkfxaia.dll C:\WINDOWS\system32\unounbhw.dll C:\WINDOWS\system32\uodxvacv.dll C:\WINDOWS\system32\upseqqwi.dll C:\WINDOWS\system32\usdupfpi.dll C:\WINDOWS\system32\utowoutq.dll C:\WINDOWS\system32\ututv.bak1 C:\WINDOWS\system32\ututv.ini C:\WINDOWS\system32\uuhscluv.ini C:\WINDOWS\system32\uvnlldpb.dll C:\WINDOWS\system32\uvproipp.dll C:\WINDOWS\system32\uvvgiueu.dll C:\WINDOWS\system32\uxebgkfw.ini C:\WINDOWS\system32\uxeepeas.dll C:\WINDOWS\system32\uxreirhs.dll C:\WINDOWS\system32\uyqswbye.dll C:\WINDOWS\system32\vaukbtoe.ini C:\WINDOWS\system32\vavifngu.dll C:\WINDOWS\system32\vbxabsot.ini C:\WINDOWS\system32\vcbtybgp.dll C:\WINDOWS\system32\vcnexaxx.dll C:\WINDOWS\system32\vdkjtlwh.dll C:\WINDOWS\system32\vdwxkguc.dll C:\WINDOWS\system32\vdxgqtxj.ini C:\WINDOWS\system32\vfpftcpr.dll C:\WINDOWS\system32\vhmcgixj.dll C:\WINDOWS\system32\vhoynhnd.ini C:\WINDOWS\system32\vituxvve.ini C:\WINDOWS\system32\vkpcqmdd.dll C:\WINDOWS\system32\vkubdivm.dll C:\WINDOWS\system32\vlfnlyri.dll C:\WINDOWS\system32\vmhvasrm.ini C:\WINDOWS\system32\vmskpekw.ini C:\WINDOWS\system32\vnopuwts.ini C:\WINDOWS\system32\vonlrgjc.ini C:\WINDOWS\system32\vqtlthwf.ini C:\WINDOWS\system32\vtttmkyl.ini C:\WINDOWS\system32\vtutu.dll C:\WINDOWS\system32\vtycijqh.dll C:\WINDOWS\system32\vulcshuu.dll C:\WINDOWS\system32\vutnudpt.dll C:\WINDOWS\system32\vvadhdal.ini C:\WINDOWS\system32\vvbkkdgc.dll C:\WINDOWS\system32\vvwjgpsw.ini C:\WINDOWS\system32\vxcjwtph.dll C:\WINDOWS\system32\vyadd.bak1 C:\WINDOWS\system32\vyadd.ini C:\WINDOWS\system32\vycdd.bak1 C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vynmmiyk.dll C:\WINDOWS\system32\wbetycva.dll C:\WINDOWS\system32\wbxvwhga.ini C:\WINDOWS\system32\wetesxjg.ini C:\WINDOWS\system32\wfkgbexu.dll C:\WINDOWS\system32\wfxpmxod.ini C:\WINDOWS\system32\wgbxyhfr.dll C:\WINDOWS\system32\whyxlxiu.dll C:\WINDOWS\system32\wifyxuph.ini C:\WINDOWS\system32\winnb58.dll C:\WINDOWS\system32\wkepksmv.dll C:\WINDOWS\system32\wkqkasfe.dll C:\WINDOWS\system32\wltsgano.ini C:\WINDOWS\system32\wmfijuje.dll C:\WINDOWS\system32\wmhlidhc.ini C:\WINDOWS\system32\wmlccxcr.ini C:\WINDOWS\system32\wmwifout.dll C:\WINDOWS\system32\wpvlyvdt.dll C:\WINDOWS\system32\wtgpkxwk.ini C:\WINDOWS\system32\wtusldji.ini C:\WINDOWS\system32\wtyoudaf.ini C:\WINDOWS\system32\wvebuxty.ini C:\WINDOWS\system32\wvwssbcl.ini C:\WINDOWS\system32\wwaqghcb.dll C:\WINDOWS\system32\wxgtkfnt.ini C:\WINDOWS\system32\wxknpcsi.dll C:\WINDOWS\system32\xcrqcfwc.ini C:\WINDOWS\system32\xdefdukc.dll C:\WINDOWS\system32\xdgctkvj.dll C:\WINDOWS\system32\xdnympbn.dll C:\WINDOWS\system32\xfvypfeu.dll C:\WINDOWS\system32\xjfbijif.dll C:\WINDOWS\system32\xkamafxl.dll C:\WINDOWS\system32\xkkrsjsa.dll C:\WINDOWS\system32\xlguduvx.dll C:\WINDOWS\system32\xlqmxkqo.ini C:\WINDOWS\system32\xofslaum.dll C:\WINDOWS\system32\xowwgpve.dll C:\WINDOWS\system32\xpftfmfd.dll C:\WINDOWS\system32\xqqbntyh.dll C:\WINDOWS\system32\xqxtfshs.ini C:\WINDOWS\system32\xrdrhujq.dll C:\WINDOWS\system32\xtdbrqxl.dll C:\WINDOWS\system32\xtsjterj.ini C:\WINDOWS\system32\xtspcpjr.dll C:\WINDOWS\system32\xvuduglx.ini C:\WINDOWS\system32\xxaxencv.ini C:\WINDOWS\system32\xxnncrbn.dll C:\WINDOWS\system32\xyvfqjmj.dll C:\WINDOWS\system32\yapkhqds.ini C:\WINDOWS\system32\yarfaqtu.dll C:\WINDOWS\system32\ybsthwaa.ini C:\WINDOWS\system32\ycbeg.ini C:\WINDOWS\system32\ycbeg.ini2 C:\WINDOWS\system32\ycnwxkfe.ini C:\WINDOWS\system32\ydjtdiwo.ini C:\WINDOWS\system32\ydlvhvvl.ini C:\WINDOWS\system32\yjwoylpw.ini C:\WINDOWS\system32\ykcwtjgs.ini C:\WINDOWS\system32\yrrpbqwe.dll C:\WINDOWS\system32\ysgjqsto.dll C:\WINDOWS\system32\ytekkgmp.dll C:\WINDOWS\system32\yvsfcpto.dll C:\WINDOWS\system32\yxepkanb.dll C:\WINDOWS\system32\yxnhsodq.dll C:\WINDOWS\system32\yxpicinh.dll D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CORE -------\Legacy_NETWORK_MONITOR -------\Service_core -------\Service_Network Monitor ((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))) . 2008-06-19 12:28 . 2008-06-19 12:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-19 02:17 . 2008-06-20 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-18 02:09 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys 2008-06-18 02:08 . 2008-06-18 02:09 <DIR> d-------- C:\Program Files\Syncrosoft 2008-06-18 02:08 . 2005-02-01 04:34 700,416 --a------ C:\WINDOWS\system32\SYNSOACC.dll 2008-06-18 02:08 . 2004-05-11 00:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll 2008-06-18 02:08 . 2003-08-01 05:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm 2008-06-18 02:08 . 2003-05-27 00:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm 2008-06-18 02:08 . 2003-05-27 00:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm 2008-06-18 02:08 . 2002-11-25 17:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe 2008-06-18 02:08 . 2001-04-09 14:03 17,784 --a------ C:\WINDOWS\system32\drivers\NSynas32.sys 2008-06-18 02:08 . 2002-11-25 14:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-19 09:14 --------- d-----w C:\Program Files\QuickTime 2008-06-19 09:13 --------- d-----w C:\Program Files\music_now 2008-06-19 09:10 --------- d-----w C:\Program Files\iTunes 2008-06-19 09:06 --------- d-----w C:\Program Files\HP DigitalMedia Archive 2008-06-19 08:55 --------- d-----w C:\Program Files\America Online 9.0 2008-06-19 06:23 --------- d-----w C:\Program Files\DISC 2008-06-19 06:23 --------- d-----w C:\Program Files\BellSouthWCC 2008-06-18 06:10 --------- d-----w C:\Program Files\VstPlugins 2008-06-18 04:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire 2008-06-17 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-09 19:56 167 ----a-w C:\Documents and Settings\HP_Administrator\6297.bat 2007-07-09 19:53 167 ----a-w C:\Documents and Settings\HP_Administrator\6455.bat 2007-07-09 14:24 167 ----a-w C:\Documents and Settings\HP_Administrator\4331.bat 2007-07-08 00:42 167 ----a-w C:\Documents and Settings\HP_Administrator\5767.bat 2007-07-08 00:32 167 ----a-w C:\Documents and Settings\HP_Administrator\8172.bat 2007-07-07 21:25 167 ----a-w C:\Documents and Settings\HP_Administrator\2742.bat 2007-07-06 00:33 167 ----a-w C:\Documents and Settings\HP_Administrator\4312.bat 2007-06-18 00:46 167 ----a-w C:\Documents and Settings\HP_Administrator\5382.bat 2007-06-17 19:06 167 ----a-w C:\Documents and Settings\HP_Administrator\9774.bat 2007-06-17 18:29 167 ----a-w C:\Documents and Settings\HP_Administrator\3440.bat 2007-06-17 18:02 167 ----a-w C:\Documents and Settings\HP_Administrator\1000.bat 2007-06-16 14:52 167 ----a-w C:\Documents and Settings\HP_Administrator\9223.bat 2007-06-16 04:02 167 ----a-w C:\Documents and Settings\HP_Administrator\5619.bat 2007-06-15 16:08 167 ----a-w C:\Documents and Settings\HP_Administrator\7207.bat 2007-06-15 06:48 167 ----a-w C:\Documents and Settings\HP_Administrator\9112.bat 2007-06-15 05:58 167 ----a-w C:\Documents and Settings\HP_Administrator\9963.bat 2007-06-15 04:19 167 ----a-w C:\Documents and Settings\HP_Administrator\9566.bat 2007-06-15 01:41 167 ----a-w C:\Documents and Settings\HP_Administrator\6408.bat 2007-06-14 18:51 167 ----a-w C:\Documents and Settings\HP_Administrator\2314.bat 2007-06-13 17:43 167 ----a-w C:\Documents and Settings\HP_Administrator\3116.bat 2007-06-11 20:04 167 ----a-w C:\Documents and Settings\HP_Administrator\5853.bat 2007-06-11 19:12 167 ----a-w C:\Documents and Settings\HP_Administrator\2670.bat 2007-06-10 19:58 167 ----a-w C:\Documents and Settings\HP_Administrator\9174.bat 2007-06-10 07:44 167 ----a-w C:\Documents and Settings\HP_Administrator\3197.bat 2007-06-10 03:59 167 ----a-w C:\Documents and Settings\HP_Administrator\8785.bat 2007-02-26 17:53 67,048 ----a-w C:\Program Files\INSTALL.LOG . CODE <pre> ----a-w 50,776 2008-06-19 01:09:15 C:\Program Files\America Online 9.0\AOL .EXE ----a-w 1,896,448 2008-06-18 00:56:54 C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager .exe ----a-w 884,736 2008-01-31 21:52:09 C:\Program Files\BellSouth\HelpCenter\ssGet .exe ----a-w 543,232 2008-06-18 00:56:49 C:\Program Files\BellSouthWCC\McciTrayApp .exe ----a-w 50,736 2008-06-18 00:57:04 C:\Program Files\Common Files\AOL\1164764026\EE\aolsoftware .exe ----a-w 71,216 2008-06-18 00:56:38 C:\Program Files\Common Files\AOL\ACS\AOLDial .exe ----a-w 81,920 2008-06-18 00:57:10 C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe ----a-w 221,184 2008-06-18 00:59:39 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe ----a-w 180,269 2008-06-19 01:00:12 C:\Program Files\Common Files\Real\Update_OB\realsched .exe ----a-w 1,077,248 2008-06-18 00:56:29 C:\Program Files\DISC\DISCover .exe ----a-w 61,440 2008-06-18 00:56:31 C:\Program Files\DISC\DiscUpdMgr .exe ----a-w 68,856 2008-02-17 02:55:24 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ----a-w 49,152 2008-06-18 00:56:27 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exe ----a-w 49,152 2008-06-18 00:56:37 C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe ----a-w 90,112 2008-06-18 00:56:33 C:\Program Files\HP DigitalMedia Archive\DMAScheduler .exe ----a-w 267,048 2008-06-18 00:57:05 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 1,694,208 2008-01-27 06:02:31 C:\Program Files\Messenger\msmsgs .exe ----a-w 1,277,952 2008-06-18 00:56:54 C:\Program Files\Support.com\BellSouth\hcenter .exe ----a-w 3,461,120 2008-06-17 22:17:31 C:\Program Files\Veoh Networks\Veoh\VeohClient .exe ----a-w 64,512 2008-06-17 22:06:05 C:\WINDOWS\ehome\ehtray .exe ----a-w 237,568 2008-06-18 00:56:35 C:\WINDOWS\SMINST\RECGUARD .EXE ----a-w 15,360 2008-01-24 20:49:10 C:\WINDOWS\system32\ctfmon .exe ----a-w 419,328 2008-06-18 22:22:17 C:\WINDOWS\system32\service .exe ----a-w 419,328 2008-06-18 06:08:42 C:\WINDOWS\system32\service .exe ----a-w 419,328 2008-01-24 21:26:47 C:\WINDOWS\system32\service .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B93B362-B100-4DAF-B5BF-EDE30DB5BCF3}] C:\WINDOWS\system32\awvvt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7260504-9D09-4E36-BD74-8ED3FFF888E2}] C:\DOCUME~1\Guest\LOCALS~1\Temp\jkkll.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2008-06-20 00:12 145984 --------- C:\WINDOWS\system32\mpxzkrai.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1184104-f2c4-46de-b62c-8ffc7610a25d}] C:\WINDOWS\system32\uvmkdkob.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= "C:\WINDOWS\system32\mpxzkrai.dll" [2008-06-20 00:12 145984] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ] "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 07:54 16010240 C:\WINDOWS\RTHDCPL.EXE] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 22:15 7311360] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [ ] "DISCover"="C:\Program Files\DISC\DISCover.exe" [ ] "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [ ] "PCDrProfiler"="" [] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ] "BellSouthAlertManager.exe"="C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [ ] "tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-10 14:08:24 147456] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 21:40:44 282624] Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-05-25 18:02:07 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvt] C:\WINDOWS\system32\awvvt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjihgh] ljjihgh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mpxzkrai] mpxzkrai.dll 2008-06-20 00:12 145984 C:\WINDOWS\system32\mpxzkrai.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\WINDOWS\system32\akxlabtg.exe"= C:\WINDOWS\system32\akx "C:\\Program Files\\HP Rhapsody\\rhapsody.exe"= "C:\WINDOWS\system32\qofiplxv.exe"= C:\WINDOWS\system32\qof "C:\WINDOWS\system32\kmhmlbln.exe"= C:\WINDOWS\system32\kmh "C:\WINDOWS\system32\sttodput.exe"= C:\WINDOWS\system32\stt "C:\WINDOWS\system32\gswsqpoo.exe"= C:\WINDOWS\system32\gsw "C:\WINDOWS\system32\csiaeejv.exe"= C:\WINDOWS\system32\csi "C:\WINDOWS\system32\tyhfepva.exe"= C:\WINDOWS\system32\tyh "C:\WINDOWS\system32\wabbsdej.exe"= C:\WINDOWS\system32\wab "C:\WINDOWS\system32\ycyrwjkn.exe"= C:\WINDOWS\system32\ycy "C:\WINDOWS\system32\icwlklvp.exe"= C:\WINDOWS\system32\icw "C:\WINDOWS\system32\osbhadml.exe"= C:\WINDOWS\system32\osb "C:\WINDOWS\system32\htvjxdqh.exe"= C:\WINDOWS\system32\htv "C:\WINDOWS\system32\pyiwsoma.exe"= C:\WINDOWS\system32\pyi "C:\WINDOWS\system32\ixymdljx.exe"= C:\WINDOWS\system32\ixy "C:\WINDOWS\system32\wvacbikw.exe"= C:\WINDOWS\system32\wva "C:\WINDOWS\system32\ljfgdscq.exe"= C:\WINDOWS\system32\ljf "C:\WINDOWS\system32\qaeuspms.exe"= C:\WINDOWS\system32\qae "C:\WINDOWS\system32\ubgowaby.exe"= C:\WINDOWS\system32\ubg "C:\WINDOWS\system32\mqpsdceu.exe"= C:\WINDOWS\system32\mqp "C:\WINDOWS\system32\wdueiqky.exe"= C:\WINDOWS\system32\wdu "C:\WINDOWS\system32\cdjtrhmd.exe"= C:\WINDOWS\system32\cdj "C:\WINDOWS\system32\cfpmikhh.exe"= C:\WINDOWS\system32\cfp "C:\WINDOWS\system32\aysmskui.exe"= C:\WINDOWS\system32\ays "C:\WINDOWS\system32\hrwffhmc.exe"= C:\WINDOWS\system32\hrw "C:\WINDOWS\system32\pxaensqp.exe"= C:\WINDOWS\system32\pxa "C:\WINDOWS\system32\ycjdydad.exe"= C:\WINDOWS\system32\ycj "C:\WINDOWS\system32\kayibnpr.exe"= C:\WINDOWS\system32\kay "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\WINDOWS\system32\vffmagei.exe"= C:\WINDOWS\system32\vff "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\WINDOWS\system32\smfnwrol.exe"= C:\WINDOWS\system32\smf "C:\WINDOWS\system32\sruardit.exe"= C:\WINDOWS\system32\sru "C:\WINDOWS\system32\wgtbvmcq.exe"= C:\WINDOWS\system32\wgt "C:\WINDOWS\system32\cudkcaws.exe"= C:\WINDOWS\system32\cud "C:\WINDOWS\system32\ydhcxmcy.exe"= C:\WINDOWS\system32\ydh "C:\WINDOWS\system32\xourrsgl.exe"= C:\WINDOWS\system32\xou R0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\system32\Drivers\OCDE.sys [2004-08-09 22:34] R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05] S3 GetDataMip;GetDataMip;C:\Program Files\GetData\Mount Image Pro v2\mip32.sys [2007-10-30 15:21] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder "2008-03-10 18:54:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-20 00:46:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\mpxzkrai.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\arservice.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************ . Completion time: 2008-06-20 0:50:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-20 04:50:25 Pre-Run: 192,397,377,536 bytes free Post-Run: 199,073,562,624 bytes free 1215 --- E O F --- 2007-12-22 08:01:40 there's the rest

df8665 View Member Profile	Jun 20 2008, 01:17 AM Post #6
New Member Posts: 6 OS: windows xp	here's my hijack this log...the security toolbar is still showing up though Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:13:21 AM, on 6/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\analyse.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL O2 - BHO: (no name) - {6B93B362-B100-4DAF-B5BF-EDE30DB5BCF3} - C:\WINDOWS\system32\awvvt.dll (file missing) O2 - BHO: (no name) - {A7260504-9D09-4E36-BD74-8ED3FFF888E2} - C:\DOCUME~1\Guest\LOCALS~1\Temp\jkkll.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mpxzkrai.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: {d52a0167-cff8-c26b-ed64-4c2f4014811c} - {c1184104-f2c4-46de-b62c-8ffc7610a25d} - C:\WINDOWS\system32\uvmkdkob.dll (file missing) O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mpxzkrai.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm035YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.8/ttinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{9EAB07CD-279A-4C52-B5E8-3FBA25EC8D36}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{A6343AA9-5CD0-4715-9210-0AF642D57EAD}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{D4EC93FC-8E14-45EE-A72B-EFC40D0ECD9D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D10538-B052-4819-A0D1-5E08B0F3272D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{FB684270-F371-4E9D-9226-97152B418883}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD908A54-F663-45A8-8B73-E007C80A4583}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67 O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing) O20 - Winlogon Notify: ljjihgh - ljjihgh.dll (file missing) O20 - Winlogon Notify: mpxzkrai - C:\WINDOWS\SYSTEM32\mpxzkrai.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9998 bytes

andrewuk View Member Profile	Jun 20 2008, 12:19 PM Post #7
Trusted Helper Posts: 4,319 From: London, UK OS: XP	QUOTE ...the security toolbar is still showing up though i suspect it will do until towards the end of this fix, i can see plenty other infections that we have to deal with first firstly a couple of questions: 1. do you recognise this address, is it your ISP or company? UkrTeleGroup Ltd., UkrTeleGroup Ltd., Mechnikova 58/5, 65029 Odessa, Ukraine 2. do you have an antivirus program on your machine? i cant see one? if you dont, just let me know and we will install one once we have cleared some key infections. which we will do now........ 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: CODE File:: C:\WINDOWS\system32\awvvt.dll C:\WINDOWS\system32\mpxzkrai.dll C:\WINDOWS\system32\uvmkdkob.dll C:\WINDOWS\system32\mpxzkrai.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B93B362-B100-4DAF-B5BF-EDE30DB5BCF3}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7260504-9D09-4E36-BD74-8ED3FFF888E2}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1184104-f2c4-46de-b62c-8ffc7610a25d}] [-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvt] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjihgh] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mpxzkrai] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=- RenV:: C:\Program Files\America Online 9.0\AOL .EXE C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager .exe C:\Program Files\BellSouth\HelpCenter\ssGet .exe C:\Program Files\BellSouthWCC\McciTrayApp .exe C:\Program Files\Common Files\AOL\1164764026\EE\aolsoftware .exe C:\Program Files\Common Files\AOL\ACS\AOLDial .exe C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe C:\Program Files\Common Files\Real\Update_OB\realsched .exe C:\Program Files\DISC\DISCover .exe C:\Program Files\DISC\DiscUpdMgr .exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exe C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe C:\Program Files\HP DigitalMedia Archive\DMAScheduler .exe C:\Program Files\iTunes\iTunesHelper .exe C:\Program Files\Messenger\msmsgs .exe C:\Program Files\Support.com\BellSouth\hcenter .exe C:\Program Files\Veoh Networks\Veoh\VeohClient .exe C:\WINDOWS\ehome\ehtray .exe C:\WINDOWS\SMINST\RECGUARD .EXE C:\WINDOWS\system32\ctfmon .exe C:\WINDOWS\system32\service .exe C:\WINDOWS\system32\service .exe C:\WINDOWS\system32\service .exe 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log. could you also let me know the answer to the above questions. andrewuk

df8665 View Member Profile	Jun 20 2008, 03:12 PM Post #8
New Member Posts: 6 OS: windows xp	1.no i dont recognize that company at all im sure its not my isp 2.i dont think i have any antivirus programs here's the combo fix log.. ComboFix 08-06-19.1 - HP_Administrator 2008-06-20 16:49:29.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1577 [GMT -4:00] Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\system32\awvvt.dll C:\WINDOWS\system32\mpxzkrai.dll C:\WINDOWS\system32\uvmkdkob.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mpxzkrai.dll C:\WINDOWS\system32\mpxzkrai.dllbox C:\WINDOWS\system32\service.exe . ((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))) . 2008-06-20 02:34 . 2008-06-20 02:53 <DIR> d-------- C:\Hjt 2008-06-19 12:28 . 2008-06-19 12:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-19 02:17 . 2008-06-20 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-18 02:09 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys 2008-06-18 02:08 . 2008-06-18 02:09 <DIR> d-------- C:\Program Files\Syncrosoft 2008-06-18 02:08 . 2005-02-01 04:34 700,416 --a------ C:\WINDOWS\system32\SYNSOACC.dll 2008-06-18 02:08 . 2004-05-11 00:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll 2008-06-18 02:08 . 2003-08-01 05:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm 2008-06-18 02:08 . 2003-05-27 00:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm 2008-06-18 02:08 . 2003-05-27 00:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm 2008-06-18 02:08 . 2002-11-25 17:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe 2008-06-18 02:08 . 2001-04-09 14:03 17,784 --a------ C:\WINDOWS\system32\drivers\NSynas32.sys 2008-06-18 02:08 . 2002-11-25 14:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-20 20:49 --------- d-----w C:\Program Files\iTunes 2008-06-20 20:49 --------- d-----w C:\Program Files\HP DigitalMedia Archive 2008-06-20 20:49 --------- d-----w C:\Program Files\DISC 2008-06-20 20:49 --------- d-----w C:\Program Files\BellSouthWCC 2008-06-20 20:49 --------- d-----w C:\Program Files\America Online 9.0 2008-06-20 15:28 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire 2008-06-19 09:14 --------- d-----w C:\Program Files\QuickTime 2008-06-19 09:13 --------- d-----w C:\Program Files\music_now 2008-06-18 06:10 --------- d-----w C:\Program Files\VstPlugins 2008-06-17 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-09 19:56 167 ----a-w C:\Documents and Settings\HP_Administrator\6297.bat 2007-07-09 19:53 167 ----a-w C:\Documents and Settings\HP_Administrator\6455.bat 2007-07-09 14:24 167 ----a-w C:\Documents and Settings\HP_Administrator\4331.bat 2007-07-08 00:42 167 ----a-w C:\Documents and Settings\HP_Administrator\5767.bat 2007-07-08 00:32 167 ----a-w C:\Documents and Settings\HP_Administrator\8172.bat 2007-07-07 21:25 167 ----a-w C:\Documents and Settings\HP_Administrator\2742.bat 2007-07-06 00:33 167 ----a-w C:\Documents and Settings\HP_Administrator\4312.bat 2007-06-18 00:46 167 ----a-w C:\Documents and Settings\HP_Administrator\5382.bat 2007-06-17 19:06 167 ----a-w C:\Documents and Settings\HP_Administrator\9774.bat 2007-06-17 18:29 167 ----a-w C:\Documents and Settings\HP_Administrator\3440.bat 2007-06-17 18:02 167 ----a-w C:\Documents and Settings\HP_Administrator\1000.bat 2007-06-16 14:52 167 ----a-w C:\Documents and Settings\HP_Administrator\9223.bat 2007-06-16 04:02 167 ----a-w C:\Documents and Settings\HP_Administrator\5619.bat 2007-06-15 16:08 167 ----a-w C:\Documents and Settings\HP_Administrator\7207.bat 2007-06-15 06:48 167 ----a-w C:\Documents and Settings\HP_Administrator\9112.bat 2007-06-15 05:58 167 ----a-w C:\Documents and Settings\HP_Administrator\9963.bat 2007-06-15 04:19 167 ----a-w C:\Documents and Settings\HP_Administrator\9566.bat 2007-06-15 01:41 167 ----a-w C:\Documents and Settings\HP_Administrator\6408.bat 2007-06-14 18:51 167 ----a-w C:\Documents and Settings\HP_Administrator\2314.bat 2007-06-13 17:43 167 ----a-w C:\Documents and Settings\HP_Administrator\3116.bat 2007-06-11 20:04 167 ----a-w C:\Documents and Settings\HP_Administrator\5853.bat 2007-06-11 19:12 167 ----a-w C:\Documents and Settings\HP_Administrator\2670.bat 2007-06-10 19:58 167 ----a-w C:\Documents and Settings\HP_Administrator\9174.bat 2007-06-10 07:44 167 ----a-w C:\Documents and Settings\HP_Administrator\3197.bat 2007-06-10 03:59 167 ----a-w C:\Documents and Settings\HP_Administrator\8785.bat 2007-02-26 17:53 67,048 ----a-w C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((( snapshot@2008-06-20_ 0.50.08.14 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-20 04:45:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-20 20:53:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2005-08-06 03:56:34 64,512 ----a-w C:\WINDOWS\ehome\ehtray.exe + 2008-06-17 22:06:05 64,512 ----a-w C:\WINDOWS\ehome\ehtray.exe + 2008-06-18 00:56:35 237,568 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE - 2004-08-10 04:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe + 2008-01-24 20:49:10 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe - 2004-08-10 04:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe + 2008-01-24 20:49:10 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe - 2005-08-06 03:56:34 64,512 ----a-w C:\WINDOWS\system32\dllcache\ehtray.exe + 2008-06-17 22:06:05 64,512 ----a-w C:\WINDOWS\system32\dllcache\ehtray.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-24 16:49 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 22:55 68856] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ] "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2008-06-18 21:09 50776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2008-06-17 18:06 64512] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 07:54 16010240 C:\WINDOWS\RTHDCPL.EXE] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 22:15 7311360] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-06-17 20:56 49152] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2008-06-17 20:56 1077248] "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2008-06-17 20:56 90112] "PCDrProfiler"="" [] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-18 21:00 180269] "BellSouthAlertManager.exe"="C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2008-06-17 20:56 1896448] "tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [2008-06-17 20:56 1277952] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-17 20:57 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-10 14:08:24 147456] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 21:40:44 282624] Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-05-25 18:02:07 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\WINDOWS\system32\akxlabtg.exe"= C:\WINDOWS\system32\akx "C:\\Program Files\\HP Rhapsody\\rhapsody.exe"= "C:\WINDOWS\system32\qofiplxv.exe"= C:\WINDOWS\system32\qof "C:\WINDOWS\system32\kmhmlbln.exe"= C:\WINDOWS\system32\kmh "C:\WINDOWS\system32\sttodput.exe"= C:\WINDOWS\system32\stt "C:\WINDOWS\system32\gswsqpoo.exe"= C:\WINDOWS\system32\gsw "C:\WINDOWS\system32\csiaeejv.exe"= C:\WINDOWS\system32\csi "C:\WINDOWS\system32\tyhfepva.exe"= C:\WINDOWS\system32\tyh "C:\WINDOWS\system32\wabbsdej.exe"= C:\WINDOWS\system32\wab "C:\WINDOWS\system32\ycyrwjkn.exe"= C:\WINDOWS\system32\ycy "C:\WINDOWS\system32\icwlklvp.exe"= C:\WINDOWS\system32\icw "C:\WINDOWS\system32\osbhadml.exe"= C:\WINDOWS\system32\osb "C:\WINDOWS\system32\htvjxdqh.exe"= C:\WINDOWS\system32\htv "C:\WINDOWS\system32\pyiwsoma.exe"= C:\WINDOWS\system32\pyi "C:\WINDOWS\system32\ixymdljx.exe"= C:\WINDOWS\system32\ixy "C:\WINDOWS\system32\wvacbikw.exe"= C:\WINDOWS\system32\wva "C:\WINDOWS\system32\ljfgdscq.exe"= C:\WINDOWS\system32\ljf "C:\WINDOWS\system32\qaeuspms.exe"= C:\WINDOWS\system32\qae "C:\WINDOWS\system32\ubgowaby.exe"= C:\WINDOWS\system32\ubg "C:\WINDOWS\system32\mqpsdceu.exe"= C:\WINDOWS\system32\mqp "C:\WINDOWS\system32\wdueiqky.exe"= C:\WINDOWS\system32\wdu "C:\WINDOWS\system32\cdjtrhmd.exe"= C:\WINDOWS\system32\cdj "C:\WINDOWS\system32\cfpmikhh.exe"= C:\WINDOWS\system32\cfp "C:\WINDOWS\system32\aysmskui.exe"= C:\WINDOWS\system32\ays "C:\WINDOWS\system32\hrwffhmc.exe"= C:\WINDOWS\system32\hrw "C:\WINDOWS\system32\pxaensqp.exe"= C:\WINDOWS\system32\pxa "C:\WINDOWS\system32\ycjdydad.exe"= C:\WINDOWS\system32\ycj "C:\WINDOWS\system32\kayibnpr.exe"= C:\WINDOWS\system32\kay "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\WINDOWS\system32\vffmagei.exe"= C:\WINDOWS\system32\vff "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\WINDOWS\system32\smfnwrol.exe"= C:\WINDOWS\system32\smf "C:\WINDOWS\system32\sruardit.exe"= C:\WINDOWS\system32\sru "C:\WINDOWS\system32\wgtbvmcq.exe"= C:\WINDOWS\system32\wgt "C:\WINDOWS\system32\cudkcaws.exe"= C:\WINDOWS\system32\cud "C:\WINDOWS\system32\ydhcxmcy.exe"= C:\WINDOWS\system32\ydh "C:\WINDOWS\system32\xourrsgl.exe"= C:\WINDOWS\system32\xou R0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\system32\Drivers\OCDE.sys [2004-08-09 22:34] R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05] S3 GetDataMip;GetDataMip;C:\Program Files\GetData\Mount Image Pro v2\mip32.sys [2007-10-30 15:21] . Contents of the 'Scheduled Tasks' folder "2008-03-10 18:54:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-20 16:54:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\DISC\DiscUpdMgr.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Support.com\bin\jobcheck.exe C:\Program Files\Support.com\bin\jobcheck.exe C:\Program Files\Support.com\bin\jobcheck.exe C:\Program Files\Support.com\bin\tgshell.exe C:\Program Files\Support.com\bin\tgshell.exe C:\Program Files\Support.com\bin\tgshell.exe . ************************************************************************ . Completion time: 2008-06-20 17:01:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-20 21:01:06 ComboFix2.txt 2008-06-20 06:49:34 ComboFix3.txt 2008-06-20 06:17:52 ComboFix4.txt 2008-06-20 05:53:30 ComboFix5.txt 2008-06-20 05:40:33 Pre-Run: 200,426,868,736 bytes free Post-Run: 200,408,666,112 bytes free 244 --- E O F --- 2008-06-20 20:38:22

df8665 View Member Profile	Jun 20 2008, 03:20 PM Post #9
New Member Posts: 6 OS: windows xp	here's my hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:14:58 PM, on 6/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\DISC\DiscUpdMgr.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\America Online 9.0\shellmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\analyse.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm035YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.8/ttinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{9EAB07CD-279A-4C52-B5E8-3FBA25EC8D36}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{A6343AA9-5CD0-4715-9210-0AF642D57EAD}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{D4EC93FC-8E14-45EE-A72B-EFC40D0ECD9D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D10538-B052-4819-A0D1-5E08B0F3272D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{FB684270-F371-4E9D-9226-97152B418883}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD908A54-F663-45A8-8B73-E007C80A4583}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67 O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 10057 bytes

andrewuk View Member Profile	Jun 20 2008, 04:44 PM Post #10
Trusted Helper Posts: 4,319 From: London, UK OS: XP	in this post we will remove the remaining infections i can see and install, update and run an antivirus program and then see where we stand. i suspect we will need to do a couple more posts to wrap it up after this. ====STEP 1==== Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file) O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm035YYUS O15 - Trusted Zone: http://.trymedia.com (HKLM) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{9EAB07CD-279A-4C52-B5E8-3FBA25EC8D36}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{A6343AA9-5CD0-4715-9210-0AF642D57EAD}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{D4EC93FC-8E14-45EE-A72B-EFC40D0ECD9D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D10538-B052-4819-A0D1-5E08B0F3272D}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{FB684270-F371-4E9D-9226-97152B418883}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD908A54-F663-45A8-8B73-E007C80A4583}: NameServer = 85.255.116.18,85.255.112.67 O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67 Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. ====STEP 2====* Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ====STEP 3==== Now to download an antivirus. This program is basic for the security of your computer and in todays age not having one will probably lead to disaster for your computer. Please go http://www.avast.com/eng/down_home.html and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast! Click Next on the avast! Setup window and on the next window with the ReadMe File. Now you will see the Legal Agreement, just click I agree, and then click Next to continue. You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No Now you have to restart your machine, select Restart and then click Finish. After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen. VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program. You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart. After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok. After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial http://www.schmahl.net/?Page=cr/avastbootscan.htm it may make it easier to you to follow the steps. Next, choose Scan all local disks scan archive files click on Schedule On the next dialog Operating system restart needed select Yes Now avast! will restart your computer and start to scan before Windows fully loads. IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files. On completion of the boot scan there will be a report at this location C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt Please post that in your next reply. ====STEP 4==== Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. In your next reply could i see: 1. the AswBoot.txt log 2. the 2 DSS logs (though there may only be one) The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk

andrewuk View Member Profile	Jun 24 2008, 03:59 PM Post #11
Trusted Helper Posts: 4,319 From: London, UK OS: XP	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Hijack This Log - Smart Security Infection - Help! [CLOSED]	2 / 580	21st June 2005 - 08:34 PM TriciaS started - last by greyknight17
Virus, Spyware and Trojan Removal Security Toolbar 7.1 Help! [RESOLVED] 12	15 / 1,612	5th December 2007 - 07:31 PM guthix12 started - last by greyknight17
Virus, Spyware and Trojan Removal "You have a security problem!" help! [Closed]	2 / 759	25th December 2008 - 10:08 AM The Mike. started - last by greyknight17
Virus, Spyware and Trojan Removal Windows Security Center Turned Off! HELP! [Closed]	2 / 1,047	30th December 2008 - 02:18 PM chae started - last by Rorschach112